wolfcrypt: add additional enforcement of correct digest sizes in signature gen and verify ops:

* add WC_FIPS_186_4, WC_FIPS_186_4_PLUS, WC_FIPS_186_5, and WC_FIPS_186_5_PLUS feature macros.
* add support for WC_HASH_CUSTOM_MIN_DIGEST_SIZE, WC_HASH_CUSTOM_MAX_DIGEST_SIZE, and
  WC_HASH_CUSTOM_MAX_BLOCK_SIZE, for use with custom digest algorithms.
* add SigOidMatchesKeyOid() helper function and WC_MIN_DIGEST_SIZE macro.
* add additional size and OID agreement checks for sig gen and verify ops.
* update ecc_test_vector() with FIPS 186-5 vectors.

Co-authored-by: Tobias Frauenschläger <tobias@wolfssl.com>
This commit is contained in:
Daniel Pouzzner
2026-04-06 00:53:57 -05:00
parent 0c9b6397be
commit abce5be989
29 changed files with 608 additions and 119 deletions
+3 -3
View File
@@ -639,6 +639,9 @@ WC_DILITHIUM_FIXED_ARRAY
WC_DISABLE_RADIX_ZERO_PAD
WC_FLAG_DONT_USE_AESNI
WC_FORCE_LINUXKM_FORTIFY_SOURCE
WC_HASH_CUSTOM_MAX_BLOCK_SIZE
WC_HASH_CUSTOM_MAX_DIGEST_SIZE
WC_HASH_CUSTOM_MIN_DIGEST_SIZE
WC_NO_ASYNC_SLEEP
WC_NO_RNG_SIMPLE
WC_NO_STATIC_ASSERT
@@ -651,9 +654,6 @@ WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
WC_RWLOCK_OPS_INLINE
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
WC_SKIP_INCLUDED_C_FILES
WC_SSIZE_TYPE
WC_STRICT_SIG
+20 -2
View File
@@ -29,6 +29,7 @@
#endif
#include <linux/version.h>
#include <linux/kconfig.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 0)
#error Unsupported kernel.
@@ -39,6 +40,25 @@
#error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
#endif
/* The first vector set in /usr/src/linux/crypto/testmgr.h
* ecdsa_nist_p192_tv_template[], ecdsa_nist_p256_tv_template[], and
* ecdsa_nist_p384_tv_template[] use SHA-1 (even if CONFIG_CRYPTO_SHA1 is
* disabled), and kernel module signatures frequently use SHA-1 until quite
* recently (dependent on CONFIG_CRYPTO_SHA1). If either is enabled, force
* downgrade to 186-4.
*/
#if defined(WC_FIPS_186_5_PLUS) && \
(defined(CONFIG_CRYPTO_SHA1) || (defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS))) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) || defined(CONFIG_CRYPTO_ECDSA))
#undef WC_FIPS_186_5_PLUS
#ifdef WC_FIPS_186_5
#undef WC_FIPS_186_5
#else
#error Unknown and incompatible FIPS 186 is enabled.
#endif
#define WC_FIPS_186_4
#endif
#ifdef HAVE_CONFIG_H
#ifndef PACKAGE_NAME
#error wc_port.h included before config.h
@@ -285,8 +305,6 @@
_Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\""); /* needed for kernel 4.9.282 */
_Pragma("GCC diagnostic ignored \"-Wattributes\"");
#include <linux/kconfig.h>
#ifdef CONFIG_KASAN
#ifndef WC_SANITIZE_DISABLE
#define WC_SANITIZE_DISABLE() kasan_disable_current()
+7
View File
@@ -157,6 +157,7 @@
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/dh.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@@ -5720,6 +5721,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
}
#endif
/* Check hash length */
if ((outSz > WC_MAX_DIGEST_SIZE) ||
(outSz < WC_MIN_DIGEST_SIZE)) {
return BAD_LENGTH_E;
}
(void)ssl;
(void)keyBufInfo;
+16
View File
@@ -5264,6 +5264,14 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
ret = WOLFSSL_FATAL_ERROR;
}
/* Check hash length */
if ((ret == 1) &&
((dLen > WC_MAX_DIGEST_SIZE) ||
(dLen < WC_MIN_DIGEST_SIZE))) {
WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad digest size");
ret = WOLFSSL_FATAL_ERROR;
}
/* Ensure internal EC key is set from external. */
if ((ret == 1) && (key->inSet == 0)) {
WOLFSSL_MSG("No EC key internal set, do it");
@@ -5388,6 +5396,14 @@ int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz,
ret = 0;
}
/* Check hash length */
if ((ret == 1) &&
((digestSz > WC_MAX_DIGEST_SIZE) ||
(digestSz < WC_MIN_DIGEST_SIZE))) {
WOLFSSL_MSG("wolfSSL_ECDSA_verify Bad digest size");
ret = 0;
}
/* Verify signature using digest and key. */
if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest,
(word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) {
+2 -2
View File
@@ -12284,9 +12284,9 @@ static int test_wc_CheckCertSigPubKey(void)
ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Wrong aglo. */
/* Wrong algo. */
ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_SIG_OID_E));
wc_FreeDecodedCert(&decoded);
if (cert_der != NULL)
+25 -3
View File
@@ -37,10 +37,32 @@
#define HEAP_HINT NULL
#endif
#include <wolfssl/wolfcrypt/hash.h>
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
#if defined(WC_FIPS_186_5_PLUS)
#define TEST_STRING "WC_FIPS_186_5_PLUS test test"
#define TEST_STRING_SZ 28
#elif defined(WC_FIPS_186_4_PLUS) || defined(HAVE_SELFTEST)
#define TEST_STRING "WC_FIPS_186_4_PLUS test.."
#define TEST_STRING_SZ 25
#elif WC_MIN_DIGEST_SIZE <= 25
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
#elif WC_MIN_DIGEST_SIZE <= 28
#define TEST_STRING "Everyone works the weekends."
#define TEST_STRING_SZ 28
#elif WC_MIN_DIGEST_SIZE <= 32
#define TEST_STRING "Everyone works through the night"
#define TEST_STRING_SZ 32
#elif WC_MIN_DIGEST_SIZE <= 48
#define TEST_STRING "Everyone gets to summer in Tuscany with Chianti."
#define TEST_STRING_SZ 48
#elif WC_MIN_DIGEST_SIZE <= 64
#define TEST_STRING "Everyone works from Christmas Eve, clear through New Year's Day."
#define TEST_STRING_SZ 64
#else
#error WC_MIN_DIGEST_SIZE value not supported by unit test.
#endif
#ifndef ONEK_BUF
#define ONEK_BUF 1024
+3 -2
View File
@@ -61,7 +61,7 @@ int test_wc_InitDsaKey(void)
int test_wc_DsaSignVerify(void)
{
EXPECT_DECLS;
#if !defined(NO_DSA)
#if !defined(NO_DSA) && !defined(WC_FIPS_186_5_PLUS)
DsaKey key;
WC_RNG rng;
wc_Sha sha;
@@ -130,7 +130,8 @@ int test_wc_DsaSignVerify(void)
DoExpectIntEQ(wc_FreeRng(&rng),0);
wc_FreeDsaKey(&key);
wc_ShaFree(&sha);
#endif
#endif /* !NO_DSA && !WC_FIPS_186_5_PLUS */
return EXPECT_RESULT();
} /* END test_wc_DsaSign */
+5 -3
View File
@@ -742,7 +742,7 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_ALL) && !defined (NO_DSA) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_KEY_GEN)
!defined(WC_FIPS_186_5_PLUS) && defined(WOLFSSL_KEY_GEN)
DSA *dsa = NULL;
DSA *setDsa = NULL;
EVP_PKEY *pkey = NULL;
@@ -829,7 +829,8 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
DSA_free(setDsa);
EVP_PKEY_free(pkey);
EVP_PKEY_free(set1Pkey);
#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && !WC_FIPS_186_5_PLUS */
/* && WOLFSSL_KEY_GEN */
return EXPECT_RESULT();
} /* END test_EVP_PKEY_set1_get1_DSA */
@@ -1606,7 +1607,8 @@ int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA)
#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
#if !defined (NO_DSA) && !defined(WC_FIPS_186_5_PLUS) && \
!defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS);
#endif
#endif
+4 -3
View File
@@ -41,7 +41,8 @@
int test_DSA_do_sign_verify(void)
{
EXPECT_DECLS;
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && \
!defined(WC_FIPS_186_5_PLUS)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA)
unsigned char digest[WC_SHA_DIGEST_SIZE];
@@ -88,7 +89,7 @@ int test_DSA_do_sign_verify(void)
DSA_SIG_free(sig);
DSA_free(dsa);
#endif
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WC_FIPS_186_5_PLUS */
return EXPECT_RESULT();
}
@@ -110,7 +111,7 @@ int test_wolfSSL_DSA_SIG(void)
{
EXPECT_DECLS;
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FIPS) && defined(OPENSSL_ALL)
!defined(HAVE_FIPS) && !defined(WC_FIPS_186_5_PLUS) && defined(OPENSSL_ALL)
DSA *dsa = NULL;
DSA *dsa2 = NULL;
DSA_SIG *sig = NULL;
+4 -4
View File
@@ -727,7 +727,7 @@ int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = encryptOid;
#ifdef NO_SHA
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
@@ -1685,7 +1685,7 @@ int CreatePKCS7SignedData(unsigned char* output, int outputSz,
else {
pkcs7->encryptOID = ECDSAk;
}
#ifdef NO_SHA
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
pkcs7->hashOID = SHA256h;
#else
pkcs7->hashOID = SHAh;
@@ -1739,7 +1739,7 @@ int test_wc_PKCS7_VerifySignedData_RSA(void)
word32 badOutSz = 0;
byte badContent[] = "This is different content than was signed";
wc_HashAlg hash;
#ifdef NO_SHA
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
@@ -2120,7 +2120,7 @@ int test_wc_PKCS7_VerifySignedData_ECC(void)
word32 z;
int ret;
#endif /* !NO_PKCS7_STREAM */
#ifdef NO_SHA
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
#else
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+117
View File
@@ -16109,6 +16109,118 @@ static int DecodeDsaAsn1Sig(const byte* sig, word32 sigSz, byte* sigCpy,
}
#endif
/* The certificate's signatureAlgorithm (sigOID) must match the issuer's
* key type (keyOID). sigOID picks the pre-hash; keyOID picks the
* verifier. They need to agree or the verifier gets the wrong input. */
static int SigOidMatchesKeyOid(word32 sigOID, word32 keyOID)
{
switch (keyOID) {
#ifndef NO_RSA
case RSAk:
switch (sigOID) {
case CTC_MD2wRSA:
case CTC_MD5wRSA:
case CTC_SHAwRSA:
case CTC_SHA224wRSA:
case CTC_SHA256wRSA:
case CTC_SHA384wRSA:
case CTC_SHA512wRSA:
case CTC_SHA3_224wRSA:
case CTC_SHA3_256wRSA:
case CTC_SHA3_384wRSA:
case CTC_SHA3_512wRSA:
case CTC_RSASSAPSS:
return 1;
}
return 0;
#ifdef WC_RSA_PSS
case RSAPSSk:
return (sigOID == CTC_RSASSAPSS);
#endif
#endif
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
case DSAk:
switch (sigOID) {
case CTC_SHAwDSA:
case CTC_SHA256wDSA:
return 1;
}
return 0;
#endif
#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
case ECDSAk:
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
case SM2k:
#endif
switch (sigOID) {
case CTC_SHAwECDSA:
case CTC_SHA224wECDSA:
case CTC_SHA256wECDSA:
case CTC_SHA384wECDSA:
case CTC_SHA512wECDSA:
case CTC_SHA3_224wECDSA:
case CTC_SHA3_256wECDSA:
case CTC_SHA3_384wECDSA:
case CTC_SHA3_512wECDSA:
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
case CTC_SM3wSM2:
#endif
return 1;
}
return 0;
#endif
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
case ED25519k:
return (sigOID == CTC_ED25519);
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
case ED448k:
return (sigOID == CTC_ED448);
#endif
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
return (sigOID == CTC_FALCON_LEVEL1);
case FALCON_LEVEL5k:
return (sigOID == CTC_FALCON_LEVEL5);
#endif
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
return (sigOID == CTC_DILITHIUM_LEVEL2);
case DILITHIUM_LEVEL3k:
return (sigOID == CTC_DILITHIUM_LEVEL3);
case DILITHIUM_LEVEL5k:
return (sigOID == CTC_DILITHIUM_LEVEL5);
#endif
case ML_DSA_LEVEL2k:
return (sigOID == CTC_ML_DSA_LEVEL2);
case ML_DSA_LEVEL3k:
return (sigOID == CTC_ML_DSA_LEVEL3);
case ML_DSA_LEVEL5k:
return (sigOID == CTC_ML_DSA_LEVEL5);
#endif
#if defined(HAVE_SPHINCS)
case SPHINCS_FAST_LEVEL1k:
return (sigOID == CTC_SPHINCS_FAST_LEVEL1);
case SPHINCS_FAST_LEVEL3k:
return (sigOID == CTC_SPHINCS_FAST_LEVEL3);
case SPHINCS_FAST_LEVEL5k:
return (sigOID == CTC_SPHINCS_FAST_LEVEL5);
case SPHINCS_SMALL_LEVEL1k:
return (sigOID == CTC_SPHINCS_SMALL_LEVEL1);
case SPHINCS_SMALL_LEVEL3k:
return (sigOID == CTC_SPHINCS_SMALL_LEVEL3);
case SPHINCS_SMALL_LEVEL5k:
return (sigOID == CTC_SPHINCS_SMALL_LEVEL5);
#endif
}
/* Default to reject unknown key types */
(void)sigOID;
return 0;
}
/* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
int ConfirmSignature(SignatureCtx* sigCtx,
const byte* buf, word32 bufSz,
@@ -16177,6 +16289,11 @@ int ConfirmSignature(SignatureCtx* sigCtx,
case SIG_STATE_HASH:
{
if (!SigOidMatchesKeyOid(sigOID, keyOID)) {
WOLFSSL_MSG("sigOID incompatible with issuer keyOID");
ERROR_OUT(ASN_SIG_OID_E, exit_cs);
}
#if !defined(NO_RSA) && defined(WC_RSA_PSS)
if (sigOID == RSAPSSk) {
word32 fakeSigOID = 0;
+9 -2
View File
@@ -9273,8 +9273,9 @@ static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key,
byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
word32 oidMsgHashLen = 0;
if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) {
ret = BUFFER_E;
/* Check that the input hash length is valid. */
if ((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg)) {
ret = BAD_LENGTH_E;
}
if (ret == 0) {
@@ -9944,6 +9945,12 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
/* Check that the input hash length is valid. */
if ((ret == 0) &&
((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg)))
{
ret = BAD_LENGTH_E;
}
if (ret == 0) {
/* Step 6: Hash public key. */
+17
View File
@@ -27,6 +27,7 @@
#include <wolfssl/wolfcrypt/wolfmath.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/dsa.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@@ -689,6 +690,12 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
if (digest == NULL || out == NULL || key == NULL || rng == NULL)
return BAD_FUNC_ARG;
if ((digestSz > WC_MAX_DIGEST_SIZE) ||
(digestSz < WC_MIN_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
do {
@@ -1022,6 +1029,16 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig,
if (digest == NULL || sig == NULL || key == NULL || answer == NULL)
return BAD_FUNC_ARG;
/* Note the min allowed digestSz here is WC_SHA_DIGEST_SIZE, not
* WC_MIN_DIGEST_SIZE, to allow verify-only legacy DSA operations, as
* expressly allowed under FIPS 186-5, FIPS 140-3, and SP 800-131A.
*/
if ((digestSz > WC_MAX_DIGEST_SIZE) ||
(digestSz < WC_SHA_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
do {
#ifdef WOLFSSL_SMALL_STACK
w = (mp_int *)XMALLOC(sizeof *w, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+19 -6
View File
@@ -213,6 +213,7 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifdef WOLFSSL_HAVE_SP_ECC
#include <wolfssl/wolfcrypt/sp.h>
@@ -223,10 +224,6 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef HAVE_X963_KDF
#include <wolfssl/wolfcrypt/hash.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
@@ -6778,7 +6775,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
if (in == NULL || out == NULL || outlen == NULL || key == NULL) {
return ECC_BAD_ARG_E;
}
if (inlen > WC_MAX_DIGEST_SIZE) {
if ((inlen > WC_MAX_DIGEST_SIZE) ||
(inlen < WC_MIN_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
@@ -7299,6 +7298,11 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL) {
return ECC_BAD_ARG_E;
}
if ((inlen > WC_MAX_DIGEST_SIZE) ||
(inlen < WC_MIN_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
/* is this a private key? */
if (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY) {
@@ -8576,7 +8580,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
return ECC_BAD_ARG_E;
}
if (hashlen > WC_MAX_DIGEST_SIZE) {
/* Check hash length */
if ((hashlen > WC_MAX_DIGEST_SIZE) ||
(hashlen < WC_MIN_DIGEST_SIZE)) {
return BAD_LENGTH_E;
}
@@ -9284,6 +9291,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL)
return ECC_BAD_ARG_E;
/* Check hash length */
if ((hashlen > WC_MAX_DIGEST_SIZE) ||
(hashlen < WC_MIN_DIGEST_SIZE)) {
return BAD_LENGTH_E;
}
/* default to invalid signature */
*res = 0;
+12
View File
@@ -389,6 +389,12 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
return BAD_FUNC_ARG;
}
if ((type == Ed25519ph) &&
(inLen != WC_SHA512_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type,
@@ -897,6 +903,12 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
(context == NULL && contextLen != 0))
return BAD_FUNC_ARG;
if ((type == Ed25519ph) &&
(msgLen != WC_SHA512_DIGEST_SIZE))
{
return BAD_LENGTH_E;
}
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key,
+11
View File
@@ -371,6 +371,11 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (type == Ed448ph) && (inLen != ED448_PREHASH_SIZE))
{
ret = BAD_LENGTH_E;
}
/* check and set up out length */
if ((ret == 0) && (*outLen < ED448_SIG_SIZE)) {
*outLen = ED448_SIG_SIZE;
@@ -796,6 +801,12 @@ int wc_ed448_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
if (key == NULL)
return BAD_FUNC_ARG;
if ((type == Ed448ph) &&
(msgLen != ED448_PREHASH_SIZE))
{
return BAD_LENGTH_E;
}
#ifdef WOLFSSL_ED448_PERSISTENT_SHA
sha = &key->sha;
#else
+12
View File
@@ -476,6 +476,12 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
#endif
break;
case WC_HASH_TYPE_BLAKE2B:
#if defined(HAVE_BLAKE2B)
dig_size = BLAKE2B_OUTBYTES;
#else
dig_size = HASH_TYPE_E;
#endif
break;
case WC_HASH_TYPE_BLAKE2S:
#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
dig_size = BLAKE2S_OUTBYTES;
@@ -626,6 +632,12 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type)
#endif
break;
case WC_HASH_TYPE_BLAKE2B:
#if defined(HAVE_BLAKE2B)
block_size = BLAKE2B_BLOCKBYTES;
#else
block_size = HASH_TYPE_E;
#endif
break;
case WC_HASH_TYPE_BLAKE2S:
#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
block_size = BLAKE2S_BLOCKBYTES;
+6
View File
@@ -4565,6 +4565,12 @@ static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
if (pkcs7 == NULL || sig == NULL)
return BAD_FUNC_ARG;
/* Check hash length */
if ((hashSz > WC_MAX_DIGEST_SIZE) ||
(hashSz < WC_MIN_DIGEST_SIZE)) {
return BAD_LENGTH_E;
}
#ifdef WOLFSSL_SMALL_STACK
digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
+29
View File
@@ -163,6 +163,35 @@ int wc_SignatureVerifyHash(
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len");
return ret;
}
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* For WC_SIGNATURE_TYPE_RSA_W_ENC, we need to extract the actual size of
* the ASN.1-encoded hash.
*/
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
int hash_dec_len;
word32 idx = 0;
if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0)
return ASN_PARSE_E;
/* skip the AlgorithmIdentifier */
if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0)
return ASN_PARSE_E;
idx += (word32)hash_dec_len;
/* now sitting at the OCTET STRING containing the digest */
if (GetOctetString(hash_data, &idx, &hash_dec_len, hash_len) < 0)
return ASN_PARSE_E;
if (hash_dec_len != ret)
return BAD_LENGTH_E;
}
else
#endif
{
if (hash_len != (word32)ret) {
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash size");
return BAD_LENGTH_E;
}
}
ret = 0;
/* Verify signature using hash */
+137 -12
View File
@@ -27130,14 +27130,16 @@ done:
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
{
wc_test_ret_t ret = 0;
int answer;
word32 bytes;
word32 idx = 0;
WC_RNG rng;
int rng_inited = 0;
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
#ifndef WC_FIPS_186_5_PLUS
byte signature[40];
int answer;
#endif
int key_inited = 0;
#ifdef WOLFSSL_KEY_GEN
int derSz = 0;
@@ -27223,6 +27225,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_inited = 1;
#ifndef WC_FIPS_186_5_PLUS
ret = wc_DsaSign(hash, signature, key, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -27232,6 +27235,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (answer != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* !WC_FIPS_186_5_PLUS */
wc_FreeDsaKey(key);
key_inited = 0;
@@ -33216,8 +33220,30 @@ static wc_test_ret_t ecc_test_vector(int keySize)
break;
#endif /* HAVE_ECC192 */
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
(!defined(NO_SHA) || defined(WOLFSSL_SHA224) || \
(defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)))
case 28:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-224, SHA-224 */
/* Unhashed message: "Example of ECDSA with P-224" */
vec.msg = "\x1F\x1E\x1C\xF8\x92\x92\x6C\xFC\xCF\xC5\xA2\x8F\xEE\xF3\xD8"
"\x07\xD2\x3F\x77\x80\x08\xDB\xA4\xB3\x5F\x04\xB2\xFD";
vec.msgLen = 28;
vec.Qx = "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E";
vec.Qy = "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555";
vec.d = "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8";
vec.R = "C3A3F5B82712532004C6F6D1DB672F55D931C3409EA1216D0BE77380";
vec.S = "C5AA1EAE6095DEA34C9BD84DA3852CCA41A8BD9D5548F36DABDF6617";
vec.curveName = "SECP224R1";
vec.r = (const byte *)"\xC3\xA3\xF5\xB8\x27\x12\x53\x20\x04\xC6\xF6"
"\xD1\xDB\x67\x2F\x55\xD9\x31\xC3\x40\x9E\xA1\x21\x6D\x0B\xE7\x73\x80";
vec.rSz = 28;
vec.s = (const byte *)"\xC5\xAA\x1E\xAE\x60\x95\xDE\xA3\x4C\x9B\xD8"
"\x4D\xA3\x85\x2C\xCA\x41\xA8\xBD\x9D\x55\x48\xF3\x6D\xAB\xDF\x66\x17";
vec.sSz = 28;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
@@ -33249,8 +33275,9 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
"\x6a\xf3\xad\x5b";
vec.sSz = 28;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC224 */
#endif /* HAVE_ECC224 && (!NO_SHA || SHA224 || SHA3_224 */
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
case 30:
@@ -33259,6 +33286,29 @@ static wc_test_ret_t ecc_test_vector(int keySize)
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
case 32:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector - P-256, SHA-256 */
/* Unhashed message: "Example of ECDSA with P-256" */
vec.msg = "\xA4\x1A\x41\xA1\x2A\x79\x95\x48\x21\x1C\x41\x0C\x65\xD8\x13"
"\x3A\xFD\xE3\x4D\x28\xBD\xD5\x42\xE4\xB6\x80\xCF\x28\x99\xC8"
"\xA8\xC4";
vec.msgLen = 32;
vec.Qx = "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19";
vec.Qy = "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09";
vec.d = "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96";
vec.R = "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F";
vec.S = "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1";
vec.curveName = "SECP256R1";
vec.r = (const byte *)"\x2B\x42\xF5\x76\xD0\x7F\x41\x65\xFF\x65\xD1"
"\xF3\xB1\x50\x0F\x81\xE4\x4C\x31\x6F\x1F\x0B\x3E\xF5\x73\x25"
"\xB6\x9A\xCA\x46\x10\x4F";
vec.rSz = 32;
vec.s = (const byte *)"\xDC\x42\xC2\x12\x2D\x63\x92\xCD\x3E\x3A\x99"
"\x3A\x89\x50\x2A\x81\x98\xC1\x88\x6F\xE6\x9D\x26\x2C\x4B\x32"
"\x9B\xDB\x6B\x63\xFA\xF1";
vec.sSz = 32;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
@@ -33290,6 +33340,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x5a\x21\x48\xae\x32\xe3\xa2\x48";
vec.sSz = 32;
vec.curveName = "SECP256R1";
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* !NO_ECC256 */
@@ -33300,6 +33351,37 @@ static wc_test_ret_t ecc_test_vector(int keySize)
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
case 48:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-384, SHA-384 */
/* Unhashed message: "Example of ECDSA with P-384" */
vec.msg = "\x5A\xEA\x18\x7D\x1C\x4F\x6E\x1B\x35\x05\x7D\x20\x12\x6D\x83"
"\x6C\x6A\xDB\xBC\x70\x49\xEE\x02\x99\xC9\x52\x9F\x5E\x0B\x3F"
"\x8B\x5A\x74\x11\x14\x9D\x6C\x30\xD6\xCB\x2B\x8A\xF7\x0E\x0A"
"\x78\x1E\x89";
vec.msgLen = 48;
vec.Qx = "3BF701BC9E9D36B4D5F1455343F09126F2564390F2B487365071243C61E6"
"471FB9D2AB74657B82F9086489D9EF0F5CB5";
vec.Qy = "D1A358EAFBF952E68D533855CCBDAA6FF75B137A5101443199325583552A"
"6295FFE5382D00CFCDA30344A9B5B68DB855";
vec.d = "F92C02ED629E4B48C0584B1C6CE3A3E3B4FAAE4AFC6ACB0455E73DFC392E"
"6A0AE393A8565E6B9714D1224B57D83F8A08";
vec.R = "30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57D"
"D41A332795D02CC7D507FCEF9FAF01A27088";
vec.S = "CC808E504BE414F46C9027BCBF78ADF067A43922D6FCAA66C4476875FBB7"
"B94EFD1F7D5DBE620BFB821C46D549683AD8";
vec.curveName = "SECP384R1";
vec.r = (const byte *)"\x30\xEA\x51\x4F\xC0\xD3\x8D\x82\x08\x75\x6F"
"\x06\x81\x13\xC7\xCA\xDA\x9F\x66\xA3\xB4\x0E\xA3\xB3\x13\xD0"
"\x40\xD9\xB5\x7D\xD4\x1A\x33\x27\x95\xD0\x2C\xC7\xD5\x07\xFC"
"\xEF\x9F\xAF\x01\xA2\x70\x88";
vec.rSz = 48;
vec.s = (const byte *)"\xCC\x80\x8E\x50\x4B\xE4\x14\xF4\x6C\x90\x27"
"\xBC\xBF\x78\xAD\xF0\x67\xA4\x39\x22\xD6\xFC\xAA\x66\xC4\x47"
"\x68\x75\xFB\xB7\xB9\x4E\xFD\x1F\x7D\x5D\xBE\x62\x0B\xFB\x82"
"\x1C\x46\xD5\x49\x68\x3A\xD8";
vec.sSz = 48;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
@@ -33333,6 +33415,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
"\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
vec.sSz = 48;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC384 */
@@ -33343,6 +33426,45 @@ static wc_test_ret_t ecc_test_vector(int keySize)
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
case 66:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-521, SHA-512 */
/* Unhashed message: "Example of ECDSA with P-521" */
vec.msg = "\x9B\xF0\xE1\xDE\xED\xA3\x1E\x00\xF9\x25\xB7\x7F\x7C\xB6\xB1"
"\xCE\xD7\x36\x8D\xE1\xDC\x75\xBB\x9F\x94\x58\x2C\x1C\xA7\x09"
"\x20\x5D\x32\xAF\x90\x02\x5B\x02\xFA\x13\x2F\xBE\xBD\x6C\xDD"
"\xCD\x91\x72\xC0\xD6\x6D\x8E\x58\x17\x67\xA8\xB6\xF7\x1D\xE6"
"\x0B\xE1\xF9\x32";
vec.msgLen = 64;
vec.Qx = "98E91EEF9A68452822309C52FAB453F5F117C1DA8ED796B255E9AB8F6410"
"CCA16E59DF403A6BDC6CA467A37056B1E54B3005D8AC030DECFEB68DF18B"
"171885D5C4";
vec.Qy = "164350C321AECFC1CCA1BA4364C9B15656150B4B78D6A48D7D28E7F31985"
"EF17BE8554376B72900712C4B83AD668327231526E313F5F092999A4632F"
"D50D946BC2E";
vec.d = "100085F47B8E1B8B11B7EB33028C0B2888E304BFC98501955B45BBA1478D"
"C184EEEDF09B86A5F7C21994406072787205E69A63709FE35AA93BA33351"
"4B24F961722";
vec.R = "140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269"
"ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254C"
"CFE5DC3E2BA";
vec.S = "D72F15229D0096376DA6651D9985BFD7C07F8D49583B545DB3EAB20E0A2C"
"1E8615BD9E298455BDEB6B61378E77AF1C54EEE2CE37B2C61F5C9A823295"
"1CB988B5B1";
vec.curveName = "SECP521R1";
vec.r = (const byte *)"\x01\x40\xC8\xED\xCA\x57\x10\x8C\xE3\xF7\xE7"
"\xA2\x40\xDD\xD3\xAD\x74\xD8\x1E\x2D\xE6\x24\x51\xFC\x1D\x55"
"\x8F\xDC\x79\x26\x9A\xDA\xCD\x1C\x25\x26\xEE\xEE\xF3\x2F\x8C"
"\x04\x32\xA9\xD5\x6E\x2B\x4A\x8A\x73\x28\x91\xC3\x7C\x9B\x96"
"\x64\x1A\x92\x54\xCC\xFE\x5D\xC3\xE2\xBA";
vec.rSz = 66;
vec.s = (const byte *)"\xD7\x2F\x15\x22\x9D\x00\x96\x37\x6D\xA6\x65"
"\x1D\x99\x85\xBF\xD7\xC0\x7F\x8D\x49\x58\x3B\x54\x5D\xB3\xEA"
"\xB2\x0E\x0A\x2C\x1E\x86\x15\xBD\x9E\x29\x84\x55\xBD\xEB\x6B"
"\x61\x37\x8E\x77\xAF\x1C\x54\xEE\xE2\xCE\x37\xB2\xC6\x1F\x5C"
"\x9A\x82\x32\x95\x1C\xB9\x88\xB5\xB1";
vec.sSz = 65;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
@@ -33380,6 +33502,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
"\x3d\x22\xf2\x48\x0c";
vec.sSz = 65;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC521 */
default:
@@ -34115,7 +34238,9 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
byte exportBuf[ECC_BUFSIZE];
byte tmp[ECC_BUFSIZE];
#endif
const byte* msg = (const byte*)"test wolfSSL ECC public gen";
static const byte msg[] =
"All we have to decide is what to do with the time that is given ";
wc_static_assert(sizeof(msg) >= WC_MAX_DIGEST_SIZE);
word32 x;
word32 tmpSz;
wc_test_ret_t ret = 0;
@@ -34267,7 +34392,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0) {
ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
ret = wc_ecc_sign_hash(msg, WC_MAX_DIGEST_SIZE, tmp,
&tmpSz, rng, key);
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
@@ -34284,7 +34409,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
#endif
if (ret == 0) {
ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
(word32)XSTRLEN((const char*)msg), &verify, key);
WC_MAX_DIGEST_SIZE, &verify, key);
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
@@ -59272,7 +59397,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
static const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
#else
byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
@@ -59319,7 +59444,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
{
#ifndef NO_RSA
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
/* RSA with SHA */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
@@ -59417,7 +59542,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
#endif /* NO_RSA */
#ifdef HAVE_ECC
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
/* ECDSA with SHA */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
@@ -59586,7 +59711,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
/* generate transactionID (used with SCEP) */
{
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
wc_Sha sha;
byte digest[WC_SHA_DIGEST_SIZE];
#else
@@ -59598,7 +59723,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
transId[0] = 0x13;
transId[1] = sizeof(digest) * 2;
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -59673,7 +59798,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
{
/* check getting signed attributes */
#ifndef NO_SHA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
#else
byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
+6 -8
View File
@@ -51,18 +51,16 @@
#endif
/* in bytes, variable digest size up to 512 bits (64 bytes) */
enum {
#ifdef HAVE_BLAKE2B
BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B,
BLAKE2B_256 = 32, /* 256 bit type, SSL default */
WC_BLAKE2B_DIGEST_SIZE = 64,
#define BLAKE2B_ID WC_HASH_TYPE_BLAKE2B
#define BLAKE2B_256 32 /* 256 bit type, SSL default */
#define WC_BLAKE2B_DIGEST_SIZE 64
#endif
#ifdef HAVE_BLAKE2S
BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S,
BLAKE2S_256 = 32, /* 256 bit type */
WC_BLAKE2S_DIGEST_SIZE = 32
#define BLAKE2S_ID WC_HASH_TYPE_BLAKE2S
#define BLAKE2S_256 32 /* 256 bit type */
#define WC_BLAKE2S_DIGEST_SIZE 32
#endif
};
#ifdef HAVE_BLAKE2B
+72
View File
@@ -160,6 +160,78 @@ typedef struct {
#define WC_MAX_BLOCK_SIZE 128
#endif
#if defined(WC_HASH_CUSTOM_MAX_DIGEST_SIZE) && \
defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE)
#if WC_HASH_CUSTOM_MAX_DIGEST_SIZE < \
WC_HASH_CUSTOM_MIN_DIGEST_SIZE
#error HASH_CUSTOM_MAX_DIGEST_SIZE < WC_HASH_CUSTOM_MIN_DIGEST_SIZE
#endif
#endif
#ifdef WC_HASH_CUSTOM_MAX_DIGEST_SIZE
#undef WC_MAX_DIGEST_SIZE
#define WC_MAX_DIGEST_SIZE WC_HASH_CUSTOM_MAX_DIGEST_SIZE
#endif
#ifdef WC_HASH_CUSTOM_MAX_BLOCK_SIZE
#undef WC_MAX_BLOCK_SIZE
#define WC_MAX_BLOCK_SIZE WC_HASH_CUSTOM_MAX_BLOCK_SIZE
#endif
#if defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE)
#if defined(WC_FIPS_186_5_PLUS) && \
(WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 224 / 8)
#error FIPS 186-5 requires a minimum hash size >= SHA-224.
#elif defined(WC_FIPS_186_4) && \
(WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 160 / 8)
#error FIPS 186-4 requires a minimum hash size >= SHA-1.
#elif (WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 128 / 8)
#error WC_HASH_CUSTOM_MIN_DIGEST_SIZE is too small.
#endif
/* Let the user override the minimum digest size */
#define WC_MIN_DIGEST_SIZE WC_HASH_CUSTOM_MIN_DIGEST_SIZE
#elif defined(WOLFSSL_MD2) && !defined(WC_FIPS_186_4_PLUS)
#define WC_MIN_DIGEST_SIZE WC_MD2_DIGEST_SIZE /* 16 */
#elif !defined(NO_MD4) && !defined(WC_FIPS_186_4_PLUS)
#define WC_MIN_DIGEST_SIZE WC_MD4_DIGEST_SIZE /* 16 */
#elif !defined(NO_MD5) && !defined(WC_FIPS_186_4_PLUS)
#define WC_MIN_DIGEST_SIZE WC_MD5_DIGEST_SIZE /* 16 */
#elif !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
#define WC_MIN_DIGEST_SIZE WC_SHA_DIGEST_SIZE /* 20 */
#elif defined(WOLFSSL_SHA224)
#define WC_MIN_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
#define WC_MIN_DIGEST_SIZE WC_SHA512_224_DIGEST_SIZE
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
#define WC_MIN_DIGEST_SIZE WC_SHA3_224_DIGEST_SIZE
#elif !defined(NO_SHA256)
#define WC_MIN_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
#define WC_MIN_DIGEST_SIZE WC_SHA512_256_DIGEST_SIZE
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
#define WC_MIN_DIGEST_SIZE WC_SHA3_256_DIGEST_SIZE
#elif defined(HAVE_BLAKE2S)
#define WC_MIN_DIGEST_SIZE BLAKE2S_OUTBYTES /* 32 */
#elif defined(WOLFSSL_SM3)
#define WC_MIN_DIGEST_SIZE WC_SM3_DIGEST_SIZE /* 32 */
#elif defined(WOLFSSL_SHA384)
#define WC_MIN_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
#define WC_MIN_DIGEST_SIZE WC_SHA3_384_DIGEST_SIZE
#elif defined(WOLFSSL_SHA512)
#define WC_MIN_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
#define WC_MIN_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
#elif defined(HAVE_BLAKE2B)
#define WC_MIN_DIGEST_SIZE BLAKE2B_OUTBYTES /* 64 */
#elif defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256)
#error SHAKE enabled without SHA-3.
#define WC_MIN_DIGEST_SIZE 64
#else
#error No builtin hashes enabled and no WC_HASH_CUSTOM_MIN_DIGEST_SIZE.
#define WC_MIN_DIGEST_SIZE 64
#endif
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
+9 -13
View File
@@ -36,12 +36,10 @@
#endif
/* in bytes */
enum {
WC_MD2_BLOCK_SIZE = 16,
WC_MD2_DIGEST_SIZE = 16,
WC_MD2_PAD_SIZE = 16,
WC_MD2_X_SIZE = 48
};
#define WC_MD2_BLOCK_SIZE 16
#define WC_MD2_DIGEST_SIZE 16
#define WC_MD2_PAD_SIZE 16
#define WC_MD2_X_SIZE 48
/* Md2 digest */
@@ -60,13 +58,11 @@ WOLFSSL_API int wc_Md2Hash(const byte* data, word32 len, byte* hash);
#ifndef OPENSSL_COEXIST
enum {
MD2 = WC_HASH_TYPE_MD2,
MD2_BLOCK_SIZE = WC_MD2_BLOCK_SIZE,
MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE,
MD2_PAD_SIZE = WC_MD2_PAD_SIZE,
MD2_X_SIZE = WC_MD2_X_SIZE
};
#define MD2 WC_HASH_TYPE_MD2,
#define MD2_BLOCK_SIZE WC_MD2_BLOCK_SIZE,
#define MD2_DIGEST_SIZE WC_MD2_DIGEST_SIZE,
#define MD2_PAD_SIZE WC_MD2_PAD_SIZE,
#define MD2_X_SIZE WC_MD2_X_SIZE
/* Md2 digest */
+7 -11
View File
@@ -35,11 +35,9 @@
#endif
/* in bytes */
enum {
WC_MD4_BLOCK_SIZE = 64,
WC_MD4_DIGEST_SIZE = 16,
WC_MD4_PAD_SIZE = 56
};
#define WC_MD4_BLOCK_SIZE 64
#define WC_MD4_DIGEST_SIZE 16
#define WC_MD4_PAD_SIZE 56
/* MD4 digest */
typedef struct wc_Md4 {
@@ -56,12 +54,10 @@ WOLFSSL_API void wc_Md4Final(wc_Md4* md4, byte* hash);
#ifndef OPENSSL_COEXIST
enum {
MD4 = WC_HASH_TYPE_MD4,
MD4_BLOCK_SIZE = WC_MD4_BLOCK_SIZE,
MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE,
MD4_PAD_SIZE = WC_MD4_PAD_SIZE
};
#define MD4 WC_HASH_TYPE_MD4,
#define MD4_BLOCK_SIZE WC_MD4_BLOCK_SIZE,
#define MD4_DIGEST_SIZE WC_MD4_DIGEST_SIZE,
#define MD4_PAD_SIZE WC_MD4_PAD_SIZE
typedef struct wc_Md4 Md4;
+5 -7
View File
@@ -55,16 +55,14 @@
#define Md5 wc_Md5
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
#define MD5_PAD_SIZE WC_MD5_PAD_SIZE
#endif
/* in bytes */
enum {
WC_MD5 = WC_HASH_TYPE_MD5,
WC_MD5_BLOCK_SIZE = 64,
WC_MD5_DIGEST_SIZE = 16,
WC_MD5_PAD_SIZE = 56
};
#define WC_MD5 WC_HASH_TYPE_MD5
#define WC_MD5_BLOCK_SIZE 64
#define WC_MD5_DIGEST_SIZE 16
#define WC_MD5_PAD_SIZE 56
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+23
View File
@@ -459,6 +459,29 @@
(WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#define FIPS_VERSION3_NE(major,minor,patch) \
(WOLFSSL_FIPS_VERSION_CODE != WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
#if defined(HAVE_FIPS) && !defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_4)
#if FIPS_VERSION3_GE(7,0,0)
#ifndef WC_FIPS_186_5
#define WC_FIPS_186_5
#endif
#else
#ifndef WC_FIPS_186_4
#define WC_FIPS_186_4
#endif
#endif
#endif
#if defined(WC_FIPS_186_4) && defined(WC_FIPS_186_5)
#error Conflicting FIPS 186 settings.
#endif
#if (defined(WC_FIPS_186_4) || defined(WC_FIPS_186_5)) && \
!defined(WC_FIPS_186_4_PLUS)
#define WC_FIPS_186_4_PLUS
#endif
#if defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_5_PLUS)
#define WC_FIPS_186_5_PLUS
#endif
/*------------------------------------------------------------*/
+4 -6
View File
@@ -101,12 +101,10 @@
#endif
/* in bytes */
enum {
WC_SHA = WC_HASH_TYPE_SHA,
WC_SHA_BLOCK_SIZE = 64,
WC_SHA_DIGEST_SIZE = 20,
WC_SHA_PAD_SIZE = 56
};
#define WC_SHA WC_HASH_TYPE_SHA
#define WC_SHA_BLOCK_SIZE 64
#define WC_SHA_DIGEST_SIZE 20
#define WC_SHA_PAD_SIZE 56
#if defined(WOLFSSL_TI_HASH)
+8 -12
View File
@@ -116,12 +116,10 @@
#endif
/* in bytes */
enum {
WC_SHA256 = WC_HASH_TYPE_SHA256,
WC_SHA256_BLOCK_SIZE = 64,
WC_SHA256_DIGEST_SIZE = 32,
WC_SHA256_PAD_SIZE = 56
};
#define WC_SHA256 WC_HASH_TYPE_SHA256
#define WC_SHA256_BLOCK_SIZE 64
#define WC_SHA256_DIGEST_SIZE 32
#define WC_SHA256_PAD_SIZE 56
#ifdef WOLFSSL_TI_HASH
@@ -303,12 +301,10 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len);
#endif
/* in bytes */
enum {
WC_SHA224 = WC_HASH_TYPE_SHA224,
WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE,
WC_SHA224_DIGEST_SIZE = 28,
WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE
};
#define WC_SHA224 WC_HASH_TYPE_SHA224
#define WC_SHA224_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
#define WC_SHA224_DIGEST_SIZE 28
#define WC_SHA224_PAD_SIZE WC_SHA256_PAD_SIZE
#ifndef WC_SHA224_TYPE_DEFINED
+16 -20
View File
@@ -98,28 +98,26 @@
#endif /* WOLFSSL_SHA512 */
/* in bytes */
enum {
#ifdef WOLFSSL_SHA512
WC_SHA512 = WC_HASH_TYPE_SHA512,
#define WC_SHA512 WC_HASH_TYPE_SHA512
#ifndef WOLFSSL_NOSHA512_224
WC_SHA512_224 = WC_HASH_TYPE_SHA512_224,
#define WC_SHA512_224 WC_HASH_TYPE_SHA512_224
#endif
#ifndef WOLFSSL_NOSHA512_256
WC_SHA512_256 = WC_HASH_TYPE_SHA512_256,
#define WC_SHA512_256 WC_HASH_TYPE_SHA512_256
#endif
#endif
WC_SHA512_BLOCK_SIZE = 128,
WC_SHA512_DIGEST_SIZE = 64,
WC_SHA512_PAD_SIZE = 112,
#define WC_SHA512_BLOCK_SIZE 128
#define WC_SHA512_DIGEST_SIZE 64
#define WC_SHA512_PAD_SIZE 112
WC_SHA512_224_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
WC_SHA512_224_DIGEST_SIZE = 28,
WC_SHA512_224_PAD_SIZE = WC_SHA512_PAD_SIZE,
#define WC_SHA512_224_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
#define WC_SHA512_224_DIGEST_SIZE 28
#define WC_SHA512_224_PAD_SIZE WC_SHA512_PAD_SIZE
WC_SHA512_256_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
WC_SHA512_256_DIGEST_SIZE = 32,
WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE
};
#define WC_SHA512_256_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
#define WC_SHA512_256_DIGEST_SIZE 32
#define WC_SHA512_256_PAD_SIZE WC_SHA512_PAD_SIZE
#if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
@@ -321,12 +319,10 @@ WOLFSSL_API int wc_Sha512_256Transform(wc_Sha512* sha,
#endif
/* in bytes */
enum {
WC_SHA384 = WC_HASH_TYPE_SHA384,
WC_SHA384_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
WC_SHA384_DIGEST_SIZE = 48,
WC_SHA384_PAD_SIZE = WC_SHA512_PAD_SIZE
};
#define WC_SHA384 WC_HASH_TYPE_SHA384
#define WC_SHA384_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
#define WC_SHA384_DIGEST_SIZE 48
#define WC_SHA384_PAD_SIZE WC_SHA512_PAD_SIZE
#ifndef WC_SHA384_TYPE_DEFINED