mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:50:52 +02:00
wolfcrypt: add additional enforcement of correct digest sizes in signature gen and verify ops:
* add WC_FIPS_186_4, WC_FIPS_186_4_PLUS, WC_FIPS_186_5, and WC_FIPS_186_5_PLUS feature macros. * add support for WC_HASH_CUSTOM_MIN_DIGEST_SIZE, WC_HASH_CUSTOM_MAX_DIGEST_SIZE, and WC_HASH_CUSTOM_MAX_BLOCK_SIZE, for use with custom digest algorithms. * add SigOidMatchesKeyOid() helper function and WC_MIN_DIGEST_SIZE macro. * add additional size and OID agreement checks for sig gen and verify ops. * update ecc_test_vector() with FIPS 186-5 vectors. Co-authored-by: Tobias Frauenschläger <tobias@wolfssl.com>
This commit is contained in:
@@ -639,6 +639,9 @@ WC_DILITHIUM_FIXED_ARRAY
|
||||
WC_DISABLE_RADIX_ZERO_PAD
|
||||
WC_FLAG_DONT_USE_AESNI
|
||||
WC_FORCE_LINUXKM_FORTIFY_SOURCE
|
||||
WC_HASH_CUSTOM_MAX_BLOCK_SIZE
|
||||
WC_HASH_CUSTOM_MAX_DIGEST_SIZE
|
||||
WC_HASH_CUSTOM_MIN_DIGEST_SIZE
|
||||
WC_NO_ASYNC_SLEEP
|
||||
WC_NO_RNG_SIMPLE
|
||||
WC_NO_STATIC_ASSERT
|
||||
@@ -651,9 +654,6 @@ WC_RSA_NONBLOCK
|
||||
WC_RSA_NONBLOCK_TIME
|
||||
WC_RSA_NO_FERMAT_CHECK
|
||||
WC_RWLOCK_OPS_INLINE
|
||||
WC_SHA384
|
||||
WC_SHA384_DIGEST_SIZE
|
||||
WC_SHA512
|
||||
WC_SKIP_INCLUDED_C_FILES
|
||||
WC_SSIZE_TYPE
|
||||
WC_STRICT_SIG
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
#endif
|
||||
|
||||
#include <linux/version.h>
|
||||
#include <linux/kconfig.h>
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 0)
|
||||
#error Unsupported kernel.
|
||||
@@ -39,6 +40,25 @@
|
||||
#error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
|
||||
#endif
|
||||
|
||||
/* The first vector set in /usr/src/linux/crypto/testmgr.h
|
||||
* ecdsa_nist_p192_tv_template[], ecdsa_nist_p256_tv_template[], and
|
||||
* ecdsa_nist_p384_tv_template[] use SHA-1 (even if CONFIG_CRYPTO_SHA1 is
|
||||
* disabled), and kernel module signatures frequently use SHA-1 until quite
|
||||
* recently (dependent on CONFIG_CRYPTO_SHA1). If either is enabled, force
|
||||
* downgrade to 186-4.
|
||||
*/
|
||||
#if defined(WC_FIPS_186_5_PLUS) && \
|
||||
(defined(CONFIG_CRYPTO_SHA1) || (defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS))) && \
|
||||
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) || defined(CONFIG_CRYPTO_ECDSA))
|
||||
#undef WC_FIPS_186_5_PLUS
|
||||
#ifdef WC_FIPS_186_5
|
||||
#undef WC_FIPS_186_5
|
||||
#else
|
||||
#error Unknown and incompatible FIPS 186 is enabled.
|
||||
#endif
|
||||
#define WC_FIPS_186_4
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#ifndef PACKAGE_NAME
|
||||
#error wc_port.h included before config.h
|
||||
@@ -285,8 +305,6 @@
|
||||
_Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\""); /* needed for kernel 4.9.282 */
|
||||
_Pragma("GCC diagnostic ignored \"-Wattributes\"");
|
||||
|
||||
#include <linux/kconfig.h>
|
||||
|
||||
#ifdef CONFIG_KASAN
|
||||
#ifndef WC_SANITIZE_DISABLE
|
||||
#define WC_SANITIZE_DISABLE() kasan_disable_current()
|
||||
|
||||
@@ -157,6 +157,7 @@
|
||||
#include <wolfssl/error-ssl.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#include <wolfssl/wolfcrypt/dh.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
@@ -5720,6 +5721,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Check hash length */
|
||||
if ((outSz > WC_MAX_DIGEST_SIZE) ||
|
||||
(outSz < WC_MIN_DIGEST_SIZE)) {
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
(void)ssl;
|
||||
(void)keyBufInfo;
|
||||
|
||||
|
||||
+16
@@ -5264,6 +5264,14 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
/* Check hash length */
|
||||
if ((ret == 1) &&
|
||||
((dLen > WC_MAX_DIGEST_SIZE) ||
|
||||
(dLen < WC_MIN_DIGEST_SIZE))) {
|
||||
WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad digest size");
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
/* Ensure internal EC key is set from external. */
|
||||
if ((ret == 1) && (key->inSet == 0)) {
|
||||
WOLFSSL_MSG("No EC key internal set, do it");
|
||||
@@ -5388,6 +5396,14 @@ int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz,
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* Check hash length */
|
||||
if ((ret == 1) &&
|
||||
((digestSz > WC_MAX_DIGEST_SIZE) ||
|
||||
(digestSz < WC_MIN_DIGEST_SIZE))) {
|
||||
WOLFSSL_MSG("wolfSSL_ECDSA_verify Bad digest size");
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* Verify signature using digest and key. */
|
||||
if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest,
|
||||
(word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) {
|
||||
|
||||
+2
-2
@@ -12284,9 +12284,9 @@ static int test_wc_CheckCertSigPubKey(void)
|
||||
ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
|
||||
RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
/* Wrong aglo. */
|
||||
/* Wrong algo. */
|
||||
ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
|
||||
keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
|
||||
keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_SIG_OID_E));
|
||||
|
||||
wc_FreeDecodedCert(&decoded);
|
||||
if (cert_der != NULL)
|
||||
|
||||
+25
-3
@@ -37,10 +37,32 @@
|
||||
#define HEAP_HINT NULL
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
|
||||
#define TEST_STRING "Everyone gets Friday off."
|
||||
#define TEST_STRING_SZ 25
|
||||
|
||||
#if defined(WC_FIPS_186_5_PLUS)
|
||||
#define TEST_STRING "WC_FIPS_186_5_PLUS test test"
|
||||
#define TEST_STRING_SZ 28
|
||||
#elif defined(WC_FIPS_186_4_PLUS) || defined(HAVE_SELFTEST)
|
||||
#define TEST_STRING "WC_FIPS_186_4_PLUS test.."
|
||||
#define TEST_STRING_SZ 25
|
||||
#elif WC_MIN_DIGEST_SIZE <= 25
|
||||
#define TEST_STRING "Everyone gets Friday off."
|
||||
#define TEST_STRING_SZ 25
|
||||
#elif WC_MIN_DIGEST_SIZE <= 28
|
||||
#define TEST_STRING "Everyone works the weekends."
|
||||
#define TEST_STRING_SZ 28
|
||||
#elif WC_MIN_DIGEST_SIZE <= 32
|
||||
#define TEST_STRING "Everyone works through the night"
|
||||
#define TEST_STRING_SZ 32
|
||||
#elif WC_MIN_DIGEST_SIZE <= 48
|
||||
#define TEST_STRING "Everyone gets to summer in Tuscany with Chianti."
|
||||
#define TEST_STRING_SZ 48
|
||||
#elif WC_MIN_DIGEST_SIZE <= 64
|
||||
#define TEST_STRING "Everyone works from Christmas Eve, clear through New Year's Day."
|
||||
#define TEST_STRING_SZ 64
|
||||
#else
|
||||
#error WC_MIN_DIGEST_SIZE value not supported by unit test.
|
||||
#endif
|
||||
|
||||
#ifndef ONEK_BUF
|
||||
#define ONEK_BUF 1024
|
||||
|
||||
@@ -61,7 +61,7 @@ int test_wc_InitDsaKey(void)
|
||||
int test_wc_DsaSignVerify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_DSA)
|
||||
#if !defined(NO_DSA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
DsaKey key;
|
||||
WC_RNG rng;
|
||||
wc_Sha sha;
|
||||
@@ -130,7 +130,8 @@ int test_wc_DsaSignVerify(void)
|
||||
DoExpectIntEQ(wc_FreeRng(&rng),0);
|
||||
wc_FreeDsaKey(&key);
|
||||
wc_ShaFree(&sha);
|
||||
#endif
|
||||
#endif /* !NO_DSA && !WC_FIPS_186_5_PLUS */
|
||||
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_DsaSign */
|
||||
|
||||
|
||||
@@ -742,7 +742,7 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && !defined (NO_DSA) && !defined(HAVE_SELFTEST) && \
|
||||
defined(WOLFSSL_KEY_GEN)
|
||||
!defined(WC_FIPS_186_5_PLUS) && defined(WOLFSSL_KEY_GEN)
|
||||
DSA *dsa = NULL;
|
||||
DSA *setDsa = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
@@ -829,7 +829,8 @@ int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
|
||||
DSA_free(setDsa);
|
||||
EVP_PKEY_free(pkey);
|
||||
EVP_PKEY_free(set1Pkey);
|
||||
#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
|
||||
#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && !WC_FIPS_186_5_PLUS */
|
||||
/* && WOLFSSL_KEY_GEN */
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_EVP_PKEY_set1_get1_DSA */
|
||||
|
||||
@@ -1606,7 +1607,8 @@ int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
|
||||
#if !defined (NO_DSA) && !defined(WC_FIPS_186_5_PLUS) && \
|
||||
!defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
|
||||
ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -41,7 +41,8 @@
|
||||
int test_DSA_do_sign_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
|
||||
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && \
|
||||
!defined(WC_FIPS_186_5_PLUS)
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_DSA)
|
||||
unsigned char digest[WC_SHA_DIGEST_SIZE];
|
||||
@@ -88,7 +89,7 @@ int test_DSA_do_sign_verify(void)
|
||||
DSA_SIG_free(sig);
|
||||
DSA_free(dsa);
|
||||
#endif
|
||||
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
|
||||
#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WC_FIPS_186_5_PLUS */
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -110,7 +111,7 @@ int test_wolfSSL_DSA_SIG(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
|
||||
!defined(HAVE_FIPS) && defined(OPENSSL_ALL)
|
||||
!defined(HAVE_FIPS) && !defined(WC_FIPS_186_5_PLUS) && defined(OPENSSL_ALL)
|
||||
DSA *dsa = NULL;
|
||||
DSA *dsa2 = NULL;
|
||||
DSA_SIG *sig = NULL;
|
||||
|
||||
@@ -727,7 +727,7 @@ int test_wc_PKCS7_EncodeSignedData(void)
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = encryptOid;
|
||||
#ifdef NO_SHA
|
||||
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
@@ -1685,7 +1685,7 @@ int CreatePKCS7SignedData(unsigned char* output, int outputSz,
|
||||
else {
|
||||
pkcs7->encryptOID = ECDSAk;
|
||||
}
|
||||
#ifdef NO_SHA
|
||||
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
|
||||
pkcs7->hashOID = SHA256h;
|
||||
#else
|
||||
pkcs7->hashOID = SHAh;
|
||||
@@ -1739,7 +1739,7 @@ int test_wc_PKCS7_VerifySignedData_RSA(void)
|
||||
word32 badOutSz = 0;
|
||||
byte badContent[] = "This is different content than was signed";
|
||||
wc_HashAlg hash;
|
||||
#ifdef NO_SHA
|
||||
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
||||
#else
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
|
||||
@@ -2120,7 +2120,7 @@ int test_wc_PKCS7_VerifySignedData_ECC(void)
|
||||
word32 z;
|
||||
int ret;
|
||||
#endif /* !NO_PKCS7_STREAM */
|
||||
#ifdef NO_SHA
|
||||
#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
||||
#else
|
||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
|
||||
|
||||
@@ -16109,6 +16109,118 @@ static int DecodeDsaAsn1Sig(const byte* sig, word32 sigSz, byte* sigCpy,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* The certificate's signatureAlgorithm (sigOID) must match the issuer's
|
||||
* key type (keyOID). sigOID picks the pre-hash; keyOID picks the
|
||||
* verifier. They need to agree or the verifier gets the wrong input. */
|
||||
static int SigOidMatchesKeyOid(word32 sigOID, word32 keyOID)
|
||||
{
|
||||
switch (keyOID) {
|
||||
#ifndef NO_RSA
|
||||
case RSAk:
|
||||
switch (sigOID) {
|
||||
case CTC_MD2wRSA:
|
||||
case CTC_MD5wRSA:
|
||||
case CTC_SHAwRSA:
|
||||
case CTC_SHA224wRSA:
|
||||
case CTC_SHA256wRSA:
|
||||
case CTC_SHA384wRSA:
|
||||
case CTC_SHA512wRSA:
|
||||
case CTC_SHA3_224wRSA:
|
||||
case CTC_SHA3_256wRSA:
|
||||
case CTC_SHA3_384wRSA:
|
||||
case CTC_SHA3_512wRSA:
|
||||
case CTC_RSASSAPSS:
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#ifdef WC_RSA_PSS
|
||||
case RSAPSSk:
|
||||
return (sigOID == CTC_RSASSAPSS);
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
|
||||
case DSAk:
|
||||
switch (sigOID) {
|
||||
case CTC_SHAwDSA:
|
||||
case CTC_SHA256wDSA:
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#endif
|
||||
#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
|
||||
case ECDSAk:
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
||||
case SM2k:
|
||||
#endif
|
||||
switch (sigOID) {
|
||||
case CTC_SHAwECDSA:
|
||||
case CTC_SHA224wECDSA:
|
||||
case CTC_SHA256wECDSA:
|
||||
case CTC_SHA384wECDSA:
|
||||
case CTC_SHA512wECDSA:
|
||||
case CTC_SHA3_224wECDSA:
|
||||
case CTC_SHA3_256wECDSA:
|
||||
case CTC_SHA3_384wECDSA:
|
||||
case CTC_SHA3_512wECDSA:
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
||||
case CTC_SM3wSM2:
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#endif
|
||||
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
|
||||
case ED25519k:
|
||||
return (sigOID == CTC_ED25519);
|
||||
#endif
|
||||
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
|
||||
case ED448k:
|
||||
return (sigOID == CTC_ED448);
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
case FALCON_LEVEL1k:
|
||||
return (sigOID == CTC_FALCON_LEVEL1);
|
||||
case FALCON_LEVEL5k:
|
||||
return (sigOID == CTC_FALCON_LEVEL5);
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
return (sigOID == CTC_DILITHIUM_LEVEL2);
|
||||
case DILITHIUM_LEVEL3k:
|
||||
return (sigOID == CTC_DILITHIUM_LEVEL3);
|
||||
case DILITHIUM_LEVEL5k:
|
||||
return (sigOID == CTC_DILITHIUM_LEVEL5);
|
||||
#endif
|
||||
case ML_DSA_LEVEL2k:
|
||||
return (sigOID == CTC_ML_DSA_LEVEL2);
|
||||
case ML_DSA_LEVEL3k:
|
||||
return (sigOID == CTC_ML_DSA_LEVEL3);
|
||||
case ML_DSA_LEVEL5k:
|
||||
return (sigOID == CTC_ML_DSA_LEVEL5);
|
||||
#endif
|
||||
#if defined(HAVE_SPHINCS)
|
||||
case SPHINCS_FAST_LEVEL1k:
|
||||
return (sigOID == CTC_SPHINCS_FAST_LEVEL1);
|
||||
case SPHINCS_FAST_LEVEL3k:
|
||||
return (sigOID == CTC_SPHINCS_FAST_LEVEL3);
|
||||
case SPHINCS_FAST_LEVEL5k:
|
||||
return (sigOID == CTC_SPHINCS_FAST_LEVEL5);
|
||||
case SPHINCS_SMALL_LEVEL1k:
|
||||
return (sigOID == CTC_SPHINCS_SMALL_LEVEL1);
|
||||
case SPHINCS_SMALL_LEVEL3k:
|
||||
return (sigOID == CTC_SPHINCS_SMALL_LEVEL3);
|
||||
case SPHINCS_SMALL_LEVEL5k:
|
||||
return (sigOID == CTC_SPHINCS_SMALL_LEVEL5);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Default to reject unknown key types */
|
||||
(void)sigOID;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
|
||||
int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
const byte* buf, word32 bufSz,
|
||||
@@ -16177,6 +16289,11 @@ int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
|
||||
case SIG_STATE_HASH:
|
||||
{
|
||||
if (!SigOidMatchesKeyOid(sigOID, keyOID)) {
|
||||
WOLFSSL_MSG("sigOID incompatible with issuer keyOID");
|
||||
ERROR_OUT(ASN_SIG_OID_E, exit_cs);
|
||||
}
|
||||
|
||||
#if !defined(NO_RSA) && defined(WC_RSA_PSS)
|
||||
if (sigOID == RSAPSSk) {
|
||||
word32 fakeSigOID = 0;
|
||||
|
||||
@@ -9273,8 +9273,9 @@ static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key,
|
||||
byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
|
||||
word32 oidMsgHashLen = 0;
|
||||
|
||||
if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) {
|
||||
ret = BUFFER_E;
|
||||
/* Check that the input hash length is valid. */
|
||||
if ((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg)) {
|
||||
ret = BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
@@ -9944,6 +9945,12 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
|
||||
if (key == NULL) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
/* Check that the input hash length is valid. */
|
||||
if ((ret == 0) &&
|
||||
((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg)))
|
||||
{
|
||||
ret = BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* Step 6: Hash public key. */
|
||||
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <wolfssl/wolfcrypt/wolfmath.h>
|
||||
#include <wolfssl/wolfcrypt/sha.h>
|
||||
#include <wolfssl/wolfcrypt/dsa.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
@@ -689,6 +690,12 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
|
||||
if (digest == NULL || out == NULL || key == NULL || rng == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((digestSz > WC_MAX_DIGEST_SIZE) ||
|
||||
(digestSz < WC_MIN_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
do {
|
||||
@@ -1022,6 +1029,16 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig,
|
||||
if (digest == NULL || sig == NULL || key == NULL || answer == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Note the min allowed digestSz here is WC_SHA_DIGEST_SIZE, not
|
||||
* WC_MIN_DIGEST_SIZE, to allow verify-only legacy DSA operations, as
|
||||
* expressly allowed under FIPS 186-5, FIPS 140-3, and SP 800-131A.
|
||||
*/
|
||||
if ((digestSz > WC_MAX_DIGEST_SIZE) ||
|
||||
(digestSz < WC_SHA_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
do {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
w = (mp_int *)XMALLOC(sizeof *w, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
+19
-6
@@ -213,6 +213,7 @@ ECC Curve Sizes:
|
||||
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
|
||||
#ifdef WOLFSSL_HAVE_SP_ECC
|
||||
#include <wolfssl/wolfcrypt/sp.h>
|
||||
@@ -223,10 +224,6 @@ ECC Curve Sizes:
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_X963_KDF
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
#endif
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
#endif
|
||||
@@ -6778,7 +6775,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
if (in == NULL || out == NULL || outlen == NULL || key == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
if (inlen > WC_MAX_DIGEST_SIZE) {
|
||||
if ((inlen > WC_MAX_DIGEST_SIZE) ||
|
||||
(inlen < WC_MIN_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
@@ -7299,6 +7298,11 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
if ((inlen > WC_MAX_DIGEST_SIZE) ||
|
||||
(inlen < WC_MIN_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
/* is this a private key? */
|
||||
if (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY) {
|
||||
@@ -8576,7 +8580,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
if (hashlen > WC_MAX_DIGEST_SIZE) {
|
||||
|
||||
/* Check hash length */
|
||||
if ((hashlen > WC_MAX_DIGEST_SIZE) ||
|
||||
(hashlen < WC_MIN_DIGEST_SIZE)) {
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
@@ -9284,6 +9291,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL)
|
||||
return ECC_BAD_ARG_E;
|
||||
|
||||
/* Check hash length */
|
||||
if ((hashlen > WC_MAX_DIGEST_SIZE) ||
|
||||
(hashlen < WC_MIN_DIGEST_SIZE)) {
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
/* default to invalid signature */
|
||||
*res = 0;
|
||||
|
||||
|
||||
@@ -389,6 +389,12 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((type == Ed25519ph) &&
|
||||
(inLen != WC_SHA512_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type,
|
||||
@@ -897,6 +903,12 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
|
||||
(context == NULL && contextLen != 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((type == Ed25519ph) &&
|
||||
(msgLen != WC_SHA512_DIGEST_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (key->devId != INVALID_DEVID) {
|
||||
ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key,
|
||||
|
||||
@@ -371,6 +371,11 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((ret == 0) && (type == Ed448ph) && (inLen != ED448_PREHASH_SIZE))
|
||||
{
|
||||
ret = BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
/* check and set up out length */
|
||||
if ((ret == 0) && (*outLen < ED448_SIG_SIZE)) {
|
||||
*outLen = ED448_SIG_SIZE;
|
||||
@@ -796,6 +801,12 @@ int wc_ed448_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
|
||||
if (key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((type == Ed448ph) &&
|
||||
(msgLen != ED448_PREHASH_SIZE))
|
||||
{
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ED448_PERSISTENT_SHA
|
||||
sha = &key->sha;
|
||||
#else
|
||||
|
||||
@@ -476,6 +476,12 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_BLAKE2B:
|
||||
#if defined(HAVE_BLAKE2B)
|
||||
dig_size = BLAKE2B_OUTBYTES;
|
||||
#else
|
||||
dig_size = HASH_TYPE_E;
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_BLAKE2S:
|
||||
#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
|
||||
dig_size = BLAKE2S_OUTBYTES;
|
||||
@@ -626,6 +632,12 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type)
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_BLAKE2B:
|
||||
#if defined(HAVE_BLAKE2B)
|
||||
block_size = BLAKE2B_BLOCKBYTES;
|
||||
#else
|
||||
block_size = HASH_TYPE_E;
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_BLAKE2S:
|
||||
#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
|
||||
block_size = BLAKE2S_BLOCKBYTES;
|
||||
|
||||
@@ -4565,6 +4565,12 @@ static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
|
||||
if (pkcs7 == NULL || sig == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Check hash length */
|
||||
if ((hashSz > WC_MAX_DIGEST_SIZE) ||
|
||||
(hashSz < WC_MIN_DIGEST_SIZE)) {
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
@@ -163,6 +163,35 @@ int wc_SignatureVerifyHash(
|
||||
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len");
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* For WC_SIGNATURE_TYPE_RSA_W_ENC, we need to extract the actual size of
|
||||
* the ASN.1-encoded hash.
|
||||
*/
|
||||
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
|
||||
int hash_dec_len;
|
||||
word32 idx = 0;
|
||||
if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0)
|
||||
return ASN_PARSE_E;
|
||||
/* skip the AlgorithmIdentifier */
|
||||
if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0)
|
||||
return ASN_PARSE_E;
|
||||
idx += (word32)hash_dec_len;
|
||||
/* now sitting at the OCTET STRING containing the digest */
|
||||
if (GetOctetString(hash_data, &idx, &hash_dec_len, hash_len) < 0)
|
||||
return ASN_PARSE_E;
|
||||
if (hash_dec_len != ret)
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
if (hash_len != (word32)ret) {
|
||||
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash size");
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
/* Verify signature using hash */
|
||||
|
||||
+137
-12
@@ -27130,14 +27130,16 @@ done:
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
|
||||
{
|
||||
wc_test_ret_t ret = 0;
|
||||
int answer;
|
||||
word32 bytes;
|
||||
word32 idx = 0;
|
||||
WC_RNG rng;
|
||||
int rng_inited = 0;
|
||||
wc_Sha sha;
|
||||
byte hash[WC_SHA_DIGEST_SIZE];
|
||||
#ifndef WC_FIPS_186_5_PLUS
|
||||
byte signature[40];
|
||||
int answer;
|
||||
#endif
|
||||
int key_inited = 0;
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
int derSz = 0;
|
||||
@@ -27223,6 +27225,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
rng_inited = 1;
|
||||
|
||||
#ifndef WC_FIPS_186_5_PLUS
|
||||
ret = wc_DsaSign(hash, signature, key, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
@@ -27232,6 +27235,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
if (answer != 1)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
|
||||
#endif /* !WC_FIPS_186_5_PLUS */
|
||||
|
||||
wc_FreeDsaKey(key);
|
||||
key_inited = 0;
|
||||
@@ -33216,8 +33220,30 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
break;
|
||||
#endif /* HAVE_ECC192 */
|
||||
|
||||
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
|
||||
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
|
||||
(!defined(NO_SHA) || defined(WOLFSSL_SHA224) || \
|
||||
(defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)))
|
||||
case 28:
|
||||
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
|
||||
/* FIPS 186-5 Example vector -- P-224, SHA-224 */
|
||||
/* Unhashed message: "Example of ECDSA with P-224" */
|
||||
|
||||
vec.msg = "\x1F\x1E\x1C\xF8\x92\x92\x6C\xFC\xCF\xC5\xA2\x8F\xEE\xF3\xD8"
|
||||
"\x07\xD2\x3F\x77\x80\x08\xDB\xA4\xB3\x5F\x04\xB2\xFD";
|
||||
vec.msgLen = 28;
|
||||
vec.Qx = "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E";
|
||||
vec.Qy = "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555";
|
||||
vec.d = "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8";
|
||||
vec.R = "C3A3F5B82712532004C6F6D1DB672F55D931C3409EA1216D0BE77380";
|
||||
vec.S = "C5AA1EAE6095DEA34C9BD84DA3852CCA41A8BD9D5548F36DABDF6617";
|
||||
vec.curveName = "SECP224R1";
|
||||
vec.r = (const byte *)"\xC3\xA3\xF5\xB8\x27\x12\x53\x20\x04\xC6\xF6"
|
||||
"\xD1\xDB\x67\x2F\x55\xD9\x31\xC3\x40\x9E\xA1\x21\x6D\x0B\xE7\x73\x80";
|
||||
vec.rSz = 28;
|
||||
vec.s = (const byte *)"\xC5\xAA\x1E\xAE\x60\x95\xDE\xA3\x4C\x9B\xD8"
|
||||
"\x4D\xA3\x85\x2C\xCA\x41\xA8\xBD\x9D\x55\x48\xF3\x6D\xAB\xDF\x66\x17";
|
||||
vec.sSz = 28;
|
||||
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
/* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
|
||||
#if 1
|
||||
vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
|
||||
@@ -33249,8 +33275,9 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
"\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
|
||||
"\x6a\xf3\xad\x5b";
|
||||
vec.sSz = 28;
|
||||
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
break;
|
||||
#endif /* HAVE_ECC224 */
|
||||
#endif /* HAVE_ECC224 && (!NO_SHA || SHA224 || SHA3_224 */
|
||||
|
||||
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
|
||||
case 30:
|
||||
@@ -33259,6 +33286,29 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
|
||||
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
||||
case 32:
|
||||
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
|
||||
/* FIPS 186-5 Example vector - P-256, SHA-256 */
|
||||
/* Unhashed message: "Example of ECDSA with P-256" */
|
||||
|
||||
vec.msg = "\xA4\x1A\x41\xA1\x2A\x79\x95\x48\x21\x1C\x41\x0C\x65\xD8\x13"
|
||||
"\x3A\xFD\xE3\x4D\x28\xBD\xD5\x42\xE4\xB6\x80\xCF\x28\x99\xC8"
|
||||
"\xA8\xC4";
|
||||
vec.msgLen = 32;
|
||||
vec.Qx = "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19";
|
||||
vec.Qy = "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09";
|
||||
vec.d = "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96";
|
||||
vec.R = "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F";
|
||||
vec.S = "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1";
|
||||
vec.curveName = "SECP256R1";
|
||||
vec.r = (const byte *)"\x2B\x42\xF5\x76\xD0\x7F\x41\x65\xFF\x65\xD1"
|
||||
"\xF3\xB1\x50\x0F\x81\xE4\x4C\x31\x6F\x1F\x0B\x3E\xF5\x73\x25"
|
||||
"\xB6\x9A\xCA\x46\x10\x4F";
|
||||
vec.rSz = 32;
|
||||
vec.s = (const byte *)"\xDC\x42\xC2\x12\x2D\x63\x92\xCD\x3E\x3A\x99"
|
||||
"\x3A\x89\x50\x2A\x81\x98\xC1\x88\x6F\xE6\x9D\x26\x2C\x4B\x32"
|
||||
"\x9B\xDB\x6B\x63\xFA\xF1";
|
||||
vec.sSz = 32;
|
||||
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
/* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
|
||||
#if 1
|
||||
vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
|
||||
@@ -33290,6 +33340,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
"\x5a\x21\x48\xae\x32\xe3\xa2\x48";
|
||||
vec.sSz = 32;
|
||||
vec.curveName = "SECP256R1";
|
||||
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
break;
|
||||
#endif /* !NO_ECC256 */
|
||||
|
||||
@@ -33300,6 +33351,37 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
|
||||
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
||||
case 48:
|
||||
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
|
||||
/* FIPS 186-5 Example vector -- P-384, SHA-384 */
|
||||
/* Unhashed message: "Example of ECDSA with P-384" */
|
||||
|
||||
vec.msg = "\x5A\xEA\x18\x7D\x1C\x4F\x6E\x1B\x35\x05\x7D\x20\x12\x6D\x83"
|
||||
"\x6C\x6A\xDB\xBC\x70\x49\xEE\x02\x99\xC9\x52\x9F\x5E\x0B\x3F"
|
||||
"\x8B\x5A\x74\x11\x14\x9D\x6C\x30\xD6\xCB\x2B\x8A\xF7\x0E\x0A"
|
||||
"\x78\x1E\x89";
|
||||
vec.msgLen = 48;
|
||||
vec.Qx = "3BF701BC9E9D36B4D5F1455343F09126F2564390F2B487365071243C61E6"
|
||||
"471FB9D2AB74657B82F9086489D9EF0F5CB5";
|
||||
vec.Qy = "D1A358EAFBF952E68D533855CCBDAA6FF75B137A5101443199325583552A"
|
||||
"6295FFE5382D00CFCDA30344A9B5B68DB855";
|
||||
vec.d = "F92C02ED629E4B48C0584B1C6CE3A3E3B4FAAE4AFC6ACB0455E73DFC392E"
|
||||
"6A0AE393A8565E6B9714D1224B57D83F8A08";
|
||||
vec.R = "30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57D"
|
||||
"D41A332795D02CC7D507FCEF9FAF01A27088";
|
||||
vec.S = "CC808E504BE414F46C9027BCBF78ADF067A43922D6FCAA66C4476875FBB7"
|
||||
"B94EFD1F7D5DBE620BFB821C46D549683AD8";
|
||||
vec.curveName = "SECP384R1";
|
||||
vec.r = (const byte *)"\x30\xEA\x51\x4F\xC0\xD3\x8D\x82\x08\x75\x6F"
|
||||
"\x06\x81\x13\xC7\xCA\xDA\x9F\x66\xA3\xB4\x0E\xA3\xB3\x13\xD0"
|
||||
"\x40\xD9\xB5\x7D\xD4\x1A\x33\x27\x95\xD0\x2C\xC7\xD5\x07\xFC"
|
||||
"\xEF\x9F\xAF\x01\xA2\x70\x88";
|
||||
vec.rSz = 48;
|
||||
vec.s = (const byte *)"\xCC\x80\x8E\x50\x4B\xE4\x14\xF4\x6C\x90\x27"
|
||||
"\xBC\xBF\x78\xAD\xF0\x67\xA4\x39\x22\xD6\xFC\xAA\x66\xC4\x47"
|
||||
"\x68\x75\xFB\xB7\xB9\x4E\xFD\x1F\x7D\x5D\xBE\x62\x0B\xFB\x82"
|
||||
"\x1C\x46\xD5\x49\x68\x3A\xD8";
|
||||
vec.sSz = 48;
|
||||
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
/* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
|
||||
#if 1
|
||||
vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
|
||||
@@ -33333,6 +33415,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
"\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
|
||||
"\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
|
||||
vec.sSz = 48;
|
||||
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
break;
|
||||
#endif /* HAVE_ECC384 */
|
||||
|
||||
@@ -33343,6 +33426,45 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
|
||||
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
|
||||
case 66:
|
||||
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
|
||||
/* FIPS 186-5 Example vector -- P-521, SHA-512 */
|
||||
/* Unhashed message: "Example of ECDSA with P-521" */
|
||||
|
||||
vec.msg = "\x9B\xF0\xE1\xDE\xED\xA3\x1E\x00\xF9\x25\xB7\x7F\x7C\xB6\xB1"
|
||||
"\xCE\xD7\x36\x8D\xE1\xDC\x75\xBB\x9F\x94\x58\x2C\x1C\xA7\x09"
|
||||
"\x20\x5D\x32\xAF\x90\x02\x5B\x02\xFA\x13\x2F\xBE\xBD\x6C\xDD"
|
||||
"\xCD\x91\x72\xC0\xD6\x6D\x8E\x58\x17\x67\xA8\xB6\xF7\x1D\xE6"
|
||||
"\x0B\xE1\xF9\x32";
|
||||
vec.msgLen = 64;
|
||||
vec.Qx = "98E91EEF9A68452822309C52FAB453F5F117C1DA8ED796B255E9AB8F6410"
|
||||
"CCA16E59DF403A6BDC6CA467A37056B1E54B3005D8AC030DECFEB68DF18B"
|
||||
"171885D5C4";
|
||||
vec.Qy = "164350C321AECFC1CCA1BA4364C9B15656150B4B78D6A48D7D28E7F31985"
|
||||
"EF17BE8554376B72900712C4B83AD668327231526E313F5F092999A4632F"
|
||||
"D50D946BC2E";
|
||||
vec.d = "100085F47B8E1B8B11B7EB33028C0B2888E304BFC98501955B45BBA1478D"
|
||||
"C184EEEDF09B86A5F7C21994406072787205E69A63709FE35AA93BA33351"
|
||||
"4B24F961722";
|
||||
vec.R = "140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269"
|
||||
"ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254C"
|
||||
"CFE5DC3E2BA";
|
||||
vec.S = "D72F15229D0096376DA6651D9985BFD7C07F8D49583B545DB3EAB20E0A2C"
|
||||
"1E8615BD9E298455BDEB6B61378E77AF1C54EEE2CE37B2C61F5C9A823295"
|
||||
"1CB988B5B1";
|
||||
vec.curveName = "SECP521R1";
|
||||
vec.r = (const byte *)"\x01\x40\xC8\xED\xCA\x57\x10\x8C\xE3\xF7\xE7"
|
||||
"\xA2\x40\xDD\xD3\xAD\x74\xD8\x1E\x2D\xE6\x24\x51\xFC\x1D\x55"
|
||||
"\x8F\xDC\x79\x26\x9A\xDA\xCD\x1C\x25\x26\xEE\xEE\xF3\x2F\x8C"
|
||||
"\x04\x32\xA9\xD5\x6E\x2B\x4A\x8A\x73\x28\x91\xC3\x7C\x9B\x96"
|
||||
"\x64\x1A\x92\x54\xCC\xFE\x5D\xC3\xE2\xBA";
|
||||
vec.rSz = 66;
|
||||
vec.s = (const byte *)"\xD7\x2F\x15\x22\x9D\x00\x96\x37\x6D\xA6\x65"
|
||||
"\x1D\x99\x85\xBF\xD7\xC0\x7F\x8D\x49\x58\x3B\x54\x5D\xB3\xEA"
|
||||
"\xB2\x0E\x0A\x2C\x1E\x86\x15\xBD\x9E\x29\x84\x55\xBD\xEB\x6B"
|
||||
"\x61\x37\x8E\x77\xAF\x1C\x54\xEE\xE2\xCE\x37\xB2\xC6\x1F\x5C"
|
||||
"\x9A\x82\x32\x95\x1C\xB9\x88\xB5\xB1";
|
||||
vec.sSz = 65;
|
||||
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
/* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
|
||||
#if 1
|
||||
vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
|
||||
@@ -33380,6 +33502,7 @@ static wc_test_ret_t ecc_test_vector(int keySize)
|
||||
"\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
|
||||
"\x3d\x22\xf2\x48\x0c";
|
||||
vec.sSz = 65;
|
||||
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
|
||||
break;
|
||||
#endif /* HAVE_ECC521 */
|
||||
default:
|
||||
@@ -34115,7 +34238,9 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
|
||||
byte exportBuf[ECC_BUFSIZE];
|
||||
byte tmp[ECC_BUFSIZE];
|
||||
#endif
|
||||
const byte* msg = (const byte*)"test wolfSSL ECC public gen";
|
||||
static const byte msg[] =
|
||||
"All we have to decide is what to do with the time that is given ";
|
||||
wc_static_assert(sizeof(msg) >= WC_MAX_DIGEST_SIZE);
|
||||
word32 x;
|
||||
word32 tmpSz;
|
||||
wc_test_ret_t ret = 0;
|
||||
@@ -34267,7 +34392,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
|
||||
ret = wc_ecc_sign_hash(msg, WC_MAX_DIGEST_SIZE, tmp,
|
||||
&tmpSz, rng, key);
|
||||
}
|
||||
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
|
||||
@@ -34284,7 +34409,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
|
||||
(word32)XSTRLEN((const char*)msg), &verify, key);
|
||||
WC_MAX_DIGEST_SIZE, &verify, key);
|
||||
}
|
||||
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
|
||||
if (ret != 0)
|
||||
@@ -59272,7 +59397,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
static const byte senderNonceOid[] =
|
||||
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
|
||||
0x09, 0x05 };
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#else
|
||||
byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
|
||||
@@ -59319,7 +59444,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
/* RSA with SHA */
|
||||
ADD_PKCS7SIGNEDVECTOR(
|
||||
data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
|
||||
@@ -59417,7 +59542,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
/* ECDSA with SHA */
|
||||
ADD_PKCS7SIGNEDVECTOR(
|
||||
data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
|
||||
@@ -59586,7 +59711,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
|
||||
/* generate transactionID (used with SCEP) */
|
||||
{
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
wc_Sha sha;
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
#else
|
||||
@@ -59598,7 +59723,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
transId[0] = 0x13;
|
||||
transId[1] = sizeof(digest) * 2;
|
||||
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
@@ -59673,7 +59798,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
|
||||
|
||||
{
|
||||
/* check getting signed attributes */
|
||||
#ifndef NO_SHA
|
||||
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#else
|
||||
byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
|
||||
|
||||
@@ -51,18 +51,16 @@
|
||||
#endif
|
||||
|
||||
/* in bytes, variable digest size up to 512 bits (64 bytes) */
|
||||
enum {
|
||||
#ifdef HAVE_BLAKE2B
|
||||
BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B,
|
||||
BLAKE2B_256 = 32, /* 256 bit type, SSL default */
|
||||
WC_BLAKE2B_DIGEST_SIZE = 64,
|
||||
#define BLAKE2B_ID WC_HASH_TYPE_BLAKE2B
|
||||
#define BLAKE2B_256 32 /* 256 bit type, SSL default */
|
||||
#define WC_BLAKE2B_DIGEST_SIZE 64
|
||||
#endif
|
||||
#ifdef HAVE_BLAKE2S
|
||||
BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S,
|
||||
BLAKE2S_256 = 32, /* 256 bit type */
|
||||
WC_BLAKE2S_DIGEST_SIZE = 32
|
||||
#define BLAKE2S_ID WC_HASH_TYPE_BLAKE2S
|
||||
#define BLAKE2S_256 32 /* 256 bit type */
|
||||
#define WC_BLAKE2S_DIGEST_SIZE 32
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
#ifdef HAVE_BLAKE2B
|
||||
|
||||
@@ -160,6 +160,78 @@ typedef struct {
|
||||
#define WC_MAX_BLOCK_SIZE 128
|
||||
#endif
|
||||
|
||||
#if defined(WC_HASH_CUSTOM_MAX_DIGEST_SIZE) && \
|
||||
defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE)
|
||||
#if WC_HASH_CUSTOM_MAX_DIGEST_SIZE < \
|
||||
WC_HASH_CUSTOM_MIN_DIGEST_SIZE
|
||||
#error HASH_CUSTOM_MAX_DIGEST_SIZE < WC_HASH_CUSTOM_MIN_DIGEST_SIZE
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WC_HASH_CUSTOM_MAX_DIGEST_SIZE
|
||||
#undef WC_MAX_DIGEST_SIZE
|
||||
#define WC_MAX_DIGEST_SIZE WC_HASH_CUSTOM_MAX_DIGEST_SIZE
|
||||
#endif
|
||||
#ifdef WC_HASH_CUSTOM_MAX_BLOCK_SIZE
|
||||
#undef WC_MAX_BLOCK_SIZE
|
||||
#define WC_MAX_BLOCK_SIZE WC_HASH_CUSTOM_MAX_BLOCK_SIZE
|
||||
#endif
|
||||
|
||||
#if defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE)
|
||||
#if defined(WC_FIPS_186_5_PLUS) && \
|
||||
(WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 224 / 8)
|
||||
#error FIPS 186-5 requires a minimum hash size >= SHA-224.
|
||||
#elif defined(WC_FIPS_186_4) && \
|
||||
(WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 160 / 8)
|
||||
#error FIPS 186-4 requires a minimum hash size >= SHA-1.
|
||||
#elif (WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 128 / 8)
|
||||
#error WC_HASH_CUSTOM_MIN_DIGEST_SIZE is too small.
|
||||
#endif
|
||||
/* Let the user override the minimum digest size */
|
||||
#define WC_MIN_DIGEST_SIZE WC_HASH_CUSTOM_MIN_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_MD2) && !defined(WC_FIPS_186_4_PLUS)
|
||||
#define WC_MIN_DIGEST_SIZE WC_MD2_DIGEST_SIZE /* 16 */
|
||||
#elif !defined(NO_MD4) && !defined(WC_FIPS_186_4_PLUS)
|
||||
#define WC_MIN_DIGEST_SIZE WC_MD4_DIGEST_SIZE /* 16 */
|
||||
#elif !defined(NO_MD5) && !defined(WC_FIPS_186_4_PLUS)
|
||||
#define WC_MIN_DIGEST_SIZE WC_MD5_DIGEST_SIZE /* 16 */
|
||||
#elif !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA_DIGEST_SIZE /* 20 */
|
||||
#elif defined(WOLFSSL_SHA224)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
|
||||
#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
|
||||
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA512_224_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA3_224_DIGEST_SIZE
|
||||
#elif !defined(NO_SHA256)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
|
||||
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA512_256_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA3_256_DIGEST_SIZE
|
||||
#elif defined(HAVE_BLAKE2S)
|
||||
#define WC_MIN_DIGEST_SIZE BLAKE2S_OUTBYTES /* 32 */
|
||||
#elif defined(WOLFSSL_SM3)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SM3_DIGEST_SIZE /* 32 */
|
||||
#elif defined(WOLFSSL_SHA384)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA3_384_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_SHA512)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
|
||||
#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
|
||||
#define WC_MIN_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
|
||||
#elif defined(HAVE_BLAKE2B)
|
||||
#define WC_MIN_DIGEST_SIZE BLAKE2B_OUTBYTES /* 64 */
|
||||
#elif defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256)
|
||||
#error SHAKE enabled without SHA-3.
|
||||
#define WC_MIN_DIGEST_SIZE 64
|
||||
#else
|
||||
#error No builtin hashes enabled and no WC_HASH_CUSTOM_MIN_DIGEST_SIZE.
|
||||
#define WC_MIN_DIGEST_SIZE 64
|
||||
#endif
|
||||
|
||||
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
|
||||
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
|
||||
WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
|
||||
|
||||
+9
-13
@@ -36,12 +36,10 @@
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_MD2_BLOCK_SIZE = 16,
|
||||
WC_MD2_DIGEST_SIZE = 16,
|
||||
WC_MD2_PAD_SIZE = 16,
|
||||
WC_MD2_X_SIZE = 48
|
||||
};
|
||||
#define WC_MD2_BLOCK_SIZE 16
|
||||
#define WC_MD2_DIGEST_SIZE 16
|
||||
#define WC_MD2_PAD_SIZE 16
|
||||
#define WC_MD2_X_SIZE 48
|
||||
|
||||
|
||||
/* Md2 digest */
|
||||
@@ -60,13 +58,11 @@ WOLFSSL_API int wc_Md2Hash(const byte* data, word32 len, byte* hash);
|
||||
|
||||
#ifndef OPENSSL_COEXIST
|
||||
|
||||
enum {
|
||||
MD2 = WC_HASH_TYPE_MD2,
|
||||
MD2_BLOCK_SIZE = WC_MD2_BLOCK_SIZE,
|
||||
MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE,
|
||||
MD2_PAD_SIZE = WC_MD2_PAD_SIZE,
|
||||
MD2_X_SIZE = WC_MD2_X_SIZE
|
||||
};
|
||||
#define MD2 WC_HASH_TYPE_MD2,
|
||||
#define MD2_BLOCK_SIZE WC_MD2_BLOCK_SIZE,
|
||||
#define MD2_DIGEST_SIZE WC_MD2_DIGEST_SIZE,
|
||||
#define MD2_PAD_SIZE WC_MD2_PAD_SIZE,
|
||||
#define MD2_X_SIZE WC_MD2_X_SIZE
|
||||
|
||||
|
||||
/* Md2 digest */
|
||||
|
||||
+7
-11
@@ -35,11 +35,9 @@
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_MD4_BLOCK_SIZE = 64,
|
||||
WC_MD4_DIGEST_SIZE = 16,
|
||||
WC_MD4_PAD_SIZE = 56
|
||||
};
|
||||
#define WC_MD4_BLOCK_SIZE 64
|
||||
#define WC_MD4_DIGEST_SIZE 16
|
||||
#define WC_MD4_PAD_SIZE 56
|
||||
|
||||
/* MD4 digest */
|
||||
typedef struct wc_Md4 {
|
||||
@@ -56,12 +54,10 @@ WOLFSSL_API void wc_Md4Final(wc_Md4* md4, byte* hash);
|
||||
|
||||
#ifndef OPENSSL_COEXIST
|
||||
|
||||
enum {
|
||||
MD4 = WC_HASH_TYPE_MD4,
|
||||
MD4_BLOCK_SIZE = WC_MD4_BLOCK_SIZE,
|
||||
MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE,
|
||||
MD4_PAD_SIZE = WC_MD4_PAD_SIZE
|
||||
};
|
||||
#define MD4 WC_HASH_TYPE_MD4,
|
||||
#define MD4_BLOCK_SIZE WC_MD4_BLOCK_SIZE,
|
||||
#define MD4_DIGEST_SIZE WC_MD4_DIGEST_SIZE,
|
||||
#define MD4_PAD_SIZE WC_MD4_PAD_SIZE
|
||||
|
||||
typedef struct wc_Md4 Md4;
|
||||
|
||||
|
||||
@@ -55,16 +55,14 @@
|
||||
#define Md5 wc_Md5
|
||||
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
|
||||
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
|
||||
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
|
||||
#define MD5_PAD_SIZE WC_MD5_PAD_SIZE
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_MD5 = WC_HASH_TYPE_MD5,
|
||||
WC_MD5_BLOCK_SIZE = 64,
|
||||
WC_MD5_DIGEST_SIZE = 16,
|
||||
WC_MD5_PAD_SIZE = 56
|
||||
};
|
||||
#define WC_MD5 WC_HASH_TYPE_MD5
|
||||
#define WC_MD5_BLOCK_SIZE 64
|
||||
#define WC_MD5_DIGEST_SIZE 16
|
||||
#define WC_MD5_PAD_SIZE 56
|
||||
|
||||
|
||||
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
|
||||
|
||||
@@ -459,6 +459,29 @@
|
||||
(WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
|
||||
#define FIPS_VERSION3_NE(major,minor,patch) \
|
||||
(WOLFSSL_FIPS_VERSION_CODE != WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
|
||||
|
||||
#if defined(HAVE_FIPS) && !defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_4)
|
||||
#if FIPS_VERSION3_GE(7,0,0)
|
||||
#ifndef WC_FIPS_186_5
|
||||
#define WC_FIPS_186_5
|
||||
#endif
|
||||
#else
|
||||
#ifndef WC_FIPS_186_4
|
||||
#define WC_FIPS_186_4
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WC_FIPS_186_4) && defined(WC_FIPS_186_5)
|
||||
#error Conflicting FIPS 186 settings.
|
||||
#endif
|
||||
#if (defined(WC_FIPS_186_4) || defined(WC_FIPS_186_5)) && \
|
||||
!defined(WC_FIPS_186_4_PLUS)
|
||||
#define WC_FIPS_186_4_PLUS
|
||||
#endif
|
||||
#if defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_5_PLUS)
|
||||
#define WC_FIPS_186_5_PLUS
|
||||
#endif
|
||||
|
||||
/*------------------------------------------------------------*/
|
||||
|
||||
|
||||
|
||||
@@ -101,12 +101,10 @@
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_SHA = WC_HASH_TYPE_SHA,
|
||||
WC_SHA_BLOCK_SIZE = 64,
|
||||
WC_SHA_DIGEST_SIZE = 20,
|
||||
WC_SHA_PAD_SIZE = 56
|
||||
};
|
||||
#define WC_SHA WC_HASH_TYPE_SHA
|
||||
#define WC_SHA_BLOCK_SIZE 64
|
||||
#define WC_SHA_DIGEST_SIZE 20
|
||||
#define WC_SHA_PAD_SIZE 56
|
||||
|
||||
|
||||
#if defined(WOLFSSL_TI_HASH)
|
||||
|
||||
@@ -116,12 +116,10 @@
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_SHA256 = WC_HASH_TYPE_SHA256,
|
||||
WC_SHA256_BLOCK_SIZE = 64,
|
||||
WC_SHA256_DIGEST_SIZE = 32,
|
||||
WC_SHA256_PAD_SIZE = 56
|
||||
};
|
||||
#define WC_SHA256 WC_HASH_TYPE_SHA256
|
||||
#define WC_SHA256_BLOCK_SIZE 64
|
||||
#define WC_SHA256_DIGEST_SIZE 32
|
||||
#define WC_SHA256_PAD_SIZE 56
|
||||
|
||||
|
||||
#ifdef WOLFSSL_TI_HASH
|
||||
@@ -303,12 +301,10 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len);
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_SHA224 = WC_HASH_TYPE_SHA224,
|
||||
WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE,
|
||||
WC_SHA224_DIGEST_SIZE = 28,
|
||||
WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE
|
||||
};
|
||||
#define WC_SHA224 WC_HASH_TYPE_SHA224
|
||||
#define WC_SHA224_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
|
||||
#define WC_SHA224_DIGEST_SIZE 28
|
||||
#define WC_SHA224_PAD_SIZE WC_SHA256_PAD_SIZE
|
||||
|
||||
|
||||
#ifndef WC_SHA224_TYPE_DEFINED
|
||||
|
||||
+16
-20
@@ -98,28 +98,26 @@
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
#ifdef WOLFSSL_SHA512
|
||||
WC_SHA512 = WC_HASH_TYPE_SHA512,
|
||||
#define WC_SHA512 WC_HASH_TYPE_SHA512
|
||||
#ifndef WOLFSSL_NOSHA512_224
|
||||
WC_SHA512_224 = WC_HASH_TYPE_SHA512_224,
|
||||
#define WC_SHA512_224 WC_HASH_TYPE_SHA512_224
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA512_256
|
||||
WC_SHA512_256 = WC_HASH_TYPE_SHA512_256,
|
||||
#define WC_SHA512_256 WC_HASH_TYPE_SHA512_256
|
||||
#endif
|
||||
#endif
|
||||
WC_SHA512_BLOCK_SIZE = 128,
|
||||
WC_SHA512_DIGEST_SIZE = 64,
|
||||
WC_SHA512_PAD_SIZE = 112,
|
||||
#define WC_SHA512_BLOCK_SIZE 128
|
||||
#define WC_SHA512_DIGEST_SIZE 64
|
||||
#define WC_SHA512_PAD_SIZE 112
|
||||
|
||||
WC_SHA512_224_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
|
||||
WC_SHA512_224_DIGEST_SIZE = 28,
|
||||
WC_SHA512_224_PAD_SIZE = WC_SHA512_PAD_SIZE,
|
||||
#define WC_SHA512_224_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
|
||||
#define WC_SHA512_224_DIGEST_SIZE 28
|
||||
#define WC_SHA512_224_PAD_SIZE WC_SHA512_PAD_SIZE
|
||||
|
||||
WC_SHA512_256_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
|
||||
WC_SHA512_256_DIGEST_SIZE = 32,
|
||||
WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE
|
||||
};
|
||||
#define WC_SHA512_256_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
|
||||
#define WC_SHA512_256_DIGEST_SIZE 32
|
||||
#define WC_SHA512_256_PAD_SIZE WC_SHA512_PAD_SIZE
|
||||
|
||||
|
||||
#if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
|
||||
@@ -321,12 +319,10 @@ WOLFSSL_API int wc_Sha512_256Transform(wc_Sha512* sha,
|
||||
#endif
|
||||
|
||||
/* in bytes */
|
||||
enum {
|
||||
WC_SHA384 = WC_HASH_TYPE_SHA384,
|
||||
WC_SHA384_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
|
||||
WC_SHA384_DIGEST_SIZE = 48,
|
||||
WC_SHA384_PAD_SIZE = WC_SHA512_PAD_SIZE
|
||||
};
|
||||
#define WC_SHA384 WC_HASH_TYPE_SHA384
|
||||
#define WC_SHA384_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
|
||||
#define WC_SHA384_DIGEST_SIZE 48
|
||||
#define WC_SHA384_PAD_SIZE WC_SHA512_PAD_SIZE
|
||||
|
||||
|
||||
#ifndef WC_SHA384_TYPE_DEFINED
|
||||
|
||||
Reference in New Issue
Block a user