diff --git a/src/internal.c b/src/internal.c index e495407cd..3bd73b9f2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5057,6 +5057,10 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key, */ int Ed448CheckPubKey(WOLFSSL* ssl) { +#ifndef HAVE_ED448_KEY_IMPORT + (void)ssl; + return NOT_COMPILED_IN; +#else /* HAVE_ED448_KEY_IMPORT */ ed448_key* key = (ed448_key*)ssl->hsKey; int ret = 0; @@ -5083,6 +5087,7 @@ int Ed448CheckPubKey(WOLFSSL* ssl) } return ret; +#endif /* HAVE_ED448_KEY_IMPORT */ } /* Sign the data using EdDSA and key using Ed448. @@ -12680,7 +12685,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED448 + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case ED448k: { int keyRet = 0; @@ -12732,7 +12737,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->ecdhCurveOID = ECC_X448_OID; break; } - #endif /* HAVE_ED448 */ + #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ default: break; } @@ -21757,7 +21762,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) } } #endif /* HAVE_ED25519 */ -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); #endif @@ -21800,7 +21805,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) goto exit_dpk; } } -#endif /* HAVE_ED448 */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ (void)idx; (void)keySz; diff --git a/src/ssl.c b/src/ssl.c index 41bf31590..d4b01dcf3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5379,7 +5379,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #endif } #endif /* HAVE_ED25519 */ -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED448k)) { /* make sure Ed448 key can be used */ #ifdef WOLFSSL_SMALL_STACK @@ -5435,7 +5435,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der XFREE(key, heap, DYNAMIC_TYPE_ED448); #endif } -#endif /* HAVE_ED448 */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ return ret; } @@ -47476,7 +47476,14 @@ int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz, (void) pub; (void) pubSz; return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ +#elif !defined(HAVE_ED448_KEY_EXPORT) + WOLFSSL_MSG("No ED448 key export built in"); + (void) priv; + (void) privSz; + (void) pub; + (void) pubSz; + return WOLFSSL_FAILURE; +#else /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ int ret = WOLFSSL_FAILURE; int initTmpRng = 0; WC_RNG *rng = NULL; @@ -47535,7 +47542,7 @@ int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz, #endif return ret; -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ } /* return 1 if success, 0 if error @@ -47546,11 +47553,13 @@ int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, const unsigned char *priv, unsigned int privSz, unsigned char *sig, unsigned int *sigSz) { -#if !defined(HAVE_ED448_SIGN) || !defined(WOLFSSL_KEY_GEN) +#if !defined(HAVE_ED448_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT) #if !defined(HAVE_ED448_SIGN) WOLFSSL_MSG("No ED448 sign built in"); #elif !defined(WOLFSSL_KEY_GEN) WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED448_KEY_IMPORT) + WOLFSSL_MSG("No ED448 Key import built in"); #endif (void) msg; (void) msgSz; @@ -47559,7 +47568,7 @@ int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, (void) sig; (void) sigSz; return WOLFSSL_FAILURE; -#else /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN */ +#else /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ ed448_key key; int ret = WOLFSSL_FAILURE; @@ -47591,7 +47600,7 @@ int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, wc_ed448_free(&key); return ret; -#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN */ +#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ } /* return 1 if success, 0 if error @@ -47602,11 +47611,13 @@ int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz, const unsigned char *pub, unsigned int pubSz, const unsigned char *sig, unsigned int sigSz) { -#if !defined(HAVE_ED448_VERIFY) || !defined(WOLFSSL_KEY_GEN) +#if !defined(HAVE_ED448_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT) #if !defined(HAVE_ED448_VERIFY) WOLFSSL_MSG("No ED448 verify built in"); #elif !defined(WOLFSSL_KEY_GEN) WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED448_KEY_IMPORT) + WOLFSSL_MSG("No ED448 Key import built in"); #endif (void) msg; (void) msgSz; @@ -47615,7 +47626,7 @@ int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz, (void) sig; (void) sigSz; return WOLFSSL_FAILURE; -#else /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN */ +#else /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ ed448_key key; int ret = WOLFSSL_FAILURE, check = 0; diff --git a/tests/api.c b/tests/api.c index bb2033531..441d50fdf 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20735,8 +20735,10 @@ static int test_wc_ed448_import_private_key (void) "Ed448PublicKeyUnitTest.................................\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); +#ifdef HAVE_ED448_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); +#endif ret = wc_InitRng(&rng); if (ret != 0) { @@ -21106,8 +21108,8 @@ static int test_wc_Ed448PublicKeyToDer (void) { int ret = 0; -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed448_key key; byte derBuf[1024]; @@ -24177,8 +24179,8 @@ static int test_wc_Ed25519PrivateKeyToDer (void) static int test_wc_Ed448KeyToDer (void) { int ret = 0; -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448Key; @@ -24242,8 +24244,8 @@ static int test_wc_Ed448KeyToDer (void) static int test_wc_Ed448PrivateKeyToDer (void) { int ret = 0; -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448PrivKey; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 25f6bd2a2..93b9dc77d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3298,7 +3298,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, else #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ - #if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (ks == ED448k) { #ifdef WOLFSSL_SMALL_STACK ed448_key* key_pair = NULL; @@ -3556,7 +3556,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, XFREE(ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ -#if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT) if (*algoID != RSAk && *algoID != ECDSAk && *algoID != ED25519k) { ed448_key *ed448 = (ed448_key *)XMALLOC(sizeof *ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); if (ed448 == NULL) @@ -3577,7 +3577,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, } XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); } -#endif /* HAVE_ED448 && !NO_ASN_CRYPT */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */ /* if flag is not set then is neither RSA or ECC key that could be * found */ @@ -7786,7 +7786,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif - #ifdef HAVE_ED448 + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case ED448k: { sigCtx->verify = 0; @@ -12711,8 +12711,8 @@ int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output, word32 inLen, return SetEd25519PublicKey(output, key, withAlg); } #endif /* HAVE_ED25519 && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ -#if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ - defined(WOLFSSL_KEY_GEN)) +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) /* Write a public ECC key to output */ static int SetEd448PublicKey(byte* output, ed448_key* key, int with_header) @@ -12814,7 +12814,7 @@ int wc_Ed448PublicKeyToDer(ed448_key* key, byte* output, word32 inLen, return SetEd448PublicKey(output, key, withAlg); } -#endif /* HAVE_ED448 && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ #ifdef WOLFSSL_CERT_GEN @@ -13903,7 +13903,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (cert->keyType == ED448_KEY) { if (ed448Key == NULL) return PUBLIC_KEY_E; @@ -14660,7 +14660,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (cert->keyType == ED448_KEY) { if (ed448Key == NULL) return PUBLIC_KEY_E; @@ -15121,7 +15121,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, if (ed25519Key != NULL) bufferSz = SetEd25519PublicKey(buf, ed25519Key, 0); #endif -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) /* ED448 public key */ if (ed448Key != NULL) bufferSz = SetEd448PublicKey(buf, ed448Key, 0); @@ -17318,6 +17318,7 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen) #ifdef HAVE_ED448 +#ifdef HAVE_ED448_KEY_IMPORT int wc_Ed448PrivateKeyDecode(const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz) { @@ -17417,9 +17418,9 @@ int wc_Ed448PublicKeyDecode(const byte* input, word32* inOutIdx, return 0; } +#endif /* HAVE_ED448_KEY_IMPORT */ - -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED448_KEY_EXPORT) /* build DER formatted ED448 key, * return length on success, negative on error */ @@ -17492,7 +17493,7 @@ int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, word32 inLen) return wc_BuildEd448KeyDer(key, output, inLen, 0); } -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ #endif /* HAVE_ED448 */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 09dcd41a4..95dfdb574 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3862,7 +3862,7 @@ static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey #endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED448 -#ifdef HAVE_ED448_SIGN +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { @@ -3899,10 +3899,10 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, return ret; } -#endif /* HAVE_ED448_SIGN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ -#ifdef HAVE_ED448_VERIFY +#if defined(HAVE_ED448_VERIFY) && defined(HAVE_ED448_KEY_IMPORT) static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, const byte* msg, word32 msgSz, const byte* key, word32 keySz, int* result, void* ctx) @@ -3931,7 +3931,7 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, return ret; } -#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448_VERIFY && HAVE_ED448_KEY_IMPORT */ #endif /* HAVE_ED448 */ #ifdef HAVE_CURVE448 @@ -4455,11 +4455,11 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen); wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret); #endif - #ifdef HAVE_ED448 - #ifdef HAVE_ED448_SIGN + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + #if defined(HAVE_ED448_SIGN) wolfSSL_CTX_SetEd448SignCb(ctx, myEd448Sign); #endif - #ifdef HAVE_ED448_VERIFY + #if defined(HAVE_ED448_VERIFY) wolfSSL_CTX_SetEd448VerifyCb(ctx, myEd448Verify); #endif #endif diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 01af995ba..647796e65 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -580,17 +580,23 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #ifdef HAVE_ED448 /* private key helpers */ +#ifdef HAVE_ED448_KEY_IMPORT WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*, ed448_key*, word32); +#endif + +#ifdef HAVE_ED448_KEY_EXPORT WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, word32 inLen); +#endif /* public key helper */ WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*, ed448_key*, word32); - #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \ + defined(HAVE_ED448_KEY_EXPORT) WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output, word32 inLen, int with_AlgCurve); #endif diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index cb317111e..50818e1f1 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -158,6 +158,8 @@ WOLFSSL_API int wc_ed448_init(ed448_key* key); WOLFSSL_API void wc_ed448_free(ed448_key* key); + +#ifdef HAVE_ED448_KEY_IMPORT WOLFSSL_API int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key); WOLFSSL_API @@ -166,6 +168,9 @@ int wc_ed448_import_private_only(const byte* priv, word32 privSz, WOLFSSL_API int wc_ed448_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed448_key* key); +#endif /* HAVE_ED448_KEY_IMPORT */ + +#ifdef HAVE_ED448_KEY_EXPORT WOLFSSL_API int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen); WOLFSSL_API @@ -175,6 +180,7 @@ int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); +#endif /* HAVE_ED448_KEY_EXPORT */ WOLFSSL_API int wc_ed448_check_key(ed448_key* key);