diff --git a/examples/server/server.c b/examples/server/server.c index 85de7610c1..166939e783 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2559,13 +2559,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case 270: echSuite = myoptarg; - /* parse alg id's ignoring overflows + /* parse alg id's * commas can be entered with no number to accept the default */ if (echSuite != NULL) { kemId = (word16)atoi(echSuite); for (; *echSuite != '\0' && *echSuite != ','; echSuite++); if (*echSuite != ',') { - LOG_ERROR("Expected two commas '%s'\n", myoptarg); + LOG_ERROR("Expected two commas in '%s'\n", myoptarg); XEXIT_T(EXIT_FAILURE); } echSuite++; @@ -2573,7 +2573,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) kdfId = (word16)atoi(echSuite); for (; *echSuite != '\0' && *echSuite != ','; echSuite++); if (*echSuite != ',') { - LOG_ERROR("Expected two commas'%s'\n", myoptarg); + LOG_ERROR("Expected two commas in '%s'\n", myoptarg); XEXIT_T(EXIT_FAILURE); } echSuite++; diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index f9ee11aff0..fd5f76a266 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -148,7 +148,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) if (ret == 0) { switch (kem) { #if defined(HAVE_ECC) -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: hpke->curveId = ECC_SECP256R1; hpke->Nsecret = WC_SHA256_DIGEST_SIZE; @@ -158,7 +158,8 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) break; #endif -#ifdef WOLFSSL_SHA384 +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: hpke->curveId = ECC_SECP384R1; hpke->Nsecret = WC_SHA384_DIGEST_SIZE; @@ -168,7 +169,8 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) break; #endif -#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: hpke->curveId = ECC_SECP521R1; hpke->Nsecret = WC_SHA512_DIGEST_SIZE; @@ -177,10 +179,9 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) hpke->Npk = 1 + hpke->Ndh * 2; break; #endif -#endif +#endif /* HAVE_ECC */ -#if defined(HAVE_CURVE25519) &&\ - (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: hpke->Nsecret = WC_SHA256_DIGEST_SIZE; hpke->kemDigest = WC_SHA256; @@ -189,8 +190,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) break; #endif -#if defined(HAVE_CURVE448) &&\ - (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: hpke->Nsecret = WC_SHA512_DIGEST_SIZE; hpke->kemDigest = WC_SHA512; @@ -209,7 +209,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) if (ret == 0) { switch (kdf) { -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if !defined(NO_SHA256) case HKDF_SHA256: hpke->Nh = WC_SHA256_DIGEST_SIZE; hpke->kdfDigest = WC_SHA256; @@ -278,26 +278,34 @@ int wc_HpkeGenerateKeyPair(Hpke* hpke, void** keypair, WC_RNG* rng) switch (hpke->kem) { #if defined(HAVE_ECC) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 32, (ecc_key*)*keypair, ECC_SECP256R1); break; +#endif + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 48, (ecc_key*)*keypair, ECC_SECP384R1); break; + #endif + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 66, (ecc_key*)*keypair, ECC_SECP521R1); break; + #endif #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: *keypair = XMALLOC(sizeof(curve25519_key), hpke->heap, DYNAMIC_TYPE_CURVE25519); @@ -310,8 +318,10 @@ int wc_HpkeGenerateKeyPair(Hpke* hpke, void** keypair, WC_RNG* rng) } break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = BAD_FUNC_ARG; break; @@ -350,13 +360,16 @@ int wc_HpkeSerializePublicKey(Hpke* hpke, void* key, byte* out, word16* outSz) ret = wc_ecc_export_x963_ex((ecc_key*)key, out, &tmpOutSz, 0); break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: ret = wc_curve25519_export_public_ex((curve25519_key*)key, out, &tmpOutSz, EC25519_LITTLE_ENDIAN); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: + /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -396,7 +409,7 @@ int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key, const byte* in, } break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: *key = XMALLOC(sizeof(curve25519_key), hpke->heap, DYNAMIC_TYPE_CURVE25519); @@ -409,7 +422,10 @@ int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key, const byte* in, } break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: + /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -438,14 +454,16 @@ void wc_HpkeFreeKey(Hpke* hpke, word16 kem, void* keypair, void* heap) wc_ecc_key_free((ecc_key*)keypair); break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: wc_curve25519_free((curve25519_key*)keypair); XFREE(keypair, heap, DYNAMIC_TYPE_CURVE25519); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: break; } @@ -753,7 +771,7 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey, byte* sharedSecret) { int ret; -#ifdef ECC_TIMING_RESISTANT +#if defined(ECC_TIMING_RESISTANT) && defined(HAVE_ECC) WC_RNG* rng; #endif word32 dh_len; @@ -814,15 +832,17 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey, #endif break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: ret = wc_curve25519_shared_secret_ex((curve25519_key*)ephemeralKey, (curve25519_key*)receiverKey, dh, &dh_len, EC25519_LITTLE_ENDIAN); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -1047,7 +1067,7 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey, #endif break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: #ifdef WOLFSSL_CURVE25519_BLINDING rng = wc_rng_new(NULL, 0, hpke->heap); @@ -1067,8 +1087,10 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey, #endif break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -1225,21 +1247,22 @@ WOLFSSL_LOCAL word16 wc_HpkeKemGetEncLen(word16 kemId) switch (kemId) { #if defined(HAVE_ECC) -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: return DHKEM_P256_ENC_LEN; #endif -#ifdef WOLFSSL_SHA384 +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: return DHKEM_P384_ENC_LEN; #endif -#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: return DHKEM_P521_ENC_LEN; #endif #endif /* HAVE_ECC */ -#if defined(HAVE_CURVE25519) && \ - (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: return DHKEM_X25519_ENC_LEN; #endif @@ -1254,18 +1277,19 @@ WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId) { switch (kemId) { #if defined(HAVE_ECC) -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: #endif -#ifdef WOLFSSL_SHA384 +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: #endif -#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: #endif #endif /* HAVE_ECC */ -#if defined(HAVE_CURVE25519) && \ - (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: #endif return 1; @@ -1280,7 +1304,7 @@ WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId) WOLFSSL_LOCAL int wc_HpkeKdfIsSupported(word16 kdfId) { switch (kdfId) { -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if !defined(NO_SHA256) case HKDF_SHA256: #endif #ifdef WOLFSSL_SHA384 diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ade14b78f0..7687c584f7 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -639,8 +639,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ - defined(WOLFSSL_AES_256) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); #endif #ifdef WC_SRTP_KDF @@ -2360,8 +2362,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("X963-KDF test passed!\n"); #endif -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ - defined(WOLFSSL_AES_256) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) PRIVATE_KEY_UNLOCK(); if ( (ret = hpke_test()) != 0) TEST_FAIL("HPKE test failed!\n", ret); @@ -31859,8 +31863,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void) #endif /* HAVE_X963_KDF */ #if defined(HAVE_HPKE) && \ - (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ - defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) static wc_test_ret_t hpke_test_single(Hpke* hpke) { @@ -32089,8 +32094,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) Hpke hpke[1]; WOLFSSL_ENTER("hpke_test"); -#if defined(HAVE_ECC) - #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if defined(HAVE_ECC) && defined(WOLFSSL_AES_128) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) /* p256 */ ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256, HPKE_AES_128_GCM, NULL); @@ -32104,8 +32109,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) return ret; #endif - #if (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) && \ - (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + !defined(NO_SHA256) && defined(WOLFSSL_SHA512) /* p256 with sha512 kdf */ ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA512, HPKE_AES_128_GCM, NULL); @@ -32120,8 +32125,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) #endif - #if defined(WOLFSSL_SHA384) && \ - (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) /* p384 */ ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384, HPKE_AES_128_GCM, NULL); @@ -32135,8 +32140,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) return ret; #endif - #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ - (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) /* p521 */ ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512, HPKE_AES_128_GCM, NULL); @@ -32150,8 +32155,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) return ret; #endif - #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) && \ - (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) /* p521 with sha384 kdf */ ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA384, HPKE_AES_128_GCM, NULL); @@ -32166,7 +32171,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) #endif #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) /* test with curve25519 and aes256 */ ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, HPKE_AES_256_GCM, NULL); @@ -32181,8 +32186,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) #endif -#if defined(HAVE_CURVE448) && \ - (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) && \ + defined(WOLFSSL_AES_256) /* test with curve448 and aes256 */ ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512, HPKE_AES_256_GCM, NULL); @@ -32203,7 +32208,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) return ret; } -#endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM && WOLFSSL_AES_256 */ +#endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && + HAVE_AESGCM */ #if defined(WC_SRTP_KDF) typedef struct Srtp_Kdf_Tv { diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index b1b1b5feb9..ddaea0f310 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -163,7 +163,10 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); #endif #ifdef WC_SRTP_KDF diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h index 558d7d8c53..c71619ccf7 100644 --- a/wolfssl/wolfcrypt/hpke.h +++ b/wolfssl/wolfcrypt/hpke.h @@ -31,7 +31,8 @@ extern "C" { #endif -#if defined(HAVE_HPKE) && defined(HAVE_ECC) +#if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_AESGCM) #ifndef WOLFCRYPT_HPKE #define WOLFCRYPT_HPKE @@ -136,7 +137,7 @@ WOLFSSL_LOCAL int wc_HpkeAeadIsSupported(word16 aeadId); #endif -#endif /* HAVE_HPKE && HAVE_ECC */ +#endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519) && HAVE_AESGCM */ #ifdef __cplusplus } /* extern "C" */