Commit Graph

84 Commits

Author SHA1 Message Date
Sean Parkinson 284ebacc57 Merge pull request #4916 from JacobBarthelmeh/hsm
Add SECO use and expand cryptodev
2022-04-07 10:21:32 +10:00
David Garske b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
JacobBarthelmeh 55b42dd85a Add SECO use and expand cryptodev 2022-03-17 12:04:52 -06:00
David Garske 7fca031346 Remove duplicate code in wc_HmacFree (looks like past merge error). 2021-11-05 08:20:39 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
David Garske 89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
JacobBarthelmeh df2e0905e0 Merge pull request #3874 from dgarske/cryptocb_devctx
Fixes for for crypto callbacks (SHA1, HMAC and CMAC)
2021-03-16 21:26:50 +07:00
toddouska 3ac03d3d66 Merge pull request #3805 from JacobBarthelmeh/copyright
update copyright date to 2021
2021-03-15 16:16:50 -07:00
David Garske 697d34c80d Fix for for crypto callback devCtx on symmetric algorithms (missing for SHA1 and CMAC). Fix for HMAC to use devId for hashing. Fixes for CMAC crypto callbacks and testing. 2021-03-12 11:49:25 -08:00
Sean Parkinson a55e94cf6f ECCSI and SAKKE: add support
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
David Garske 428c6b4301 Merge pull request #3523 from SparkiDev/pkcs11_fixes_2
Pkcs11 fixes 2
2020-12-14 14:09:26 -08:00
Daniel Pouzzner 1fc2c7714c hmac.c: include wc_port.h rather than settings.h, to pick up WOLFSSL_LINUXKM namespace tweaks. 2020-12-10 14:16:21 -06:00
Sean Parkinson 5ca8e8f87c PKCS#11: Label fixes and add support for checking private key
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
2020-11-27 08:37:16 +10:00
Sean Parkinson 19f10cd382 PKCS #11: implement identifying keys by label 2020-11-27 08:31:45 +10:00
Tesfa Mael b39e384cfd Review comment 2020-05-07 13:39:53 -07:00
Tesfa Mael 2ab478f8fd Check length of output <= 255*HashLen 2020-05-06 15:47:39 -07:00
John Safranek 9fe2ddacf4 HMAC Init
1. wc_HmacSetKey() has a check against the hmac's type that assumes one
has called wc_HmacInit() on the object first. In FIPS Ready builds we
do not have wc_HmacInit() in the boundary. This change removes that check
and action when making a FIPS build. The free called doesn't do anything
in the FIPS build case.
2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType
against that rather than 0. There are some build configs where none isn't
0.
2020-03-05 13:38:02 -08:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
John Safranek 14c986360d Maintenance BLAKE2
1. Remove BLAKE2 support from HMAC.
2. Update doxy header for HMAC with removal of BLAKE2 and addition of SHA-3.
2019-11-18 10:45:30 -08:00
David Garske 58fe2781f1 Fix for wc_CryptoCb_AesCbcEncrypt with improper find device logic. Fix for HMAC scan-build with ret. Cleanup of HMAC formatting. 2019-07-02 14:08:59 -07:00
John Safranek 246c444b93 Updates for v4.0.0
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
David Garske 68c04a95e0 Refactor of the crypto callback return code for cases when unavailable to use new error code CRYPTOCB_UNAVAILABLE. Retains support for original NOT_COMPILED_IN error code. Added new CRYPTO_CB_VER define for helping applications handle/detect changes to crypto callback interface (currently no way to determine changes at build-time between release cycles). 2019-03-08 16:50:45 -08:00
Sean Parkinson 700e9896d4 PKCS #11 support for HMAC with MD5, SHA, SHA-2 2019-02-26 09:22:03 +10:00
David Garske d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
David Garske e7b23646a5 Updates to HMAC crypto callback support to capture raw KEY and require hmac struct. 2019-02-12 16:03:10 -08:00
David Garske 88d3abb1e6 Added Crypto callback HMAC support. 2019-02-12 16:03:10 -08:00
Jacob Barthelmeh f0a3045d62 af_alg sha3 addition
hardware acceleration with RSA

add AES-GCM hardware acceleration

refactor setting RSA IV flag

check and set AF_ALG flags

fix for default AF_ALG use

set buffer alignment with Xilinx RSA

macro guard after rebase

use ALIGN64

clean up test cases
2019-01-18 16:25:24 -07:00
JacobBarthelmeh cb756397b3 inital AES-CBC with af_alg
progress on AES-GCM with AF_ALG and add SHA256

add aes-gcm test cases and finish logic of aes-gcm with AF_ALG

formating of tabs and white space

add files to dist

adding ecb and ctr mode with af_alg

make length of buffers for ctr be AES_BLOCK_SIZE

formating and add support for sha256 copy/gethash

sanity checks on arguments

cast return values and valgrind tests

make it easier to use sha256 with af_alg

remove hard tabs

add endif for after rebase
2018-08-01 08:54:20 -06:00
David Garske efbabbfb29 Further improvements to hashing code to make sure wc_*Free is always called including wc_HashFree. Added new defines to disable PIC32MZ hardware features using NO_PIC32MZ_HASH, NO_PIC32MZ_RNG and NO_PIC32MZ_CRYPT. 2018-07-26 14:41:30 -07:00
Sean Parkinson 9433fcb820 Allow SHA384 to be compiled in without SHA512 2018-07-20 09:42:01 +10:00
Sean Parkinson 88a2531652 Cache the data allocated in SHA-2 Transform functions
SHA-2 algorithms allocate W each call to transform when using
WOLFSSL_SMALL_STACK.
Put a pointer into the SHA-2 object to cache W.
Change code to call the SHA-2 Free functions now that they are required.
Only cache when WOLFSSL_SMALL_STACK_CACHE is defined.
2018-07-17 09:17:39 +10:00
John Safranek 27470aa704 FIPS Revalidation/Test Fixes
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
2018-05-16 15:47:12 -04:00
John Safranek df4d748f59 FIPS Update
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
2018-05-16 15:47:12 -04:00
David Garske c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00
David Garske 0c898f513d Nitrox V fixes and additions:
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
John Safranek e48eb1ded8 added hmac-sha-3 2018-02-12 13:24:06 -08:00
Takashi Kojo b3ab0a9c11 simplify visibility control 2018-01-16 14:59:50 -07:00
Takashi Kojo dce628ae8e Eliminate dup _InitHmac 2018-01-16 14:59:48 -07:00
David Garske 481f4765eb Cleanup to remove duplicate MAX_DIGEST_SIZE in hmac.h and refactor to use WC_MAX_DIGEST_SIZE. Cleanup for HMAC to include hash.h and refactor HMAC_BLOCK_SIZE to WC_HMAC_BLOCK_SIZE. Fix build warning in benchmark.c with unused variable if features are disabled. 2018-01-11 09:52:49 -08:00
Jacob Barthelmeh 5fa9455bf9 add CAAM with INTEGRITY support 2017-12-20 11:16:11 -07:00
David Garske 7f30397252 Remove execute bit on all code files. 2017-10-23 11:16:40 -07:00
David Garske 911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske 02ee22e73b Support for mapping to new names with old for FIPS build. Fix to revert HMAC SHA224 type check, since SHA224 type isn't in FIPS wolfCrypt. 2017-10-16 09:57:22 -07:00
David Garske 6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
kaleb-himes 63e8d63943 Update following review 2017-09-15 10:52:33 -06:00
kaleb-himes 1f7d73f626 NULL plaintext input is supported in FIPS testing 2017-09-14 20:14:21 -06:00
David Garske c06e672eb7 Added missing AES/DES3/HMAC init functions for helping with valgrind reports on unitialized use for async markers. 2017-08-17 09:58:46 -07:00
David Garske 4e735631e7 Fixes for PIC32MZ:
* Adds crypto HW support for AES Direct and AES CCM.
* Fixes to enable PIC32MZ hardware hashing where updates are cached via heap buffer and final performs single operations against hardware.
* Fix for benchmark with 1024-bit certs passing in wrong size for `wc_RsaPrivateDecrypt` when using `USE_CERT_BUFFERS_1024`.
* Fix to resolve missing `strncasecmp` for the Microchip XC32. Workaround to use case sensitive version instead. This error occurred when building with HAVE_ECC defined in Harmony with XC32.
* Cleanup of the PIC32MZ crypto and hashing hardware code. Replace `pic32mz-hash.c` with `pic32mz-crypt.c`
* Add user_settings.h for mplabx and mcapi examples.
* Sync up with Harmony changes for MCAPI.
2017-08-01 12:42:09 -07:00
David Garske b7dac4911b Fix for using Async and HMAC when its not Intel QuickAssist. 2017-07-21 11:43:01 -07:00