Commit Graph

2122 Commits

Author SHA1 Message Date
Chris Conlon 5d99079603 fix HAVE_SELFTEST build for CAVP selftest 2018-05-30 11:08:18 -06:00
David Garske fc482235b0 Improved the CryptoDev test to include example callback with context. 2018-05-30 09:11:44 -07:00
Kaleb Himes cc58d3160f Merge pull request #1579 from C-Treff/Tenasys_Review
time 64bit, test update
2018-05-29 14:06:44 -07:00
C-Treff 5d693b263d removed more tabs 2018-05-24 09:56:54 +02:00
C-Treff 06e9354629 removed tabs 2018-05-24 09:48:18 +02:00
C-Treff 1d281ce515 replace memset by XMEMSET
replaced memset with XMEMSET as requested by @dgarske

INtime project files cleanup
2018-05-24 09:35:46 +02:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
C-Treff cd9f86d921 time 64bit, test update
64bit settings for time is mandatory for INtime. Changed the project file.

Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage.
2018-05-23 10:33:56 +02:00
Sean Parkinson 3bb4949e02 Improve coverage
Renumber errors in test.c to be unique.
Fix stack usage to work in --enable-distro --enable-stacksize builds.
2018-05-23 16:24:23 +10:00
David Garske 85511067e4 Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option ./configure --enable-cryptodev or #define WOLF_CRYPTO_DEV. Added devId support to PKCS7. 2018-05-21 14:31:08 -07:00
Sean Parkinson d63da10c96 ForceZero - align 64-bit access on Intel 64-bit
Test added to ensure ForceZero works.
2018-05-18 10:38:21 +10:00
John Safranek 6a31f103aa Test Fixes
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
2018-05-16 15:47:13 -04:00
John Safranek 12edf80e2b FIPS Revalidation
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
2018-05-16 15:47:13 -04:00
John Safranek 20d8a4a376 FIPS Revalidation
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
2018-05-16 15:47:13 -04:00
John Safranek 4f1dd3b9a7 Test Fixes
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
2018-05-16 15:47:13 -04:00
John Safranek eea4d6da50 Test Fixes
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
2018-05-16 15:47:12 -04:00
John Safranek 8fb3a0c078 FIPS Revalidation
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
2018-05-16 15:47:12 -04:00
John Safranek 6796ab5f8c FIPS Revalidation
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
2018-05-16 15:47:12 -04:00
John Safranek 6d7599cf47 FIPS Revalidation
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
2018-05-16 15:47:12 -04:00
John Safranek 3685b7b176 Test Fixes
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-05-16 15:47:12 -04:00
John Safranek 4b3933aa1b FIPS Revalidation
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
2018-05-16 15:47:12 -04:00
John Safranek 4bcd7b7986 AES-GCM
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
2018-05-16 15:47:12 -04:00
John Safranek fe8d46da95 FIPS Revalidation
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
2018-05-16 15:47:12 -04:00
toddouska 3ad708fb20 Merge pull request #1514 from dgarske/certdates
Enhancements and cleanup to ASN date/time
2018-04-30 11:14:38 -07:00
David Garske fc02003f76 Added new signature wrapper functions to allow direct use of hash wc_SignatureVerifyHash and wc_SignatureGenerateHash. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC. 2018-04-25 13:10:53 -07:00
David Garske 65c9277213 More fixes from Jenkins testing. 2018-04-24 14:01:33 -07:00
David Garske 56025f38b9 Enhancements and cleanup to ASN date/time:
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
2018-04-24 13:04:36 -07:00
Eric Blankenhorn a0d8327320 Coverity fixes 2 (#1493)
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
David Garske 83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00
David Garske f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
David Garske ede006b3e1 Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
Jacob Barthelmeh 815219b589 fix pic32 AES-CBC and add test case 2018-04-04 16:09:11 -06:00
David Garske 0c898f513d Nitrox V fixes and additions:
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
Takashi Kojo c60d9ff983 if(ret != 1) error 2018-04-01 13:27:08 +09:00
Takashi Kojo 1c0b84d47d openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1; 2018-04-01 12:13:18 +09:00
David Garske c9d840ed8d Fix for the HAVE_THEAD_LS case with FP_ECC where starting a new thead and doing ECC operations and not calling wc_ecc_fp_free. Added missing wolfCrypt_Init to API docs. 2018-03-27 14:29:39 -07:00
Chris Conlon d2aa7d0a37 exclude ecc_import_unsigned test when building for CAVP selftest 2018-03-23 16:31:17 -06:00
David Garske 3bf325290d Base16/64 improvements:
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 10:36:56 -07:00
David Garske 59aa893260 Cleanup ECC point import/export code. Added new API wc_ecc_import_unsigned to allow importing public x/y and optional private as unsigned char. Cleanup wc_ecc_sign_hash to move the hardware crypto code into a separate function. Added missing tests for wc_ecc_export_public_raw, wc_ecc_export_private_raw and new test for wc_ecc_import_unsigned. 2018-03-19 13:28:57 -07:00
Sean Parkinson c4dfa41088 SP improvements
Tag functions to not be inlined so llvm doesn't make huge builds.
Add sp_mod to support new DH key generation function.
2018-03-13 14:16:48 +10:00
Jacob Barthelmeh df1c73c8e5 check for case that BER to DER API is available 2018-03-01 18:00:52 -07:00
toddouska 73dbc8f6e7 Merge pull request #1395 from JacobBarthelmeh/Certs
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-26 08:39:58 -08:00
Jacob Barthelmeh f2cbab95b0 change _EncodeName, add test with wc_MakeCertReq, add XMEMSET with Cert init 2018-02-23 17:22:48 -07:00
toddouska 22e55e72c1 Merge pull request #1394 from cconlon/selftest
Add CAVP-only Self Test for special build
2018-02-23 15:50:06 -08:00
Jacob Barthelmeh 453aa16e8d Add support for writing multiple OUs, DCs and for writing a unique EKU OID 2018-02-23 10:46:26 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
David Garske 6500c40015 Merge pull request #1386 from JacobBarthelmeh/RSA
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
2018-02-22 13:34:20 -08:00
Sean Parkinson 6bf5f06397 Fixes from code review 2018-02-22 14:59:19 +10:00