Commit Graph

11274 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9db5499dbd Update CryptoCb API for Dilithium final standard
Add context and preHash metadata.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
Tobias Frauenschläger be6888c589 Fixes for Dilithium in TLS handshake
Some fixes to better handle Dilithium keys and signatures in the TLS
handshake.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
Jiri Malak 17a0081261 correct line length to be shorter then 80 characters 2025-02-26 08:02:43 +01:00
Sean Parkinson 9e9efeda28 ARM ASM: available for SHA-384 only too
Add HAVE_SHA384 to check for whether assembly code is available.
2025-02-26 16:10:21 +10:00
Sean Parkinson 4752bd2125 Constant time code: improved implementations
Change constant time code to be faster.
2025-02-26 11:52:09 +10:00
Jiri Malak ddfbbc68ac various fixes for Open Watcom build
- fix build for OS/2
- fix build for Open Watcom 1.9
2025-02-25 22:52:36 +01:00
David Garske 3557cc764a Merge pull request #8501 from SparkiDev/digest_test_rework
Digest testing: improve
2025-02-25 13:03:48 -08:00
Marco Oliverio dfc5e61508 asn: ocsp: refactor out CERT ID decoding
It will be reused in d2i_CERT_ID
2025-02-25 20:20:34 +00:00
David Garske 4eda5e1f7f Merge pull request #8491 from jmalak/winsock-guard
correct comment for _WINSOCKAPI_ macro manipulation
2025-02-25 09:51:23 -08:00
Marco Oliverio c24b7d1041 ocsp: use SHA-256 for responder name if no-sha 2025-02-25 15:42:27 +00:00
Marco Oliverio 8b80cb10d6 ocsp: responderID.ByKey is SHA-1 Digest len
Check that responderID.ByKey is exactly WC_SHA_DIGEST_SIZE as per RFC
6960. KEYID_SIZE can change across build configuration.
2025-02-25 15:42:22 +00:00
Reda Chouk 9178c53f79 Fix: Address and clean up code conversion in various files. 2025-02-25 11:17:58 +01:00
Sean Parkinson 6016cc0c97 Digest testing: improve
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.

Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.

Add default digest size enums for Blake2b and Blake2s.
2025-02-25 19:07:20 +10:00
Daniel Pouzzner 0116ab6ca2 Merge pull request #8484 from jmalak/offsetof
Rename OFFSETOF macro to WolfSSL specific WC_OFFSETOF name
2025-02-23 14:45:43 -06:00
Jiri Malak d066e6b9a5 correct comment for _WINSOCKAPI_ macro manipulation
The issue is with MINGW winsock2.h header file which is not compatible
with Miscrosoft version and handle _WINSOCKAPI_ macro differently
2025-02-23 11:15:38 +01:00
Jiri Malak 1d1ab2d9ff Rename OFFSETOF macro to WolfSSL specific WC_OFFSETOF name
There are the following reasons for this
- it conflicts with the OFFSETOF macro in the OS/2 header (Open Watcom)
- it is compiler-specific and should use the C standard offsetof definition in the header file stddef.h
- it is more transparent unique name
2025-02-22 09:44:54 +01:00
David Garske 29c3ffb5ee Merge pull request #8435 from JacobBarthelmeh/formatting
add else case to match with other statements
2025-02-21 17:21:10 -08:00
JacobBarthelmeh 8ae122584c Merge pull request #8482 from douzzer/20250220-misc-UnalignedWord64
20250220-misc-UnalignedWord64
2025-02-20 17:26:44 -07:00
Daniel Pouzzner a05436066d wolfcrypt/test/test.c: fix return values in camellia_test() (also fixes some false positive -Wreturn-stack-addresses from clang++). 2025-02-20 16:50:24 -06:00
Daniel Pouzzner 41b4ac5599 misc.c: undo changes in 82b50f19c6 "when Intel x64 build, assume able to read/write unaligned" -- provokes sanitizer on amd64, and is not portable (e.g. different behavior on Intel vs AMD). all performance-sensitive word64 reads/writes should be on known-aligned data. 2025-02-20 15:00:22 -06:00
Sean Parkinson e90e3aa7c6 Intel AVX1/SSE2 ASM: no ymm/zmm regs no vzeroupper
vzeroupper instruction not needed to be invoked unless ymm or zmm
registers are used.
2025-02-20 22:35:20 +10:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
2025-02-20 08:14:15 +10:00
David Garske 268326d875 Merge pull request #8408 from rizlik/ocsp-resp-refactor
OpenSSL Compat Layer: OCSP response improvments
2025-02-19 11:20:12 -08:00
Daniel Pouzzner 597b839217 Merge pull request #8468 from jmalak/fix-test-c89
correct test source file to follow C89 standard
2025-02-19 11:23:48 -06:00
JacobBarthelmeh 373a7d462a Merge pull request #8472 from SparkiDev/ed25519_fix_tests
Ed25519: fix tests to compile with feature defines
2025-02-19 09:53:10 -07:00
Sean Parkinson 331a713271 Ed25519: fix tests to compile with feature defines
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
2025-02-19 17:41:03 +10:00
Jiri Malak 3c74be333e correct test source file to follow C89 standard
for OpenSSL interface
2025-02-18 22:12:11 +01:00
Daniel Pouzzner 258afa5493 wolfcrypt/src/pkcs7.c: in PKCS7_EncodeSigned(), check for error from SetSerialNumber(). 2025-02-17 18:05:04 -06:00
JacobBarthelmeh 3e38bdcd2c Merge pull request #8450 from dgarske/stm32_pka_ecc521
Fix for STM32 PKA ECC 521-bit support
2025-02-17 08:27:45 -08:00
Marco Oliverio a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio c1c9af5cb6 minor: improve indentation of guards 2025-02-17 08:59:29 +00:00
Marco Oliverio 2c2eb2a285 ocsp: improve OCSP response signature validation
- search for the signer in the CertificateManager if the embedded cert
  verification fails in original asn template.
2025-02-17 08:59:29 +00:00
Marco Oliverio 851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
2025-02-17 08:58:03 +00:00
Marco Oliverio b7f08b81a6 ocsp: adapt ASN original to new OCSP response refactor 2025-02-17 08:58:03 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
2025-02-17 08:58:03 +00:00
Marco Oliverio dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
Daniel Pouzzner 60c1558142 Merge pull request #8447 from dgarske/memleak
Fixed possible memory leaks
2025-02-14 00:26:09 -06:00
Daniel Pouzzner e806bd76bb Merge pull request #8445 from SparkiDev/perf_improv_1
Performance improvements
2025-02-13 23:25:47 -06:00
David Garske 86c3ee1a9d Fix for STM32 PKA ECC 521-bit support. Issue was 65 vs 66 buffer check. ZD 19379 2025-02-13 16:41:42 -08:00
David Garske 746aa9b171 Merge pull request #8443 from ColtonWilley/add_cert_rel_prefix
Add a cert relative prefix option for tests
2025-02-13 14:48:06 -08:00
David Garske f943f6ff5c Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414. 2025-02-13 08:20:37 -08:00
David Garske db0fa304a8 Merge pull request #8436 from SparkiDev/mlkem_cache_a
ML-KEM/Kyber: cache A from key generation for decapsulation
2025-02-12 17:29:38 -08:00
David Garske 846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding
Curve25519: add blinding when using private key
2025-02-12 16:20:51 -08:00
Sean Parkinson 9253d1d3ac ML-KEM/Kyber: cache A from key generation for decapsulation
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
  1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
2025-02-13 10:12:05 +10:00
Sean Parkinson bfd52decb6 Performance improvements
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-13 09:55:55 +10:00
Sean Parkinson bb84ebfd7a Curve25519: add blinding when using private key
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
2025-02-13 08:52:35 +10:00
David Garske 0e474fc673 Merge pull request #8437 from LinuxJedi/SE050-changes
Minor SE050 improvements
2025-02-12 14:50:36 -08:00
Colton Willey ddf7bfcb8f Add a cert relative prefix option for tests 2025-02-12 13:59:23 -08:00