Commit Graph

93 Commits

Author SHA1 Message Date
David Garske 4c75a866d9 Add inline documentation for missing macros and fix spelling errors 2026-03-16 17:09:13 -07:00
Daniel Pouzzner 58f48a96bf Merge pull request #9836 from Frauschi/pkcs11_dilithium
Add support for ML-DSA in PKCS#11
2026-03-05 15:22:10 -06:00
Tobias Frauenschläger ad22f9a37c Support for ML-DSA in PKCS#11
Offload ML-DSA operations onto a PKCS#11 token via the cryptoCb
interface:
* Key generation
* Signature generation
* Signature verification
* Key import

Both the pure and pre-hash versions are supported. Not yet supported are
the pre-hash versions that also offload the hashing onto the token.

This also fixes casting errors introduced in #9780 due to usage of
uintptr_t, which is unavailable without including stdint.h on some
platforms. Use the wolfssl own wc_ptr_t instead.
2026-03-02 11:45:11 +01:00
David Garske 0dffc8abff Fixes for async and crypto callbacks 2026-02-27 14:35:03 -08:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Sameeh Jubran 425dc1372d cryptocb: add AES CryptoCB key import support and tests
Add CryptoCB-based AES key import support to enable Secure Element
offload without exposing raw AES key material to wolfCrypt.

When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB
callback during AES key setup. Behavior is determined by the callback
return value:

- If callback returns 0: Key is imported to the device (aes->devCtx).
  Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated.
  Full hardware offload is assumed.

- If callback returns CRYPTOCB_UNAVAILABLE: Device does not support
  SetKey. Normal software path is used; key is copied to devKey for
  optional encrypt/decrypt acceleration.

- Any other error: Propagated to the caller.

Key points:
- Add wc_CryptoCb_AesSetKey() callback for AES key import
- Update AES SetKey paths to call CryptoCB and branch on return value
- Skip GCM H/M table generation when callback succeeded (devCtx set)
- Preserve existing behavior when devId is INVALID_DEVID or
  WOLF_CRYPTO_CB_AES_SETKEY is not defined

Testing:
- Add unit test for CryptoCB AES SetKey (verifies key isolation when
  callback succeeds)
- Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free
  via CryptoCB)
- Tests use a mock SE with software AES to validate routing

Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-03 16:59:02 +02:00
night1rider f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
night1rider 0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
night1rider 4d6418f31a Add crypto callback support for copy operations (SHA-256) 2025-10-20 10:06:30 -06:00
jordan 525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Marco Oliverio fc348da28f fix: escape error code operands 2025-10-06 14:47:13 +02:00
Marco Oliverio 9cbc3f97e5 cryptocb: sha512_family: try specific digest length hashtype first
If the cryptocb provider supports specific SHA512/224 and SHA512/256
hashtype, this commit allows to:

1. avoid a copy
2. do not touch the output buffer outside of the cryptocb handler

2 might be important for cryptocb provider that needs special handling
of memory buffer (DMA, memory mapping).
2025-10-06 11:42:23 +02:00
Brett Nicholas 26ed835ca1 fix HKDF test macro protection 2025-09-29 10:52:22 -06:00
Brett Nicholas 3c81fffedd Add HKDF cryptoCb and test 2025-09-29 10:16:01 -06:00
Hideki Miyazaki ccdef57e8e add sha224 cryptcb 2025-08-07 07:49:53 +09:00
David Garske 2db1669713 Merge pull request #8988 from JacobBarthelmeh/visibility
remove WOLFSSL_API in source code when already used in header file
2025-07-24 11:00:55 -07:00
JacobBarthelmeh 01cd91cbea removing more locations of WOLFSSL_API used with function implementations 2025-07-10 16:44:28 -06:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 111feedadc Add build guards on the crypto callback ECC items. 2025-06-24 09:41:32 -07:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
David Garske e1ec90a886 Fix for crypto callback without HMAC and DEBUG_CRYPTOCB. Fix guards on crypto cb hashing. 2025-03-27 16:42:24 -07:00
David Garske 2c36ae268f Merge pull request #8536 from SparkiDev/kyber_to_mlkem
Update Kyber APIs to ML-KEM APIs
2025-03-20 11:07:53 -07:00
Brett Nicholas 8e3e60e4e2 adds WC_NO_DEFAULT_DEVID to disallow automatic use of "default" devId 2025-03-12 16:53:25 -06:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Tobias Frauenschläger 9db5499dbd Update CryptoCb API for Dilithium final standard
Add context and preHash metadata.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Colton Willey 0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
Colton Willey 0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
Colton Willey 324b87614e Initial implementation for using PKCS11 to retrieve certificate for SSL CTX 2024-12-09 12:15:41 -08:00
Daniel Pouzzner ae0d73d9fd Merge pull request #8122 from miyazakh/tsip_rsa_private_enc
Implement TSIP RSA Public Enc/Private Dec
2024-11-16 16:12:51 -06:00
Daniel Pouzzner dd9f6378cb rename WOLFSSL_GLOBAL to WC_THREADSHARED, and refactor mutex handling in src/sniffer.c for consistency and correctness, also adding gating on !SINGLE_THREADED for efficiency;
add wc_static_assert in wolfcrypt/test/test.h to assure that WC_TEST_RET_ENC() can correctly handle all error codes.
2024-11-14 16:35:04 -06:00
David Garske 43879f961d Fix RSA TSIP to return the actual cipher or plain length on success. Fix crypto callback to properly support PKCSv1.5 sign/verify and encrypt/decrypt based on padding info. 2024-11-06 10:37:03 -08:00
Brett Nicholas 7592241a46 Merge pull request #8007 from billphipps/fix_cmac_cryptocb
Update to separate CMAC and AES conditional compiles.  Correct update.
2024-09-25 08:43:27 -06:00
Bill Phipps 13b26bc46b Update cryptocb.c to fix comment 2024-09-24 18:27:58 -04:00
Brett Nicholas 967dc443fa remove trailing whitespace 2024-09-24 12:58:01 -06:00
Bill Phipps c16ebaeb47 Update to seperate CMAC and AES conditional compiles. Correct update. 2024-09-23 15:33:52 -04:00
ZackLabPC 9881edfabe Crypto Callback Support for ARM ASM: AES-ECB/CBC, SHA-1/256/384/512 + Fix SP SHA CB Bug 2024-09-20 09:42:53 -06:00
night1rider 1cb324affa Expanding mutexing and Adding in AES Callbacks for HW 2024-09-20 09:42:53 -06:00
Colton Willey b7299a23c0 Add new crypto callback for RSA with padding. 2024-08-27 13:09:23 -07:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner b4e15d028c WOLF_CRYPTO_CB && WOLFSSL_SHA3: add FIPS gating to wc_CryptoCb_Sha3Hash() and test routine myCryptoDevCb(). 2024-06-22 11:20:53 -05:00
aidan garske 1ef9a8fe7c Added crypto callback for SHA3 and extended the test.c tests for it in cryptocb_test. 2024-06-20 14:15:28 -07:00
Sean Parkinson 3e3a00dafd Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
2024-06-19 21:27:01 +10:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
Tobias Frauenschläger 4d259da60a PQC: CryptoCb support for KEM algorithm Kyber
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:49 +01:00
Tobias Frauenschläger 8e6d151403 PQC: CryptoCb support for signature algorithms
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:38 +01:00
David Garske d9ac8b5422 Peer review fixes. Fix issues with Tls13HKDFExpandKeyLabel. Fix crypto callback line lengths. 2023-12-22 14:16:59 -08:00
David Garske fb5eab8f79 Fix one shot hash routines to attempt offloading to crypto callbacks. Fix random.c health test to use devId. Fix FIPS unused "ssl". 2023-12-19 11:20:56 -08:00
David Garske 205403ebb2 Add more information in the DEBUG_CRYPTOCB. 2023-12-18 17:11:16 -08:00