Commit Graph

275 Commits

Author SHA1 Message Date
Tesfa f83ea9a9d5 Fixed MINGW32 build errors 2018-10-03 13:58:51 -07:00
Sean Parkinson 8a5a03ea35 Support for PKCS#11
Support for RSA, ECDSA and AES-GCM operations.
2018-09-24 08:41:25 +10:00
Sean Parkinson 783c4a0c5e Make ALT_ECC_SIZE with SP work
Change to more relevant dynamic types in SP also.
2018-08-22 16:02:51 +10:00
Aaron Jense 93546694ca modify for readability 2018-08-16 17:04:32 -06:00
Aaron Jense aeb9ab8aea Combine if statements 2018-08-16 16:25:53 -06:00
Aaron Jense eb08c6f6fc Fix error with wolfCrypt-JNI having ECC_PRIVATEKEY_ONLY and d != NULL 2018-08-16 15:29:46 -06:00
David Garske cdff2869c2 Fixes for building with WC_NO_RNG (applies to wolfCrypt only builds). Tested with ./configure --enable-cryptonly CFLAGS="-DWC_NO_RNG" && make. 2018-08-14 18:53:25 -06:00
David Garske be33e69b22 Refactor to rename wc_ecc_export_int to wc_export_int for generic API for exporting an mp_int as hex string or unsigned bin. 2018-08-14 12:17:20 -06:00
David Garske c073aee87c Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT. 2018-08-14 12:05:22 -06:00
David Garske 0f86494161 * Added support for STM32L4 AES hardware crypto.
* Added reference PK callbacks functions for ECC sign, verify and shared secret used by TLS in `wolfcrypt/src/port/st/stsafe.c`.
* Fix for wolfcrypt_test to not require args to be provided.
* Fix for wolfCrypt `ecc_test_buffers` to poperly init ecc_key (resolves devId issue).
* Fix for STM32 AES CBC Decrypt with CubeMX, which was not capturing the first input block for next IV.
* Refactor to combine STM32 hardware init code.
2018-07-30 13:58:19 -07:00
David Garske efbabbfb29 Further improvements to hashing code to make sure wc_*Free is always called including wc_HashFree. Added new defines to disable PIC32MZ hardware features using NO_PIC32MZ_HASH, NO_PIC32MZ_RNG and NO_PIC32MZ_CRYPT. 2018-07-26 14:41:30 -07:00
Sean Parkinson 06b888a997 Fix for RSA_LOW_MEM and other configurations
Also cast return of XMALLOCs.
2018-07-23 08:47:11 +10:00
John Safranek c9434c5ad8 FIPS build and ECC fixes
1. The fips-check script was missing the ecc file when building the FIPSv2 test directory. The correct file was sent in for testing.
2. When building with ECC import validation enabled, one usage of the ALLOC_CURVE_SPECS macro had an extra parameter. (copy-and-paste error)
2018-07-19 10:02:14 -07:00
Sean Parkinson e6c22fbd85 Small stack support in ECC
Small stack builds now dynamically allocate large stack variables.
Cache option added to avoid repeated allocation of temporaries in add
points, double point and map.
Cached memory allocated in mulmod and mul2add.
2018-07-17 16:39:53 +10:00
Chris Conlon cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
Chris Conlon 0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska 5d767aa004 Merge pull request #1641 from ejohnstown/rename-inline
Rename INLINE
2018-06-27 09:34:41 -07:00
John Safranek 586874b997 Rename INLINE
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
2018-06-26 15:17:46 -07:00
toddouska d9b5948947 Merge pull request #1605 from dgarske/asyncfsanitize
Fixes for async to resolve runtime fsanitize issues
2018-06-26 14:27:07 -07:00
John Safranek e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
David Garske 64ba151c35 Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with ./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make and sudo ./tests/unit.test. 2018-06-22 09:30:25 -07:00
David Garske 5b2bb44bc8 Fixes for build with WOLFSSL_ATECC508A defined. 2018-06-13 20:10:01 -07:00
John Safranek 5e516cc2e0 Merge branch 'master' into fipsv2 2018-06-12 10:10:50 -07:00
John Safranek 7e9a32fffd FIPS Revalidation
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
2018-06-06 12:43:15 -07:00
Sean Parkinson 9b9568d500 Change ECDSA signing to use blinding. 2018-06-06 11:52:04 +10:00
David Garske 5eca844e01 Fix for possible leak with normal math and verify fail for R and S in ECC verify. 2018-06-04 11:05:14 -07:00
toddouska 70b3ba1c04 Merge pull request #1591 from ejohnstown/release-3.15.0
Release v3.15.0 Preparation
2018-05-31 12:07:43 -07:00
John Safranek 8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
David Garske 33d416a060 Fix two more scan-build issues with set but not used. 2018-05-30 13:23:08 -07:00
David Garske d7b560f2ab Fix for scan-build warning about value being stored and not used. Changed the wc_RsaFunction API to public. Added ability to expose wc_RsaDirect with new define WC_RSA_DIRECT. 2018-05-30 12:44:55 -07:00
David Garske 85511067e4 Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option ./configure --enable-cryptodev or #define WOLF_CRYPTO_DEV. Added devId support to PKCS7. 2018-05-21 14:31:08 -07:00
John Safranek 12edf80e2b FIPS Revalidation
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
2018-05-16 15:47:13 -04:00
John Safranek 1ff4ea1ec9 Test Fixes
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.

This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
2018-05-16 15:47:13 -04:00
John Safranek 90a5bde0f2 FIPS Revalidation
1. Update the const data and code segment tags for the Windown builds.
2018-05-16 15:47:12 -04:00
Eric Blankenhorn 568d24c63c Coverity fixes (#1509)
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
David Garske a78c6ba4ea Fix for unused heap warnings. 2018-04-04 12:51:45 -07:00
David Garske 0c898f513d Nitrox V fixes and additions:
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
toddouska 9f231e0020 Merge pull request #1453 from dgarske/ecc508a_linux
Support for building with `WOLFSSL_ATECC508A` on other targets
2018-03-27 09:57:39 -07:00
toddouska a92696edec Merge pull request #1454 from dgarske/noprivkey
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
2018-03-22 12:47:22 -07:00
David Garske 0cff2f8b10 Replace use of PUB_KEY_SIZE (from CryptoAuthLib) with new ECC_MAX_CRYPTO_HW_PUBKEY_SIZE. 2018-03-22 09:45:27 -07:00
toddouska 2a356228be Merge pull request #1445 from SparkiDev/wpas_fix
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
David Garske dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
David Garske 59aa893260 Cleanup ECC point import/export code. Added new API wc_ecc_import_unsigned to allow importing public x/y and optional private as unsigned char. Cleanup wc_ecc_sign_hash to move the hardware crypto code into a separate function. Added missing tests for wc_ecc_export_public_raw, wc_ecc_export_private_raw and new test for wc_ecc_import_unsigned. 2018-03-19 13:28:57 -07:00
Sean Parkinson b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
David Garske 9ccf876a21 Added new ECC API wc_ecc_rs_raw_to_sig to take raw unsigned R and S and encodes them into ECDSA signature format. 2018-03-14 10:59:25 -07:00
David Garske a4000ba196 Merge pull request #1418 from SparkiDev/sp_armasm
Add assembly code for ARM and 64-bit ARM
2018-03-07 09:18:16 -08:00
Sean Parkinson 89182f5ca9 Add assembly code for ARM and 64-bit ARM
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
David Garske d75b3f99ac Proper fix for Pluton ECC sign. 2018-03-05 15:29:34 -08:00
toddouska 53c0bf6a20 Merge pull request #1408 from JacobBarthelmeh/Release
Testing in preparation for release
2018-03-02 10:12:27 -08:00
David Garske f6d770b5bd Fix for pluton ECC sign. 2018-03-02 07:57:22 +01:00