Commit Graph

1253 Commits

Author SHA1 Message Date
Daniel Pouzzner 8b3048a0ea wolfcrypt/test/test.c: smallstack refactors for pkcs7authenveloped_run_vectors(), pkcs7signed_run_vectors(), and pkcs7signed_run_SingleShotVectors(); typographic&whitespace cleanup. 2021-11-08 17:35:10 -06:00
Daniel Pouzzner 8f121e7752 file modes: clear inappropriate executable bits. 2021-11-08 17:28:11 -06:00
Sean Parkinson dd833807d8 Merge pull request #4523 from dgarske/nxp_se050_fixes
Fixes for NXP SE050 ECC create and key store id
2021-11-09 08:56:03 +10:00
David Garske 5a4577eb6c Merge pull request #4541 from SparkiDev/mp_hexchar_asm
SP, TFM: fixes
2021-11-08 14:49:02 -08:00
Sean Parkinson dc911b94e7 SP, TFM: fixes
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
2021-11-05 11:49:24 +10:00
David Garske d8faa22194 Fix for ecc_def_curve_test test changes. 2021-11-04 11:54:09 -07:00
Kareem 60a86157c7 Fix building with NO_ECC_KEY_EXPORT. 2021-11-03 16:03:26 -07:00
David Garske b84edb5c67 Fixes for NXP SE050 testing with hardware. 2021-11-03 12:47:07 -07:00
David Garske 8a8a6cf17f Merge pull request #4515 from kareem-wolfssl/zd13006
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-29 08:23:37 -07:00
Kareem 39c9fa96bc wc_scrypt: Code review feedback. 2021-10-28 15:02:53 -07:00
Juliusz Sosinowicz c162196b27 Add x509 name attributes and extensions to DER parsing and generation
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
John Safranek 75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner 85a8c06062 linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 31f13a7f41 wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner c0778e5ad9 gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 0f407b4bfc test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner b77000bcfb add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 67db7b7f32 fixes for issues identified by Jenkins run:
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner 87578262aa wolfcrypt smallstack refactors:
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
Daniel Pouzzner 2bf711341b wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 8de8af8b43 wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek b615309a7b update FFDHE4096 test with the updated usage 2021-10-26 20:24:26 -05:00
John Safranek b00b95ef6c Cofactor flag in wolfcrypt test needed a guard. 2021-10-26 20:24:26 -05:00
John Safranek f53a4db4e7 Unwind a few changes adding guards so it'll build with old FIPS. 2021-10-26 20:24:26 -05:00
John Safranek aa3fb6f0d0 Update visibility on a SP math function for DH. 2021-10-26 20:24:26 -05:00
John Safranek 04ffd2ab45 Fixes:
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek 3eaeaf3a57 Add sign/verify PCT to ECC. 2021-10-26 20:24:25 -05:00
John Safranek 908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00
John Safranek c0e6a55aaa Skip the small key DH test for SP and FFDHE builds. 2021-10-26 20:24:25 -05:00
John Safranek 2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
John Safranek f78887d2ab Add 'static' to the test vector arrays for the SSH KDF test. 2021-10-26 20:24:25 -05:00
John Safranek a967cbcb7b 56Ar3 Testing Updates
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
John Safranek 976402e04b RNG Update
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
2021-10-26 20:24:25 -05:00
John Safranek c47e354eed Add callback option for RNG seeding. 2021-10-26 20:24:25 -05:00
John Safranek c7ea896759 Add prototype for the ssh-kdf test in the wolfCrypt test. 2021-10-26 20:24:24 -05:00
John Safranek de4af35f89 KDF Update
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
Chris Conlon 5810e45cb7 fix CAVP selftest v2 build error in test.c 2021-10-26 10:33:05 -06:00
Sean Parkinson 905683c98c Merge pull request #4496 from dgarske/sniffer_keywatch
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
David Garske e4da9c6f48 Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA. 2021-10-22 14:29:06 -07:00
kaleb-himes 5859779ddf Check-in non-FIPS specific porting changes for OE22
Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
2021-10-22 15:01:14 -06:00
Hayden Roche 864f913454 Make several changes to support OpenSSH 8.5p1.
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00
David Garske 892685ac59 Merge pull request #4472 from utzig/ksdk-port-koblitz
nxp: ksdk: add support for Koblitz curves
2021-10-19 21:14:38 -07:00
Sean Parkinson d880403207 SP int: handle even modulus with exponentiation
Fix testing of mp_int to only call when implementation included.
2021-10-20 08:21:26 +10:00
David Garske d297a06c25 Fix for wolfCrypt test with custom curves without Brainpool. Tested all changes on NXP K82 LTC. 2021-10-19 13:12:12 -07:00
David Garske 498884eadb Fix for missing dhKeyFile and dhKeyPubFile with file system enabled, WOLFSSL_DH_EXTRA and USE_CERT_BUFFERS_2048 set. 2021-10-19 13:06:37 -07:00
Andrew Hutchings 97883d78ac Minor STM32F1 fixes
* Not all STM32 RTCs support subseconds in the time struct, so this is
  now ifdef'd using the only obvious define which exists when subseconds
  exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
  both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
2021-10-12 16:20:36 +01:00
David Garske 854512105f Merge pull request #4314 from SparkiDev/libkcapi
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
David Garske 9d2082f7e1 Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437)
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00