diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index b75d35ebb1..0f14b46474 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4992,6 +4992,145 @@ void bench_rng(void) #endif /* WC_NO_RNG */ +/* ============================================================================ + * Benchmark init helpers -- use id[] when WC_TEST_*_ID is defined and + * useDeviceID is true, else plain init. + * ========================================================================= */ + +/* --- AES CBC --- */ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID) +static unsigned char benchAesCbcId[] = WC_TEST_AES_CBC_ID; +static int benchAesCbcIdLen = (int)sizeof(benchAesCbcId); +#endif + +static WC_MAYBE_UNUSED int bench_AesCbcInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID) + return wc_AesInit_Id(aes, benchAesCbcId, benchAesCbcIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} +#endif /* !NO_AES && HAVE_AES_CBC */ + +/* --- AES GCM --- */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID) +static unsigned char benchAesGcmId[] = WC_TEST_AES_GCM_ID; +static int benchAesGcmIdLen = (int)sizeof(benchAesGcmId); +#endif + +static WC_MAYBE_UNUSED int bench_AesGcmInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID) + return wc_AesInit_Id(aes, benchAesGcmId, benchAesGcmIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} +#endif /* !NO_AES && HAVE_AESGCM */ + +/* --- RSA --- */ +#if !defined(NO_RSA) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID) +static unsigned char benchRsaPrivId[] = WC_TEST_RSA_PRIV_ID; +static int benchRsaPrivIdLen = (int)sizeof(benchRsaPrivId); +#endif + +static WC_MAYBE_UNUSED int bench_RsaInit(RsaKey* key, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID) + return wc_InitRsaKey_Id(key, benchRsaPrivId, benchRsaPrivIdLen, heap, + declaredDevId); +#else + return wc_InitRsaKey_ex(key, heap, declaredDevId); +#endif +} +#endif /* !NO_RSA */ + +/* --- CMAC --- */ +#ifdef WOLFSSL_CMAC +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) +static unsigned char benchCmacId[] = WC_TEST_CMAC_ID; +static int benchCmacIdLen = (int)sizeof(benchCmacId); +#endif + +static WC_MAYBE_UNUSED int bench_CmacInit(Cmac* cmac, const byte* key, + word32 keySz, int type, + void* unused, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) + return wc_InitCmac_Id(cmac, key, keySz, type, unused, + benchCmacId, benchCmacIdLen, heap, declaredDevId); +#elif !defined(HAVE_FIPS) + return wc_InitCmac_ex(cmac, key, keySz, type, unused, heap, declaredDevId); +#else + (void)heap; + (void)declaredDevId; + return wc_InitCmac(cmac, key, keySz, type, unused); +#endif +} +#endif /* WOLFSSL_CMAC */ + +/* --- AES ECB --- */ +#if defined(HAVE_AES_ECB) || \ + (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID) +static unsigned char benchAesEcbId[] = WC_TEST_AES_ECB_ID; +static int benchAesEcbIdLen = (int)sizeof(benchAesEcbId); +#endif + +static WC_MAYBE_UNUSED int bench_AesEcbInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID) + return wc_AesInit_Id(aes, benchAesEcbId, benchAesEcbIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} +#endif /* HAVE_AES_ECB || (HAVE_FIPS && WOLFSSL_AES_DIRECT) */ + +/* --- ECC --- */ +#ifdef HAVE_ECC +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID) +static unsigned char benchEccPairP256Id[] = WC_TEST_ECC_PAIR_P256_ID; +static int benchEccPairP256IdLen = (int)sizeof(benchEccPairP256Id); +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID) +static unsigned char benchEccPairP521Id[] = WC_TEST_ECC_PAIR_P521_ID; +static int benchEccPairP521IdLen = (int)sizeof(benchEccPairP521Id); +#endif + +static WC_MAYBE_UNUSED int bench_EccInit_Pair(ecc_key* key, int keySize, + void* heap, int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID) + if (keySize == 32) { + return wc_ecc_init_id(key, benchEccPairP256Id, + benchEccPairP256IdLen, heap, declaredDevId); + } +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID) + if (keySize == 66) { + return wc_ecc_init_id(key, benchEccPairP521Id, + benchEccPairP521IdLen, heap, declaredDevId); + } +#endif + (void)keySize; + return wc_ecc_init_ex(key, heap, declaredDevId); +} +#endif /* HAVE_ECC */ + + #ifndef NO_AES #ifdef HAVE_AES_CBC @@ -5015,8 +5154,9 @@ static void bench_aescbc_internal(int useDeviceID, /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(enc[i], HEAP_HINT, - useDeviceID ? devId: INVALID_DEVID)) != 0) { + ret = bench_AesCbcInit(enc[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); goto exit; } @@ -5084,8 +5224,8 @@ static void bench_aescbc_internal(int useDeviceID, /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_AesInit(enc[i], HEAP_HINT, - useDeviceID ? devId: INVALID_DEVID); + ret = bench_AesCbcInit(enc[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); if (ret != 0) { printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); goto exit; @@ -5206,8 +5346,9 @@ static void bench_aesgcm_internal(int useDeviceID, /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(enc[i], HEAP_HINT, - useDeviceID ? devId: INVALID_DEVID)) != 0) { + ret = bench_AesGcmInit(enc[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); goto exit; } @@ -5291,8 +5432,9 @@ static void bench_aesgcm_internal(int useDeviceID, /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(dec[i], HEAP_HINT, - useDeviceID ? devId: INVALID_DEVID)) != 0) { + ret = bench_AesGcmInit(dec[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); goto exit; } @@ -5704,7 +5846,7 @@ static void bench_aesecb_internal(int useDeviceID, /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(enc[i], HEAP_HINT, + if ((ret = bench_AesEcbInit(enc[i], HEAP_HINT, useDeviceID ? devId: INVALID_DEVID)) != 0) { printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); goto exit; @@ -9099,7 +9241,7 @@ static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID) #ifdef HAVE_FIPS ret = wc_InitCmac(&cmac, bench_key, keySz, WC_CMAC_AES, NULL); #else - ret = wc_InitCmac_ex(&cmac, bench_key, keySz, WC_CMAC_AES, NULL, + ret = bench_CmacInit(&cmac, bench_key, keySz, WC_CMAC_AES, NULL, HEAP_HINT, useDeviceID ? devId : INVALID_DEVID); #endif if (ret != 0) { @@ -10163,7 +10305,7 @@ void bench_rsa(int useDeviceID) /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { /* setup an async context for each key */ - ret = wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT, + ret = bench_RsaInit(rsaKey[i], HEAP_HINT, useDeviceID ? devId : INVALID_DEVID); if (ret < 0) { goto exit; @@ -12347,7 +12489,8 @@ void bench_ecc(int useDeviceID, int curveId) /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { /* setup an context for each key */ - if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) { + if ((ret = bench_EccInit_Pair(genKey[i], keySize, HEAP_HINT, + deviceID)) < 0) { goto exit; } ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2fbfd84263..69981d0303 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -13555,7 +13555,16 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ #ifndef WC_NO_CONSTRUCTORS -Aes* wc_AesNew(void* heap, int devId, int *result_code) + +#define AES_NEW_INIT_PLAIN 0 +#ifdef WOLF_PRIVATE_KEY_ID +#define AES_NEW_INIT_ID 1 +#define AES_NEW_INIT_LABEL 2 +#endif + +static Aes* _AesNew_common(void* heap, int devId, int *result_code, + int aesInitType, void* aesInitData, + int aesInitDataLen) { int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -13563,19 +13572,59 @@ Aes* wc_AesNew(void* heap, int devId, int *result_code) ret = MEMORY_E; } else { - ret = wc_AesInit(aes, heap, devId); + switch (aesInitType) { +#ifdef WOLF_PRIVATE_KEY_ID + case AES_NEW_INIT_ID: + ret = wc_AesInit_Id(aes, (unsigned char*)aesInitData, + aesInitDataLen, heap, devId); + break; + case AES_NEW_INIT_LABEL: + ret = wc_AesInit_Label(aes, (const char*)aesInitData, + heap, devId); + break; +#endif + default: + ret = wc_AesInit(aes, heap, devId); + break; + } if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; } } + (void)aesInitType; + (void)aesInitData; + (void)aesInitDataLen; - if (result_code != NULL) + if (result_code != NULL) { *result_code = ret; + } return aes; } +Aes* wc_AesNew(void* heap, int devId, int *result_code) +{ + return _AesNew_common(heap, devId, result_code, + AES_NEW_INIT_PLAIN, NULL, 0); +} + +#ifdef WOLF_PRIVATE_KEY_ID +Aes* wc_AesNew_Id(unsigned char* id, int len, void* heap, int devId, + int *result_code) +{ + return _AesNew_common(heap, devId, result_code, + AES_NEW_INIT_ID, id, len); +} + +Aes* wc_AesNew_Label(const char* label, void* heap, int devId, + int *result_code) +{ + return _AesNew_common(heap, devId, result_code, + AES_NEW_INIT_LABEL, (void*)label, 0); +} +#endif /* WOLF_PRIVATE_KEY_ID */ + int wc_AesDelete(Aes *aes, Aes** aes_p) { if (aes == NULL) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 66e45f9247..a377c72112 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -97,18 +97,23 @@ void ShiftAndXorRb(byte* out, byte* in) } #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ -/* returns 0 on success */ -int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, - int type, void* unused, void* heap, int devId) +#define CMAC_AES_INIT_PLAIN 0 +#ifdef WOLF_PRIVATE_KEY_ID +#define CMAC_AES_INIT_ID 1 +#define CMAC_AES_INIT_LABEL 2 +#endif + + +static int _InitCmac_common(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, void* heap, int devId, + int aesInitType, void* aesInitData, + int aesInitDataLen) { int ret = 0; #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) byte useSW = 0; #endif - (void)unused; - (void)heap; - if (cmac == NULL || type != WC_CMAC_AES) { return BAD_FUNC_ARG; } @@ -119,6 +124,28 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, #endif XMEMSET(cmac, 0, sizeof(Cmac)); + /* Store id/label on the Cmac struct so the crypto callback can + * inspect them to determine the hardware key slot. */ +#ifdef WOLF_PRIVATE_KEY_ID + cmac->aesInitType = aesInitType; + if (aesInitType == CMAC_AES_INIT_ID && aesInitData != NULL && + aesInitDataLen > 0 && + aesInitDataLen <= (int)sizeof(cmac->id)) { + XMEMCPY(cmac->id, aesInitData, (word32)aesInitDataLen); + cmac->idLen = aesInitDataLen; + } + else if (aesInitType == CMAC_AES_INIT_LABEL && aesInitData != NULL) { + int labelLen = (int)XSTRLEN((const char*)aesInitData); + if (labelLen > 0 && labelLen < (int)sizeof(cmac->label)) { + XMEMCPY(cmac->label, aesInitData, (word32)labelLen); + cmac->labelLen = labelLen; + } + } +#endif + (void)aesInitType; + (void)aesInitData; + (void)aesInitDataLen; + #ifdef WOLF_CRYPTO_CB /* Set devId regardless of value (invalid or not) */ cmac->devId = devId; @@ -130,23 +157,42 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL, type, unused); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; - /* fall-through when unavailable */ + } + /* fall-through when unavailable, reset ret for software path */ } #else (void)devId; #endif + (void)unused; if (key == NULL || keySz == 0) { return BAD_FUNC_ARG; } switch (type) { -#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT) +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) case WC_CMAC_AES: cmac->type = WC_CMAC_AES; - ret = wc_AesInit(&cmac->aes, heap, devId); + switch (aesInitType) { +#ifdef WOLF_PRIVATE_KEY_ID + case CMAC_AES_INIT_ID: + ret = wc_AesInit_Id(&cmac->aes, (unsigned char*)aesInitData, + aesInitDataLen, heap, devId); + break; + case CMAC_AES_INIT_LABEL: + ret = wc_AesInit_Label(&cmac->aes, (const char*)aesInitData, + heap, devId); + break; +#endif + default: + ret = wc_AesInit(&cmac->aes, heap, devId); + break; + } + if (ret != 0) { + return ret; + } #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) cmac->useSWCrypt = useSW; @@ -187,6 +233,15 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, } +/* returns 0 on success */ +int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, void* heap, int devId) +{ + return _InitCmac_common(cmac, key, keySz, type, unused, heap, devId, + CMAC_AES_INIT_PLAIN, NULL, 0); +} + + int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, int type, void* unused) { @@ -199,6 +254,27 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, } +#ifdef WOLF_PRIVATE_KEY_ID +/* returns 0 on success */ +int wc_InitCmac_Id(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, unsigned char* id, int len, + void* heap, int devId) +{ + return _InitCmac_common(cmac, key, keySz, type, unused, heap, devId, + CMAC_AES_INIT_ID, id, len); +} + + +/* returns 0 on success */ +int wc_InitCmac_Label(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, const char* label, + void* heap, int devId) +{ + return _InitCmac_common(cmac, key, keySz, type, unused, heap, devId, + CMAC_AES_INIT_LABEL, (void*)label, 0); +} +#endif /* WOLF_PRIVATE_KEY_ID */ + int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 608533504c..54a2838487 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -184,7 +184,16 @@ static void wc_RsaCleanup(RsaKey* key) } #ifndef WC_NO_CONSTRUCTORS -RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) + +#define RSA_NEW_INIT_PLAIN 0 +#ifdef WOLF_PRIVATE_KEY_ID +#define RSA_NEW_INIT_ID 1 +#define RSA_NEW_INIT_LABEL 2 +#endif + +static RsaKey* _NewRsaKey_common(void* heap, int devId, int *result_code, + int rsaInitType, void* rsaInitData, + int rsaInitDataLen) { int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); @@ -192,27 +201,69 @@ RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) ret = MEMORY_E; } else { - ret = wc_InitRsaKey_ex(key, heap, devId); + switch (rsaInitType) { +#ifdef WOLF_PRIVATE_KEY_ID + case RSA_NEW_INIT_ID: + ret = wc_InitRsaKey_Id(key, (unsigned char*)rsaInitData, + rsaInitDataLen, heap, devId); + break; + case RSA_NEW_INIT_LABEL: + ret = wc_InitRsaKey_Label(key, (const char*)rsaInitData, + heap, devId); + break; +#endif + default: + ret = wc_InitRsaKey_ex(key, heap, devId); + break; + } if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; } } + (void)rsaInitType; + (void)rsaInitData; + (void)rsaInitDataLen; - if (result_code != NULL) + if (result_code != NULL) { *result_code = ret; + } return key; } +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) +{ + return _NewRsaKey_common(heap, devId, result_code, + RSA_NEW_INIT_PLAIN, NULL, 0); +} + +#ifdef WOLF_PRIVATE_KEY_ID +RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len, void* heap, int devId, + int *result_code) +{ + return _NewRsaKey_common(heap, devId, result_code, + RSA_NEW_INIT_ID, id, len); +} + +RsaKey* wc_NewRsaKey_Label(const char* label, void* heap, int devId, + int *result_code) +{ + return _NewRsaKey_common(heap, devId, result_code, + RSA_NEW_INIT_LABEL, (void*)label, 0); +} +#endif /* WOLF_PRIVATE_KEY_ID */ + int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) { - if (key == NULL) + if (key == NULL) { return BAD_FUNC_ARG; + } wc_FreeRsaKey(key); XFREE(key, key->heap, DYNAMIC_TYPE_RSA); - if (key_p != NULL) + if (key_p != NULL) { *key_p = NULL; + } return 0; } #endif /* !WC_NO_CONSTRUCTORS */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a3d6dcfcda..6b95e43fe0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -556,6 +556,179 @@ static int devId = INVALID_DEVID; #endif #endif +/* ============================================================================ + * Test init helpers -- use id[] when WC_TEST_*_ID is defined, else plain init. + * Each algorithm has a static global id array (when defined) and a helper + * function that switches between wc_*Init_Id and the plain init. + * ========================================================================= */ + +/* --- AES CBC id[] and init helper --- */ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID) +static unsigned char testAesCbcId[] = WC_TEST_AES_CBC_ID; +static int testAesCbcIdLen = (int)sizeof(testAesCbcId); +#endif + +static WC_MAYBE_UNUSED int test_AesCbcInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID) + return wc_AesInit_Id(aes, testAesCbcId, testAesCbcIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} + +#endif /* !NO_AES && HAVE_AES_CBC */ + +/* --- AES ECB id[] and init helper --- */ +#if !defined(NO_AES) && \ + (defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID) +static unsigned char testAesEcbId[] = WC_TEST_AES_ECB_ID; +static int testAesEcbIdLen = (int)sizeof(testAesEcbId); +#endif + +static WC_MAYBE_UNUSED int test_AesEcbInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID) + return wc_AesInit_Id(aes, testAesEcbId, testAesEcbIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} + +#endif /* !NO_AES && (HAVE_AES_ECB || WOLFSSL_AES_DIRECT) */ + +/* --- AES GCM id[] and init helper --- */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID) +static unsigned char testAesGcmId[] = WC_TEST_AES_GCM_ID; +static int testAesGcmIdLen = (int)sizeof(testAesGcmId); +#endif + +static WC_MAYBE_UNUSED int test_AesGcmInit(Aes* aes, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID) + return wc_AesInit_Id(aes, testAesGcmId, testAesGcmIdLen, heap, + declaredDevId); +#else + return wc_AesInit(aes, heap, declaredDevId); +#endif +} + +#endif /* !NO_AES && HAVE_AESGCM */ + +/* --- RSA id[] and init helper --- */ +#if !defined(NO_RSA) +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID) +static unsigned char testRsaPrivId[] = WC_TEST_RSA_PRIV_ID; +static int testRsaPrivIdLen = (int)sizeof(testRsaPrivId); +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PUB_ID) +static unsigned char testRsaPubId[] = WC_TEST_RSA_PUB_ID; +static int testRsaPubIdLen = (int)sizeof(testRsaPubId); +#endif + +static WC_MAYBE_UNUSED int test_RsaInit(RsaKey* key, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID) + return wc_InitRsaKey_Id(key, testRsaPrivId, testRsaPrivIdLen, heap, + declaredDevId); +#else + return wc_InitRsaKey_ex(key, heap, declaredDevId); +#endif +} +#endif /* !NO_RSA */ + +/* --- CMAC id[] and init helper --- */ +#ifdef WOLFSSL_CMAC +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) +static unsigned char testCmacId[] = WC_TEST_CMAC_ID; +static int testCmacIdLen = (int)sizeof(testCmacId); +#endif + +static WC_MAYBE_UNUSED int test_CmacInit(Cmac* cmac, const byte* key, + word32 keySz, int type, + void* unused, void* heap, + int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) + return wc_InitCmac_Id(cmac, key, keySz, type, unused, + testCmacId, testCmacIdLen, heap, declaredDevId); +#elif !defined(HAVE_FIPS) + return wc_InitCmac_ex(cmac, key, keySz, type, unused, heap, declaredDevId); +#else + (void)heap; + (void)declaredDevId; + return wc_InitCmac(cmac, key, keySz, type, unused); +#endif +} +#endif /* WOLFSSL_CMAC */ + +/* --- ECC id[] and init helpers --- */ +#ifdef HAVE_ECC +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID) +static unsigned char testEccPairP256Id[] = WC_TEST_ECC_PAIR_P256_ID; +static int testEccPairP256IdLen = (int)sizeof(testEccPairP256Id); +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P256_ID) +static unsigned char testEccPubP256Id[] = WC_TEST_ECC_PUB_P256_ID; +static int testEccPubP256IdLen = (int)sizeof(testEccPubP256Id); +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID) +static unsigned char testEccPairP521Id[] = WC_TEST_ECC_PAIR_P521_ID; +static int testEccPairP521IdLen = (int)sizeof(testEccPairP521Id); +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P521_ID) +static unsigned char testEccPubP521Id[] = WC_TEST_ECC_PUB_P521_ID; +static int testEccPubP521IdLen = (int)sizeof(testEccPubP521Id); +#endif + +static WC_MAYBE_UNUSED int test_EccInit_Pair(ecc_key* key, int keySize, + void* heap, int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID) + if (keySize == 32) { + return wc_ecc_init_id(key, testEccPairP256Id, + testEccPairP256IdLen, heap, declaredDevId); + } +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID) + if (keySize == 66) { + return wc_ecc_init_id(key, testEccPairP521Id, + testEccPairP521IdLen, heap, declaredDevId); + } +#endif + (void)keySize; + return wc_ecc_init_ex(key, heap, declaredDevId); +} + +static WC_MAYBE_UNUSED int test_EccInit_Pub(ecc_key* key, int keySize, + void* heap, int declaredDevId) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P256_ID) + if (keySize == 32) { + return wc_ecc_init_id(key, testEccPubP256Id, + testEccPubP256IdLen, heap, declaredDevId); + } +#endif +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P521_ID) + if (keySize == 66) { + return wc_ecc_init_id(key, testEccPubP521Id, + testEccPubP521IdLen, heap, declaredDevId); + } +#endif + (void)keySize; + return wc_ecc_init_ex(key, heap, declaredDevId); +} +#endif /* HAVE_ECC */ + #ifdef HAVE_WNR const char* wnrConfigFile = "wnr-example.conf"; #endif @@ -1104,6 +1277,33 @@ static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p) *aes_p = NULL; return 0; } + +#ifdef WOLF_PRIVATE_KEY_ID +static WC_MAYBE_UNUSED Aes* wc_AesNew_Id(unsigned char* id, int len, + void* heap, int thisDevId, + int *result_code) +{ + int ret; + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit_Id(aes, id, len, heap, thisDevId); + if (ret != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + + if (result_code != NULL) { + *result_code = ret; + } + + return aes; +} +#endif /* WOLF_PRIVATE_KEY_ID */ + #endif /* !NO_AES */ #if !defined(NO_RSA) @@ -1137,10 +1337,94 @@ static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) *key_p = NULL; return 0; } +#ifdef WOLF_PRIVATE_KEY_ID +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len, + void* heap, int thisDevId, + int *result_code) +{ + int ret; + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_Id(key, id, len, heap, thisDevId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + + if (result_code != NULL) { + *result_code = ret; + } + + return key; +} +#endif /* WOLF_PRIVATE_KEY_ID */ #endif /* !NO_RSA */ #endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ +/* AES/RSA New helpers -- placed after the FIPS polyfill block so wc_AesNew / + * wc_NewRsaKey are visible from either the library or the polyfill above. + * Excluded from selftest builds which do not provide these functions. */ +#if !defined(WC_NO_CONSTRUCTORS) && !defined(HAVE_SELFTEST) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +static WC_MAYBE_UNUSED Aes* test_AesCbcNew(void* heap, int declaredDevId, + int* ret) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID) + return wc_AesNew_Id(testAesCbcId, testAesCbcIdLen, heap, declaredDevId, + ret); +#else + return wc_AesNew(heap, declaredDevId, ret); +#endif +} +#endif /* !NO_AES && HAVE_AES_CBC */ + +#if !defined(NO_AES) && \ + (defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)) +static WC_MAYBE_UNUSED Aes* test_AesEcbNew(void* heap, int declaredDevId, + int* ret) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID) + return wc_AesNew_Id(testAesEcbId, testAesEcbIdLen, heap, declaredDevId, + ret); +#else + return wc_AesNew(heap, declaredDevId, ret); +#endif +} +#endif /* !NO_AES && (HAVE_AES_ECB || WOLFSSL_AES_DIRECT) */ + +#if !defined(NO_AES) && defined(HAVE_AESGCM) +static WC_MAYBE_UNUSED Aes* test_AesGcmNew(void* heap, int declaredDevId, + int* ret) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID) + return wc_AesNew_Id(testAesGcmId, testAesGcmIdLen, heap, declaredDevId, + ret); +#else + return wc_AesNew(heap, declaredDevId, ret); +#endif +} +#endif /* !NO_AES && HAVE_AESGCM */ + +#if !defined(NO_RSA) +static WC_MAYBE_UNUSED RsaKey* test_RsaNew(void* heap, int declaredDevId, + int* ret) +{ +#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID) + return wc_NewRsaKey_Id(testRsaPrivId, testRsaPrivIdLen, heap, + declaredDevId, ret); +#else + return wc_NewRsaKey(heap, declaredDevId, ret); +#endif +} +#endif /* !NO_RSA */ + +#endif /* !WC_NO_CONSTRUCTORS && !HAVE_SELFTEST */ + #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; @@ -16112,11 +16396,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) WOLFSSL_ENTER("aes_cbc_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesCbcNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesCbcNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16125,11 +16409,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) #ifdef HAVE_AES_DECRYPT XMEMSET(dec, 0, sizeof(Aes)); #endif - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesCbcInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesCbcInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16518,20 +16802,20 @@ static wc_test_ret_t aes_ecb_direct_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesEcbNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesEcbNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesEcbInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesEcbInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16693,11 +16977,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) WOLFSSL_ENTER("aes192_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesCbcNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesCbcNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16706,11 +16990,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #ifdef HAVE_AES_DECRYPT XMEMSET(dec, 0, sizeof(Aes)); #endif - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesCbcInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesCbcInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16823,11 +17107,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) WOLFSSL_ENTER("aes256_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesCbcNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesCbcNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -16836,11 +17120,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #ifdef HAVE_AES_DECRYPT XMEMSET(dec, 0, sizeof(Aes)); #endif - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesCbcInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesCbcInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -17002,19 +17286,19 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesGcmNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesGcmNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); XMEMSET(dec, 0, sizeof(Aes)); - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesGcmInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesGcmInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ @@ -17453,17 +17737,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId, &ret); + enc = test_AesGcmNew(HEAP_HINT, devId, &ret); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec = wc_AesNew(HEAP_HINT, devId, &ret); + dec = test_AesGcmNew(HEAP_HINT, devId, &ret); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else - ret = wc_AesInit(enc, HEAP_HINT, devId); + ret = test_AesGcmInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesInit(dec, HEAP_HINT, devId); + ret = test_AesGcmInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -23890,7 +24174,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); #endif /* USE_CERT_BUFFERS */ - ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + ret = test_RsaInit(key, HEAP_HINT, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); } @@ -24825,7 +25109,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) XMEMSET(genKey, 0, sizeof *genKey); - ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId); + ret = test_RsaInit(genKey, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); @@ -24861,6 +25145,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) #else derSz = sizeof(der); #endif +#if !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) derSz = wc_RsaKeyToDer(genKey, der, derSz); if (derSz < 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); @@ -24884,6 +25169,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif /* WOLFSSL_CRYPTOCELL */ +#endif /* !WC_TEST_SKIP_RSA_PRIVATE_EXPORT */ exit_rsa: @@ -25307,11 +25593,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) XMEMCPY(in, inStr, inLen); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key = wc_NewRsaKey(HEAP_HINT, devId, &ret); + key = test_RsaNew(HEAP_HINT, devId, &ret); if (key == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret); + keypub = test_RsaNew(HEAP_HINT, devId, &ret); if (keypub == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif @@ -25322,11 +25608,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ - ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + ret = test_RsaInit(key, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId); + ret = test_RsaInit(keypub, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif @@ -25336,7 +25622,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) /* initialize stack structures */ XMEMSET(&rng, 0, sizeof(rng)); -#if !defined(NO_ASN) +#if !defined(NO_ASN) && !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) ret = rsa_decode_test(key); if (ret != 0) ERROR_OUT(ret, exit_rsa); @@ -25393,7 +25679,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); #endif /* USE_CERT_BUFFERS */ - ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + ret = test_RsaInit(key, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #ifndef NO_ASN @@ -25616,7 +25902,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #endif /* WOLFSSL_RSA_VERIFY_ONLY */ #if !defined(HAVE_FIPS) && !defined(NO_ASN) \ - && !defined(WOLFSSL_RSA_VERIFY_ONLY) + && !defined(WOLFSSL_RSA_VERIFY_ONLY) \ + && !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) ret = rsa_export_key_test(key); if (ret != 0) goto exit_rsa; @@ -33010,7 +33297,7 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) ERROR_OUT(MEMORY_E, done); #endif - ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + ret = test_EccInit_Pair(userA, (int)vector->keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -34429,7 +34716,7 @@ static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done); #endif - ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + ret = test_EccInit_Pair(userA, keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -34441,10 +34728,12 @@ static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); TEST_SLEEP(); +#ifndef WC_TEST_SKIP_ECC_CHECK_KEY ret = wc_ecc_check_key(userA); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); TEST_SLEEP(); +#endif derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE); if (derSz < 0) { @@ -34604,13 +34893,13 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif XMEMSET(userB, 0, sizeof *userB); XMEMSET(pubKey, 0, sizeof *pubKey); - ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + ret = test_EccInit_Pair(userA, keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); - ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + ret = test_EccInit_Pair(userB, keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); - ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + ret = test_EccInit_Pub(pubKey, keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -34648,10 +34937,12 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif ERROR_OUT(WC_TEST_RET_ENC_NC, done); } +#ifndef WC_TEST_SKIP_ECC_CHECK_KEY ret = wc_ecc_check_key(userA); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); TEST_SLEEP(); +#endif /* ATECC508/608 configuration may not support more than one ECDH key */ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) @@ -34797,7 +35088,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); wc_ecc_free(pubKey); - ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + ret = test_EccInit_Pub(pubKey, keySize, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #ifdef WOLFSSL_CUSTOM_CURVES @@ -34918,7 +35209,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_KCAPI_ECC) + !defined(WOLFSSL_KCAPI_ECC) && \ + !defined(WC_TEST_SKIP_ECC_PRIVATE_EXPORT) x = ECC_KEY_EXPORT_BUF_SIZE; ret = wc_ecc_export_private_only(userA, exportBuf, &x); if (ret != 0) @@ -55673,12 +55965,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) i < sizeof(testCases)/sizeof(CMAC_Test_Case); i++, tc++) { +#ifdef WC_TEST_SKIP_ZERO_LEN_CMAC + if (tc->mSz == 0) { + continue; + } +#endif + XMEMSET(tag, 0, sizeof(tag)); tagSz = WC_AES_BLOCK_SIZE; #if !defined(HAVE_FIPS) || \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3) - ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); + ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); #else ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL); #endif @@ -55710,8 +56008,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) + #if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) + /* Pre-init with id[] so Generate uses hardware-aware cmac */ + ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, + HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz, + NULL, 0, HEAP_HINT, devId); + #else ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz, tc->k, tc->kSz, NULL, devId); + #endif #else ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, tc->k, tc->kSz); @@ -55721,8 +56029,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) + #if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID) + /* Pre-init with id[] so Verify uses hardware-aware cmac */ + ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, + HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz, + NULL, 0, HEAP_HINT, devId); + #else ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz, tc->k, tc->kSz, HEAP_HINT, devId); + #endif #else ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, tc->k, tc->kSz); @@ -55734,7 +56052,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) /* Test that keyless generate with init is the same */ XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); - ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); + ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -56969,7 +57287,7 @@ static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, ERROR_OUT(ALGO_ID_E, out); }; - ret = wc_AesInit(aes, HEAP_HINT, devId); + ret = test_AesCbcInit(aes, HEAP_HINT, devId); if (ret == 0) { ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION); if (ret == 0) @@ -64334,7 +64652,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx) /* reset return code */ ret = 0; #endif - ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + ret = test_RsaInit(key, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 3c4a7db5eb..d1ab4baf52 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -778,6 +778,12 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, WOLFSSL_API void wc_AesFree(Aes* aes); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); +#ifdef WOLF_PRIVATE_KEY_ID +WOLFSSL_API Aes* wc_AesNew_Id(unsigned char* id, int len, void* heap, + int devId, int *result_code); +WOLFSSL_API Aes* wc_AesNew_Label(const char* label, void* heap, int devId, + int *result_code); +#endif WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p); #endif diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 22ff8c5bc8..e64ab322b1 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -71,6 +71,13 @@ struct Cmac { byte initialized; #endif #endif +#ifdef WOLF_PRIVATE_KEY_ID + byte id[AES_MAX_ID_LEN]; + int idLen; + char label[AES_MAX_LABEL_LEN]; + int labelLen; + int aesInitType; +#endif #if defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; @@ -111,6 +118,17 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, int type, void* unused, void* heap, int devId); +#ifdef WOLF_PRIVATE_KEY_ID +WOLFSSL_API +int wc_InitCmac_Id(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, unsigned char* id, int len, + void* heap, int devId); +WOLFSSL_API +int wc_InitCmac_Label(Cmac* cmac, const byte* key, word32 keySz, + int type, void* unused, const char* label, + void* heap, int devId); +#endif + WOLFSSL_API int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz); diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 6c6c2185e3..09084091dd 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -300,6 +300,12 @@ WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); +#ifdef WOLF_PRIVATE_KEY_ID +WOLFSSL_API RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len, void* heap, + int devId, int *result_code); +WOLFSSL_API RsaKey* wc_NewRsaKey_Label(const char* label, void* heap, + int devId, int *result_code); +#endif WOLFSSL_API int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); #endif