From ae9291f4d35c2573fb44b4ff3ade1141c9018437 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 24 May 2024 13:17:46 -0400 Subject: [PATCH 1/3] Add FIPS required forward declaration of streaming struct --- wolfssl/wolfcrypt/aes.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 9325d6580e..7d51334b01 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -420,11 +420,6 @@ struct Aes { Aes tweak; }; - #ifndef WC_AESXTS_TYPE_DEFINED - typedef struct XtsAes XtsAes; - #define WC_AESXTS_TYPE_DEFINED - #endif - #ifdef WOLFSSL_AESXTS_STREAM struct XtsAesStreamData { byte tweak_block[AES_BLOCK_SIZE]; @@ -432,6 +427,12 @@ struct Aes { }; #endif + #ifndef WC_AESXTS_TYPE_DEFINED + typedef struct XtsAes XtsAes; + typedef struct XtsAesStreamData XtsAesStreamData; + #define WC_AESXTS_TYPE_DEFINED + #endif + #endif From 20911f254bb6ff5ca94dfe990952406a0bc14d6f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 11 Jun 2024 16:13:59 -0400 Subject: [PATCH 2/3] ECC, DH, GCM, GMAC, CCM and AES updated services --- tests/api.c | 10 ++++++++++ wolfssl/wolfcrypt/aes.h | 7 +++++-- wolfssl/wolfcrypt/ecc.h | 21 +++++++++++++++------ 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/tests/api.c b/tests/api.c index bfa3795f40..9044c9f5a1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24918,6 +24918,7 @@ static int test_wc_ecc_export_x963_ex(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -24958,6 +24959,7 @@ static int test_wc_ecc_export_x963_ex(void) ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), ECC_BAD_ARG_E); #endif + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -25049,6 +25051,7 @@ static int test_wc_ecc_import_private_key(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(privKey, 0, privKeySz); XMEMSET(x963Key, 0, x963KeySz); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_ecc_init(&keyImp), 0); @@ -25071,6 +25074,7 @@ static int test_wc_ecc_import_private_key(void) x963KeySz, NULL), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz, &keyImp), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&keyImp); @@ -25101,6 +25105,7 @@ static int test_wc_ecc_export_private_only(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -25115,6 +25120,7 @@ static int test_wc_ecc_export_private_only(void) ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -25712,6 +25718,7 @@ static int test_wc_ecc_shared_secret_ssh(void) XMEMSET(&key2, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(secret, 0, secretLen); + PRIVATE_KEY_UNLOCK(); /* Make keys */ ExpectIntEQ(wc_ecc_init(&key), 0); @@ -25751,6 +25758,7 @@ static int test_wc_ecc_shared_secret_ssh(void) key.type = ECC_PUBLICKEY; ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen), ECC_BAD_ARG_E); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -26678,6 +26686,7 @@ static int test_wc_EccPrivateKeyToDer(void) XMEMSET(&eccKey, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ecc_init(&eccKey), 0); @@ -26718,6 +26727,7 @@ static int test_wc_EccPrivateKeyToDer(void) EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */ } #endif + PRIVATE_KEY_LOCK(); #endif return EXPECT_RESULT(); } /* End test_wc_EccPrivateKeyToDer*/ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 7d51334b01..7cc786e72b 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -401,6 +401,9 @@ struct Aes { #ifndef WC_AES_TYPE_DEFINED typedef struct Aes Aes; + #ifdef HAVE_AESGCM + typedef struct Gmac Gmac; + #endif #define WC_AES_TYPE_DEFINED #endif @@ -457,9 +460,9 @@ struct Aes { #endif #ifdef HAVE_AESGCM -typedef struct Gmac { +struct Gmac { Aes aes; -} Gmac; +}; #endif /* HAVE_AESGCM */ #endif /* HAVE_FIPS */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index c91cd095d6..4a198a6b0d 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -297,7 +297,7 @@ typedef byte ecc_oid_t; /* ECC set type defined a GF(p) curve */ #ifndef WOLFSSL_ECC_CURVE_STATIC -typedef struct ecc_set_type { +struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ const char* name; /* name of this curve */ @@ -311,13 +311,13 @@ typedef struct ecc_set_type { word32 oidSz; word32 oidSum; /* sum of encoded OID bytes */ int cofactor; -} ecc_set_type; +}; #else #define MAX_ECC_NAME 16 #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 2) /* The values are stored as text strings. */ -typedef struct ecc_set_type { +struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ char name[MAX_ECC_NAME]; /* name of this curve */ @@ -331,7 +331,7 @@ typedef struct ecc_set_type { word32 oidSz; word32 oidSum; /* sum of encoded OID bytes */ int cofactor; -} ecc_set_type; +}; #endif @@ -441,10 +441,19 @@ typedef struct alt_fp_int { #define WC_ECCKEY_TYPE_DEFINED #endif +#ifndef WC_ECCPOINT_TYPE_DEFINED + typedef struct ecc_point ecc_point; + #define WC_ECCPOINT_TYPE_DEFINED +#endif + +#ifndef WC_ECCSET_TYPE_DEFINED + typedef struct ecc_set_type ecc_set_type; + #define WC_ECCSET_TYPE_DEFINED +#endif /* A point on an ECC curve, stored in Jacobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpreted as affine */ -typedef struct { +struct ecc_point { #ifndef ALT_ECC_SIZE mp_int x[1]; /* The x coordinate */ mp_int y[1]; /* The y coordinate */ @@ -458,7 +467,7 @@ typedef struct { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif -} ecc_point; +}; /* ECC Flags */ enum { From 8ca8827b583eff3b3987fe99be7e98dd8cdf64a9 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 12 Jun 2024 10:10:37 -0400 Subject: [PATCH 3/3] Isolate forward declaration of Gmac --- wolfssl/wolfcrypt/aes.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 7cc786e72b..46687dade9 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -401,9 +401,6 @@ struct Aes { #ifndef WC_AES_TYPE_DEFINED typedef struct Aes Aes; - #ifdef HAVE_AESGCM - typedef struct Gmac Gmac; - #endif #define WC_AES_TYPE_DEFINED #endif @@ -463,6 +460,12 @@ struct Aes { struct Gmac { Aes aes; }; + +#ifndef WC_AESGCM_TYPE_DEFINED + typedef struct Gmac Gmac; + #define WC_AESGCM_TYPE_DEFINED +#endif + #endif /* HAVE_AESGCM */ #endif /* HAVE_FIPS */