WolfSSL
/
wolfcrypt-py
mirror of https://github.com/wolfSSL/wolfcrypt-py.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #22 from haydenroche5/rsa_blinding 

Added detection of FIPS and RSA blinding. Fixed wc_PBKDF2.
pull/23/head
Daniele Lacamera 2021-07-08 22:56:57 -07:00 committed by GitHub
parent 270a7903eb 812d359700
commit 3569c39d35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
src/wolfcrypt/_build_ffi.py
View File

@ -57,85 +57,37 @@ DES3_ENABLED = 1
AES_ENABLED = 1 AES_ENABLED = 1
HMAC_ENABLED = 1 HMAC_ENABLED = 1
RSA_ENABLED = 1 RSA_ENABLED = 1
RSA_BLINDING_ENABLED = 1
ECC_ENABLED = 1 ECC_ENABLED = 1
ED25519_ENABLED = 1 ED25519_ENABLED = 1
KEYGEN_ENABLED = 1 KEYGEN_ENABLED = 1
CHACHA_ENABLED = 1 CHACHA_ENABLED = 1
PWDBASED_ENABLED = 0 PWDBASED_ENABLED = 0
FIPS_ENABLED = 0
# detect native features based on options.h defines # detect native features based on options.h defines
if featureDetection == 1: if featureDetection:
if '#define WOLFSSL_PUBLIC_MP' in optionsHeaderStr: MPAPI_ENABLED = 1 if '#define WOLFSSL_PUBLIC_MP' in optionsHeaderStr else 0
MPAPI_ENABLED = 1 SHA_ENABLED = 0 if '#define NO_SHA' in optionsHeaderStr else 1
else: SHA256_ENABLED = 0 if '#define NO_SHA256' in optionsHeaderStr else 1
MPAPI_ENABLED = 0 SHA384_ENABLED = 1 if '#define WOLFSSL_SHA384' in optionsHeaderStr else 0
SHA512_ENABLED = 1 if '#define WOLFSSL_SHA512' in optionsHeaderStr else 0
if '#define NO_SHA' in optionsHeaderStr: SHA3_ENABLED = 1 if '#define WOLFSSL_SHA3' in optionsHeaderStr else 0
SHA_ENABLED = 0 DES3_ENABLED = 0 if '#define NO_DES3' in optionsHeaderStr else 1
else: AES_ENABLED = 0 if '#define NO_AES' in optionsHeaderStr else 1
SHA_ENABLED = 1 CHACHA_ENABLED = 1 if '#define HAVE_CHACHA' in optionsHeaderStr else 0
HMAC_ENABLED = 0 if '#define NO_HMAC' in optionsHeaderStr else 1
if '#define NO_SHA256' in optionsHeaderStr: RSA_ENABLED = 0 if '#define NO_RSA' in optionsHeaderStr else 1
SHA256_ENABLED = 0 RSA_BLINDING_ENABLED = 1 if '#define WC_RSA_BLINDING' in optionsHeaderStr else 0
else: ECC_ENABLED = 1 if '#define HAVE_ECC' in optionsHeaderStr else 0
SHA256_ENABLED = 1 ED25519_ENABLED = 1 if '#define HAVE_ED25519' in optionsHeaderStr else 0
KEYGEN_ENABLED = 1 if '#define WOLFSSL_KEY_GEN' in optionsHeaderStr else 0
if '#define WOLFSSL_SHA384' in optionsHeaderStr:
SHA384_ENABLED = 1
else:
SHA384_ENABLED = 0
if '#define WOLFSSL_SHA512' in optionsHeaderStr:
SHA512_ENABLED = 1
else:
SHA512_ENABLED = 0
if '#define WOLFSSL_SHA3' in optionsHeaderStr:
SHA3_ENABLED = 1
else:
SHA3_ENABLED = 0
if '#define NO_DES3' in optionsHeaderStr:
DES3_ENABLED = 0
else:
DES3_ENABLED = 1
if '#define NO_AES' in optionsHeaderStr:
AES_ENABLED = 0
else:
AES_ENABLED = 1
if '#define HAVE_CHACHA' in optionsHeaderStr:
CHACHA_ENABLED = 1
else:
CHACHA_ENABLED = 0
if '#define NO_HMAC' in optionsHeaderStr:
HMAC_ENABLED = 0
else:
HMAC_ENABLED = 1
if '#define NO_RSA' in optionsHeaderStr:
RSA_ENABLED = 0
else:
RSA_ENABLED = 1
if '#define HAVE_ECC' in optionsHeaderStr:
ECC_ENABLED = 1
else:
ECC_ENABLED = 0
if '#define HAVE_ED25519' in optionsHeaderStr:
ED25519_ENABLED = 1
else:
ED25519_ENABLED = 0
if '#define WOLFSSL_KEY_GEN' in optionsHeaderStr:
KEYGEN_ENABLED = 1
else:
KEYGEN_ENABLED = 0
PWDBASED_ENABLED = 0 if '#define NO_PWDBASED' in optionsHeaderStr else 1 PWDBASED_ENABLED = 0 if '#define NO_PWDBASED' in optionsHeaderStr else 1
FIPS_ENABLED = 1 if '#define HAVE_FIPS' in optionsHeaderStr else 0
if RSA_BLINDING_ENABLED and FIPS_ENABLED:
# These settings can't coexist. See settings.h.
RSA_BLINDING_ENABLED = 0
# build cffi module, wrapping native wolfSSL # build cffi module, wrapping native wolfSSL
@ -158,6 +110,7 @@ ffibuilder.set_source(
#include <wolfssl/wolfcrypt/chacha.h> #include <wolfssl/wolfcrypt/chacha.h>
#include <wolfssl/wolfcrypt/des3.h> #include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>
@ -177,10 +130,12 @@ ffibuilder.set_source(
int CHACHA_ENABLED = """ + str(CHACHA_ENABLED) + """; int CHACHA_ENABLED = """ + str(CHACHA_ENABLED) + """;
int HMAC_ENABLED = """ + str(HMAC_ENABLED) + """; int HMAC_ENABLED = """ + str(HMAC_ENABLED) + """;
int RSA_ENABLED = """ + str(RSA_ENABLED) + """; int RSA_ENABLED = """ + str(RSA_ENABLED) + """;
int RSA_BLINDING_ENABLED = """ + str(RSA_BLINDING_ENABLED) + """;
int ECC_ENABLED = """ + str(ECC_ENABLED) + """; int ECC_ENABLED = """ + str(ECC_ENABLED) + """;
int ED25519_ENABLED = """ + str(ED25519_ENABLED) + """; int ED25519_ENABLED = """ + str(ED25519_ENABLED) + """;
int KEYGEN_ENABLED = """ + str(KEYGEN_ENABLED) + """; int KEYGEN_ENABLED = """ + str(KEYGEN_ENABLED) + """;
int PWDBASED_ENABLED = """ + str(PWDBASED_ENABLED) + """; int PWDBASED_ENABLED = """ + str(PWDBASED_ENABLED) + """;
int FIPS_ENABLED = """ + str(FIPS_ENABLED) + """;
""", """,
include_dirs=[wolfssl_inc_path()], include_dirs=[wolfssl_inc_path()],
library_dirs=[wolfssl_lib_path()], library_dirs=[wolfssl_lib_path()],
@ -188,21 +143,23 @@ ffibuilder.set_source(
) )
_cdef = """ _cdef = """
int MPAPI_ENABLED; extern int MPAPI_ENABLED;
int SHA_ENABLED; extern int SHA_ENABLED;
int SHA256_ENABLED; extern int SHA256_ENABLED;
int SHA384_ENABLED; extern int SHA384_ENABLED;
int SHA512_ENABLED; extern int SHA512_ENABLED;
int SHA3_ENABLED; extern int SHA3_ENABLED;
int DES3_ENABLED; extern int DES3_ENABLED;
int AES_ENABLED; extern int AES_ENABLED;
int CHACHA_ENABLED; extern int CHACHA_ENABLED;
int HMAC_ENABLED; extern int HMAC_ENABLED;
int RSA_ENABLED; extern int RSA_ENABLED;
int ECC_ENABLED; extern int RSA_BLINDING_ENABLED;
int ED25519_ENABLED; extern int ECC_ENABLED;
int KEYGEN_ENABLED; extern int ED25519_ENABLED;
int PWDBASED_ENABLED; extern int KEYGEN_ENABLED;
extern int PWDBASED_ENABLED;
extern int FIPS_ENABLED;
typedef unsigned char byte; typedef unsigned char byte;
typedef unsigned int word32; typedef unsigned int word32;
@ -216,7 +173,7 @@ _cdef = """
int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz); int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz);
""" """
if (MPAPI_ENABLED == 1): if MPAPI_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } mp_int; typedef struct { ...; } mp_int;
@ -225,7 +182,7 @@ if (MPAPI_ENABLED == 1):
int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
""" """
if (SHA_ENABLED == 1): if SHA_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } wc_Sha; typedef struct { ...; } wc_Sha;
int wc_InitSha(wc_Sha*); int wc_InitSha(wc_Sha*);
@ -233,7 +190,7 @@ if (SHA_ENABLED == 1):
int wc_ShaFinal(wc_Sha*, byte*); int wc_ShaFinal(wc_Sha*, byte*);
""" """
if (SHA256_ENABLED == 1): if SHA256_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } wc_Sha256; typedef struct { ...; } wc_Sha256;
int wc_InitSha256(wc_Sha256*); int wc_InitSha256(wc_Sha256*);
@ -241,7 +198,7 @@ if (SHA256_ENABLED == 1):
int wc_Sha256Final(wc_Sha256*, byte*); int wc_Sha256Final(wc_Sha256*, byte*);
""" """
if (SHA384_ENABLED == 1): if SHA384_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } wc_Sha384; typedef struct { ...; } wc_Sha384;
int wc_InitSha384(wc_Sha384*); int wc_InitSha384(wc_Sha384*);
@ -249,7 +206,7 @@ if (SHA384_ENABLED == 1):
int wc_Sha384Final(wc_Sha384*, byte*); int wc_Sha384Final(wc_Sha384*, byte*);
""" """
if (SHA512_ENABLED == 1): if SHA512_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } wc_Sha512; typedef struct { ...; } wc_Sha512;
@ -257,7 +214,7 @@ if (SHA512_ENABLED == 1):
int wc_Sha512Update(wc_Sha512*, const byte*, word32); int wc_Sha512Update(wc_Sha512*, const byte*, word32);
int wc_Sha512Final(wc_Sha512*, byte*); int wc_Sha512Final(wc_Sha512*, byte*);
""" """
if (SHA3_ENABLED == 1): if SHA3_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } wc_Sha3; typedef struct { ...; } wc_Sha3;
int wc_InitSha3_224(wc_Sha3*, void *, int); int wc_InitSha3_224(wc_Sha3*, void *, int);
@ -274,7 +231,7 @@ if (SHA3_ENABLED == 1):
int wc_Sha3_512_Final(wc_Sha3*, byte*); int wc_Sha3_512_Final(wc_Sha3*, byte*);
""" """
if (DES3_ENABLED == 1): if DES3_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } Des3; typedef struct { ...; } Des3;
int wc_Des3_SetKey(Des3*, const byte*, const byte*, int); int wc_Des3_SetKey(Des3*, const byte*, const byte*, int);
@ -282,7 +239,7 @@ if (DES3_ENABLED == 1):
int wc_Des3_CbcDecrypt(Des3*, byte*, const byte*, word32); int wc_Des3_CbcDecrypt(Des3*, byte*, const byte*, word32);
""" """
if (AES_ENABLED == 1): if AES_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } Aes; typedef struct { ...; } Aes;
@ -291,7 +248,7 @@ if (AES_ENABLED == 1):
int wc_AesCbcDecrypt(Aes*, byte*, const byte*, word32); int wc_AesCbcDecrypt(Aes*, byte*, const byte*, word32);
""" """
if (CHACHA_ENABLED == 1): if CHACHA_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } ChaCha; typedef struct { ...; } ChaCha;
@ -300,7 +257,7 @@ if (CHACHA_ENABLED == 1):
int wc_Chacha_Process(ChaCha*, byte*, const byte*,word32); int wc_Chacha_Process(ChaCha*, byte*, const byte*,word32);
""" """
if (HMAC_ENABLED == 1): if HMAC_ENABLED:
_cdef += """ _cdef += """
typedef struct { ...; } Hmac; typedef struct { ...; } Hmac;
int wc_HmacInit(Hmac* hmac, void* heap, int devId); int wc_HmacInit(Hmac* hmac, void* heap, int devId);
@ -309,12 +266,11 @@ if (HMAC_ENABLED == 1):
int wc_HmacFinal(Hmac*, byte*); int wc_HmacFinal(Hmac*, byte*);
""" """
if (RSA_ENABLED == 1): if RSA_ENABLED:
_cdef += """ _cdef += """
typedef struct {...; } RsaKey; typedef struct {...; } RsaKey;
int wc_InitRsaKey(RsaKey* key, void*); int wc_InitRsaKey(RsaKey* key, void*);
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
int wc_FreeRsaKey(RsaKey* key); int wc_FreeRsaKey(RsaKey* key);
int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32); int wc_RsaPrivateKeyDecode(const byte*, word32*, RsaKey*, word32);
@ -330,7 +286,13 @@ if (RSA_ENABLED == 1):
int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*); int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*);
""" """
if (KEYGEN_ENABLED):
if RSA_BLINDING_ENABLED:
_cdef += """
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
"""
if KEYGEN_ENABLED:
_cdef += """ _cdef += """
int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen); int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
@ -338,7 +300,7 @@ if (RSA_ENABLED == 1):
""" """
if (ECC_ENABLED == 1): if ECC_ENABLED:
_cdef += """ _cdef += """
typedef struct {...; } ecc_key; typedef struct {...; } ecc_key;
@ -377,7 +339,7 @@ if (ECC_ENABLED == 1):
int* stat, ecc_key* key); int* stat, ecc_key* key);
""" """
if (ECC_ENABLED == 1 and MPAPI_ENABLED == 1): if ECC_ENABLED and MPAPI_ENABLED:
_cdef += """ _cdef += """
int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
ecc_key* key, mp_int *r, mp_int *s); ecc_key* key, mp_int *r, mp_int *s);
@ -386,7 +348,7 @@ if (ECC_ENABLED == 1 and MPAPI_ENABLED == 1):
word32 hashlen, int* res, ecc_key* key); word32 hashlen, int* res, ecc_key* key);
""" """
if (ED25519_ENABLED == 1): if ED25519_ENABLED:
_cdef += """ _cdef += """
typedef struct {...; } ed25519_key; typedef struct {...; } ed25519_key;

9
src/wolfcrypt/ciphers.py
View File

@ -324,10 +324,11 @@ if _lib.RSA_ENABLED:
raise WolfCryptError("Invalid key error (%d)" % ret) raise WolfCryptError("Invalid key error (%d)" % ret)
self._random = Random() self._random = Random()
ret = _lib.wc_RsaSetRNG(self.native_object, if _lib.RSA_BLINDING_ENABLED:
self._random.native_object) ret = _lib.wc_RsaSetRNG(self.native_object,
if ret < 0: # pragma: no cover self._random.native_object)
raise WolfCryptError("Key initialization error (%d)" % ret) if ret < 0: # pragma: no cover
raise WolfCryptError("Key initialization error (%d)" % ret)
# making sure _lib.wc_FreeRsaKey outlives RsaKey instances # making sure _lib.wc_FreeRsaKey outlives RsaKey instances
_delete = _lib.wc_FreeRsaKey _delete = _lib.wc_FreeRsaKey