diff --git a/wolfCLU/README.md b/wolfCLU/README.md index fb5bbc82..1089d9c3 100644 --- a/wolfCLU/README.md +++ b/wolfCLU/README.md @@ -6,7 +6,7 @@ This is the wolfSSL: Command Line Utility (wolfCLU). To use this feature, please configure and install wolfssl with the following commands: - ./configure --enable-pwdbased --enable-opensslextra && make && make check + ./configure --enable-pwdbased --enable-opensslextra --enable-keygen && make && make check If that succeeds, run: @@ -21,6 +21,8 @@ hexidecimal values. `--enable-base64encode` enables Base64 encoding (not on by default) +`--enable-keygen` enables key generation (not on by default) + Additional features that can be included when configuring wolfssl for encryption or decryption are: diff --git a/wolfCLU/clu_src/crypto/clu_decrypt.c b/wolfCLU/clu_src/crypto/clu_decrypt.c index 976c40a1..56957e1e 100644 --- a/wolfCLU/clu_src/crypto/clu_decrypt.c +++ b/wolfCLU/clu_src/crypto/clu_decrypt.c @@ -116,7 +116,7 @@ int wolfCLU_decrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size, /* replicates old pwdKey if pwdKeys match */ if (keyType == 1) { if (wc_PBKDF2(key, pwdKey, (int) strlen((const char*)pwdKey), salt, - SALT_SIZE, 4096, size, SHA256) != 0) { + SALT_SIZE, 4096, size, WC_SHA256) != 0) { printf("pwdKey set error.\n"); wolfCLU_freeBins(input, output, NULL, NULL, NULL); return ENCRYPT_ERROR; diff --git a/wolfCLU/clu_src/genkey/clu_genkey.c b/wolfCLU/clu_src/genkey/clu_genkey.c index dce38690..b37340d4 100644 --- a/wolfCLU/clu_src/genkey/clu_genkey.c +++ b/wolfCLU/clu_src/genkey/clu_genkey.c @@ -159,8 +159,12 @@ int wolfCLU_genKey_ECC(RNG* rng, char* fName, int directive, int fmt, char fExtPriv[6] = ".priv\0"; char fExtPub[6] = ".pub\0\0"; char* fOutNameBuf = NULL; - + + #ifdef NO_AES + size_t maxDerBufSz = 4 * keySz * keySz-42; + #else size_t maxDerBufSz = 4 * keySz * AES_BLOCK_SIZE; + #endif byte* derBuf = NULL; int derBufSz = -1; @@ -299,7 +303,11 @@ int wolfCLU_genKey_RSA(RNG* rng, char* fName, int directive, int fmt, int char fExtPub[6] = ".pub\0\0"; char* fOutNameBuf = NULL; - size_t maxDerBufSz = 5 * keySz * AES_BLOCK_SIZE; + #ifdef NO_AES + size_t maxDerBufSz = 4 * keySz * keySz-42; + #else + size_t maxDerBufSz = 4 * keySz * AES_BLOCK_SIZE; + #endif byte* derBuf = NULL; int derBufSz = -1; @@ -443,7 +451,7 @@ int wolfCLU_genKey_PWDBASED(RNG* rng, byte* pwdKey, int size, byte* salt, int pa /* stretches pwdKey */ ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey), salt, SALT_SIZE, - 4096, size, SHA256); + 4096, size, WC_SHA256); if (ret != 0) return ret; diff --git a/wolfCLU/clu_src/hash/clu_hash.c b/wolfCLU/clu_src/hash/clu_hash.c index ffd24f18..857f6048 100644 --- a/wolfCLU/clu_src/hash/clu_hash.c +++ b/wolfCLU/clu_src/hash/clu_hash.c @@ -100,27 +100,27 @@ int wolfCLU_hash(char* in, char* out, char* alg, int size) } #endif #ifndef NO_SHA - else if (strcmp(alg, "sha") == 0) { + if (strcmp(alg, "sha") == 0) { ret = wc_ShaHash(input, length, output); } #endif #ifndef NO_SHA256 - else if (strcmp(alg, "sha256") == 0) { + if (strcmp(alg, "sha256") == 0) { ret = wc_Sha256Hash(input, length, output); } #endif #ifdef WOLFSSL_SHA384 - else if (strcmp(alg, "sha384") == 0) { + if (strcmp(alg, "sha384") == 0) { ret = wc_Sha384Hash(input, length, output); } #endif #ifdef WOLFSSL_SHA512 - else if (strcmp(alg, "sha512") == 0) { + if (strcmp(alg, "sha512") == 0) { ret = wc_Sha512Hash(input, length, output); } #endif #ifdef HAVE_BLAKE2 - else if (strcmp(alg, "blake2b") == 0) { + if (strcmp(alg, "blake2b") == 0) { ret = wc_InitBlake2b(&hash, size); if (ret != 0) return ret; ret = wc_Blake2bUpdate(&hash, input, length); @@ -132,12 +132,12 @@ int wolfCLU_hash(char* in, char* out, char* alg, int size) #ifndef NO_CODING #ifdef WOLFSSL_BASE64_ENCODE - else if (strcmp(alg, "base64enc") == 0) { + if (strcmp(alg, "base64enc") == 0) { ret = Base64_Encode(input, length, output, (word32*)&size); outputAsHexString = 0; } #endif /* WOLFSSL_BASE64_ENCODE */ - else if (strcmp(alg, "base64dec") == 0) { + if (strcmp(alg, "base64dec") == 0) { ret = Base64_Decode(input, length, output, (word32*)&size); outputAsHexString = 0; } diff --git a/wolfCLU/clu_src/tools/clu_funcs.c b/wolfCLU/clu_src/tools/clu_funcs.c index 5171635e..f2570a99 100644 --- a/wolfCLU/clu_src/tools/clu_funcs.c +++ b/wolfCLU/clu_src/tools/clu_funcs.c @@ -79,8 +79,9 @@ void wolfCLU_verboseHelp() /* hash options */ const char* algsenc[] = { /* list of acceptable algorithms */ + "Algorihms:" #ifndef NO_MD5 - "md5" + ,"md5" #endif #ifndef NO_SHA ,"sha" @@ -107,8 +108,9 @@ void wolfCLU_verboseHelp() /* benchmark options */ const char* algsother[] = { /* list of acceptable algorithms */ + "ALGS: " #ifndef NO_AES - "aes-cbc" + , "aes-cbc" #endif #ifdef WOLFSSL_AES_COUNTER , "aes-ctr" @@ -234,8 +236,9 @@ void wolfCLU_hashHelp() printf("\n"); /* hash options */ const char* algsenc[] = { /* list of acceptable algorithms */ + "Algorithms: " #ifndef NO_MD5 - "md5" + ,"md5" #endif #ifndef NO_SHA ,"sha" @@ -280,8 +283,9 @@ void wolfCLU_benchHelp() /* benchmark options */ const char* algsother[] = { /* list of acceptable algorithms */ + "ALGS: " #ifndef NO_AES - "aes-cbc" + , "aes-cbc" #endif #ifdef WOLFSSL_AES_COUNTER , "aes-ctr" @@ -340,6 +344,24 @@ void wolfCLU_certHelp() } void wolfCLU_genKeyHelp() { + + const char* keysother[] = { /* list of acceptable key types */ + "KEYS: " + #ifdef HAVE_ED25519 + ,"ed25519" + #endif + #ifdef HAVE_ECC + ,"ecc" + #endif + #ifdef HAVE_CURVE25519 + ,"curve25519" + #endif + }; + + printf("Available keys with current configure settings:\n"); + for(i = 0; i < (int) sizeof(keysother)/(int) sizeof(keysother[0]); i++) { + printf("%s\n", keysother[i]); + } printf("\n\n"); printf("***************************************************************\n"); printf("\ngenkey USAGE:\nwolfssl -genkey -out -outform" @@ -364,8 +386,9 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size) char* sz = 0; /* key size provided */ const char* acceptAlgs[] = { /* list of acceptable algorithms */ + "ALGS: " #ifndef NO_AES - "aes" + , "aes" #endif #ifndef NO_DES3 , "3des" @@ -406,38 +429,50 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size) *size = atoi(sz); /* checks key sizes for acceptability */ -#ifndef NO_AES if (strcmp(*alg, "aes") == 0) { + #ifdef NO_AES + printf("AES not compiled in.\n"); + return NOT_COMPILED_IN; + #else ret = AES_BLOCK_SIZE; if (*size != 128 && *size != 192 && *size != 256) { printf("Invalid AES pwdKey size. Should be: %d\n", ret); ret = FATAL_ERROR; } + #endif } -#endif -#ifndef NO_DES3 + else if (strcmp(*alg, "3des") == 0) { + #ifdef NO_DES3 + printf("3DES not compiled in.\n"); + return NOT_COMPILED_IN; + #else ret = DES3_BLOCK_SIZE; if (*size != 56 && *size != 112 && *size != 168) { printf("Invalid 3DES pwdKey size\n"); ret = FATAL_ERROR; } + #endif } -#endif -#ifdef HAVE_CAMELLIA + else if (strcmp(*alg, "camellia") == 0) { + #ifndef HAVE_CAMELIA + printf("CAMELIA not compile in.\n"); + return NOT_COMPILED_IN; + #else ret = CAMELLIA_BLOCK_SIZE; if (*size != 128 && *size != 192 && *size != 256) { printf("Invalid Camellia pwdKey size\n"); ret = FATAL_ERROR; } + #endif } -#endif - + else { printf("Invalid algorithm: %s\n", *alg); ret = FATAL_ERROR; } + return ret; }