From e1f2c0bb2e79a808d9697a6cd943aa255dd03b3e Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 22 Jun 2023 10:12:37 -0400 Subject: [PATCH 1/4] Add 'Keying_material' option --- CMakeLists.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index f67b67a06..f00fc47cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1774,6 +1774,14 @@ if(WOLFSSL_AESKEYWRAP) ) endif() +# Keying Material Exporter / TLS Exporter +add_option("WOLFSSL_KEYING_MATERIAL" + "Enable wolfSSL keying material export (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_KEYING_MATERIAL) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_KEYING_MATERIAL") +endif() if(WOLFSSL_KEYGEN) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_KEY_GEN") From f58ae30b509835140a667ce5a7513fef4e8a40d2 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 22 Jun 2023 10:51:07 -0400 Subject: [PATCH 2/4] Add in CMake flags 'HPKE', 'HKDF', 'ECH' --- CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++++++++ cmake/functions.cmake | 7 +++++++ 2 files changed, 45 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index f00fc47cc..b17a93bd0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1774,11 +1774,49 @@ if(WOLFSSL_AESKEYWRAP) ) endif() +# Hybrid Key Derivation Function +add_option("WOLFSSL_HKDF" + "Enable wolfSSL HKDF (HMAC-KDF) support (default: disabled)" + "no" "yes;no") + + +# Hybrid Public Key Encryption (RFC9180) +add_option("WOLFSSL_HPKE" + "Enable wolfSSL hybrid public key encryption (default: disabled)" + "no" "yes;no") + +# Encrypted Client Hello (ECH) +add_option("WOLFSSL_ECH" + "Enable wolfSSL encrypted client hello (default: disabled)" + "no" "yes;no") + # Keying Material Exporter / TLS Exporter add_option("WOLFSSL_KEYING_MATERIAL" "Enable wolfSSL keying material export (default: disabled)" "no" "yes;no") +if(WOLFSSL_HPKE) + if(NOT WOLFSSL_ECC) + message(FATAL_ERROR "HPKE supported only with ECC (WOLFSSL_ECC)") + endif() + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HPKE") + override_cache(WOLFSSL_HKDF "yes") +endif() + +if(WOLFSSL_HKDF) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HKDF") +endif() + +if(WOLFSSL_ECH) + if(NOT WOLFSSL_HPKE) + message(FATAL_ERROR "ECH supported only with HPKE (WOLFSSL_HPKE)") + endif() + if(NOT WOLFSSL_SNI) + message(FATAL_ERROR "ECH supported only with SNI (WOLFSSL_SNI)") + endif() + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECH") +endif() + if(WOLFSSL_KEYING_MATERIAL) list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_KEYING_MATERIAL") endif() diff --git a/cmake/functions.cmake b/cmake/functions.cmake index 87839d1bc..e77991ea1 100644 --- a/cmake/functions.cmake +++ b/cmake/functions.cmake @@ -304,6 +304,9 @@ function(generate_build_flags) if(WOLFSSL_CAAM) set(BUILD_CAAM "yes" PARENT_SCOPE) endif() + if(WOLFSSL_HPKE OR WOLFSSL_USER_SETTINGS) + set(BUILD_HPKE "yes" PARENT_SCOPE) + endif() set(BUILD_FLAGS_GENERATED "yes" PARENT_SCOPE) endfunction() @@ -910,6 +913,10 @@ function(generate_lib_src_list LIB_SOURCES) wolfcrypt/src/port/caam/wolfcaam_hmac.c) endif() + if(BUILD_HPKE) + list(APPEND LIB_SOURCES wolfcrypt/src/hpke.c) + endif() + set(LIB_SOURCES ${LIB_SOURCES} PARENT_SCOPE) endfunction() From 0ee198437ac0c6f502d1c0c7dd1f10998ac5b63a Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 22 Jun 2023 11:03:56 -0400 Subject: [PATCH 3/4] Get around issue with 'uint8_t' undefined --- wolfcrypt/test/test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 874744ffc..3a2c3d9ea 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -23238,10 +23238,10 @@ static int hpke_test_single(Hpke* hpke) void* receiverKey = NULL; void* ephemeralKey = NULL; #ifdef WOLFSSL_SMALL_STACK - uint8_t *pubKey = NULL; /* public key */ + byte *pubKey = NULL; /* public key */ word16 pubKeySz = (word16)HPKE_Npk_MAX; #else - uint8_t pubKey[HPKE_Npk_MAX]; /* public key */ + byte pubKey[HPKE_Npk_MAX]; /* public key */ word16 pubKeySz = (word16)sizeof(pubKey); #endif @@ -23252,7 +23252,7 @@ static int hpke_test_single(Hpke* hpke) #ifdef WOLFSSL_SMALL_STACK if (ret == 0) { - pubKey = (uint8_t *)XMALLOC(pubKeySz, HEAP_HINT, + pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pubKey == NULL) ret = MEMORY_E; From 155ce9aecf9f5b14261cd6c238ceb1e6f2aee649 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 22 Jun 2023 11:17:34 -0400 Subject: [PATCH 4/4] HKDF already defined --- CMakeLists.txt | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b17a93bd0..8cafb4a0a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1774,12 +1774,6 @@ if(WOLFSSL_AESKEYWRAP) ) endif() -# Hybrid Key Derivation Function -add_option("WOLFSSL_HKDF" - "Enable wolfSSL HKDF (HMAC-KDF) support (default: disabled)" - "no" "yes;no") - - # Hybrid Public Key Encryption (RFC9180) add_option("WOLFSSL_HPKE" "Enable wolfSSL hybrid public key encryption (default: disabled)" @@ -1803,10 +1797,6 @@ if(WOLFSSL_HPKE) override_cache(WOLFSSL_HKDF "yes") endif() -if(WOLFSSL_HKDF) - list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HKDF") -endif() - if(WOLFSSL_ECH) if(NOT WOLFSSL_HPKE) message(FATAL_ERROR "ECH supported only with HPKE (WOLFSSL_HPKE)")