Expand testing to include SW implementation of RSA with padding callback, code cleanup to address review comments.

2024-08-30 13:41:51 -07:00 · 2024-08-30 13:41:51 -07:00 · 2bcfff3497
parent 50a3a37ff2
commit 2bcfff3497
2 changed files with 92 additions and 7 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -83662,7 +83662,71 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
        else if (info->pk.type == WC_PK_TYPE_RSA_PKCS ||
                 info->pk.type == WC_PK_TYPE_RSA_PSS  ||
                 info->pk.type == WC_PK_TYPE_RSA_OAEP) {
-            ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
+            RsaKey key;
+
+            if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ||
+                info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
+                /* Have all public key ops fall back to SW */
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            if (info->pk.rsa.padding == NULL) {
+                return BAD_FUNC_ARG;
+            }
+
+            /* Initialize key */
+            ret = load_pem_key_file_as_der(privKeyFile, &pDer,
+                &keyFormat);
+            if (ret != 0) {
+                return ret;
+            }
+
+            ret = wc_InitRsaKey(&key, HEAP_HINT);
+            if (ret == 0) {
+                word32 keyIdx = 0;
+                /* load RSA private key and perform private transform */
+                ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
+                    &key, pDer->length);
+            }
+            /* Perform RSA operation */
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) {
+            #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+                ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen, &key,
+                    info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) {
+            #ifdef WC_RSA_PSS
+                ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf,
+                    info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_OAEP)) {
+            #if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_NO_PADDING)
+                ret = wc_RsaPrivateDecrypt_ex(
+                    info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    &key, WC_RSA_OAEP_PAD, info->pk.rsa.padding->hash,
+                    info->pk.rsa.padding->mgf, info->pk.rsa.padding->label,
+                    info->pk.rsa.padding->labelSz);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+
+            if (ret > 0) {
+                *info->pk.rsa.outLen = ret;
+            }
+
+            wc_FreeRsaKey(&key);
+            wc_FreeDer(&pDer); pDer = NULL;
        }
        #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */
    #endif /* !NO_RSA */
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@ -1809,57 +1809,78 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey,
    return ret;
 }

+/**
+ * Get the hash length associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  -1 if hash type not recognized.
+ * @return  hash length on success.
+ */
 int wc_hash2sz(int hType)
 {
    switch(hType) {
    case WC_HASH_TYPE_SHA:
        return 20;
+    case WC_HASH_TYPE_SHA224:
+        return 24;
    case WC_HASH_TYPE_SHA256:
        return 32;
    case WC_HASH_TYPE_SHA384:
        return 48;
    case WC_HASH_TYPE_SHA512:
        return 64;
-    case WC_HASH_TYPE_SHA224:
-        return 24;
    default:
        /* unsupported WC_HASH_TYPE_XXXX */
        return -1;
    }
 }

+/**
+ * Get PKCS11 hash mechanism associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  0 if hash type not recognized.
+ * @return  PKCS11 mechanism on success.
+ */
 CK_MECHANISM_TYPE wc_hash2ckm(int hType)
 {
    switch(hType) {
    case WC_HASH_TYPE_SHA:
        return CKM_SHA_1;
+    case WC_HASH_TYPE_SHA224:
+        return CKM_SHA224;
    case WC_HASH_TYPE_SHA256:
        return CKM_SHA256;
    case WC_HASH_TYPE_SHA384:
        return CKM_SHA384;
    case WC_HASH_TYPE_SHA512:
        return CKM_SHA512;
-    case WC_HASH_TYPE_SHA224:
-        return CKM_SHA224;
    default:
        /* unsupported WC_HASH_TYPE_XXXX */
        return 0UL;
    }
 }

+/**
+ * Get PKCS11 MGF hash mechanism associated with the WolfCrypt MGF hash type.
+ *
+ * @param  [in]   mgf   MGF Type.
+ * @return  0 if MGF type not recognized.
+ * @return  PKCS11 MGF hash mechanism on success.
+ */
 CK_MECHANISM_TYPE wc_mgf2ckm(int mgf)
 {
    switch(mgf) {
    case WC_MGF1SHA1:
        return CKG_MGF1_SHA1;
+    case WC_MGF1SHA224:
+        return CKG_MGF1_SHA224;
    case WC_MGF1SHA256:
        return CKG_MGF1_SHA256;
    case WC_MGF1SHA384:
        return CKG_MGF1_SHA384;
    case WC_MGF1SHA512:
        return CKG_MGF1_SHA512;
-    case WC_MGF1SHA224:
-        return CKG_MGF1_SHA224;
    default:
        /* unsupported WC_MGF1XXXX */
        return 0x0UL;