Fixes and improvements for building with low footprint. Fix for ASN template with RSA verify only (was missing `mp_leading_bit`). Fix to allow disabling DRBG with crypto callbacks enabled. Updated the wolfTPM user_settings.h template with low resource option.

IDE/NETOS/user_settings.h

@@ -458,7 +458,6 @@ extern "C" {
 /* RNG */
 /* ------------------------------------------------------------------------- */
 
-/* Seed Source */
 /* Seed Source */
 #if 1
     extern int my_rng_generate_seed(unsigned char* output, int sz);

configure.ac

@@ -1838,10 +1838,13 @@ AC_ARG_ENABLE([lowresource],
 if test "$ENABLED_LOWRESOURCE" = "yes"
 then
     # low memory / flash flags
-    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
+    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
 
     # low flash flags
     AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
+
+    # AES small
+    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL -DWOLFSSL_AES_NO_UNROLL -DWOLFSSL_AES_SMALL_TABLES"
 fi
 
 

examples/configs/user_settings_wolftpm.h

@@ -20,14 +20,42 @@
  */
 
 
-/* should be renamed to user_settings.h for customer use
+/* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */
- * generated from configure and wolfssl/options.h using:
+
- * ./configure --enable-wolftpm --disable-dh --disable-oldtls \
+/* Test using:
- *    --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
+cp ./examples/configs/user_settings_wolftpm.h user_settings.h
- *    --disable-pkcs12 --disable-chacha --disable-poly1305 \
+./configure --enable-usersettings --disable-examples CFLAGS="-Os"
- *    --disable-sys-ca-certs --disable-examples
+make
- *
+*/
- * Cleaned up by David Garske
+
+/* Options generated from configure and wolfssl/options.h using:
+./configure --enable-wolftpm --disable-dh --disable-oldtls \
+  --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
+  --disable-pkcs12 --disable-chacha --disable-poly1305 \
+  --disable-sys-ca-certs --disable-examples
+*/
+
+/* Options for USE_LOW_RESOURCE generated with configure and wolfssl/options.h
+ * using:
+./configure --enable-lowresource --enable-cryptonly --enable-aescfb \
+  --enable-hmac --enable-cryptocb --enable-singlethreaded \
+  --enable-sp=smallrsa2048 --enable-sp-math --disable-sp-asm \
+  --disable-filesystem --disable-asm --disable-pkcs8 --disable-pkcs12 \
+  --disable-ecc --disable-dh \
+  --disable-sha224 --disable-sha384 --disable-sha512 \
+  --disable-md5 --disable-sha3 \
+  --disable-aescbc --disable-aesgcm --disable-aesccm \
+  --disable-poly1305 --disable-chacha \
+  --disable-hashdrbg \
+  --disable-sys-ca-certs --disable-error-queue-per-thread \
+  --disable-oldtls --disable-errorstrings --disable-memory --disable-coding \
+  --disable-examples --disable-optflags \
+  CFLAGS="-Os -DNO_SIG_WRAPPER -DNO_AES_192 -DNO_AES_256 \
+  -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_INLINE -DNO_CHECK_PRIVATE_KEY"
+ */
+
+/* For the wolfTPM build:
+./configure --enable-swtpm CFLAGS="-Os" && make
 */
 
 
@@ -38,7 +66,15 @@
 extern "C" {
 #endif
 
-#if 1
+/* enable for low resource options */
+#if 0
+    #define USE_LOW_RESOURCE
+#endif
+
+#ifdef USE_LOW_RESOURCE
+    /* wolfCrypt only (no SSL/TLS) */
+    #define WOLFCRYPT_ONLY
+#else
     /* wolfTPM with TLS example (v1.3 only) */
     #define WOLFSSL_TLS13
     #define WOLFSSL_NO_TLS12
@@ -52,60 +88,90 @@ extern "C" {
     #define HAVE_HKDF
     #define WC_RSA_PSS
     #define WOLFSSL_PSS_LONG_SALT
-#else
-    /* wolfCrypt only (no SSL/TLS) */
-    #define WOLFCRYPT_ONLY
 #endif
 
 /* No threading or file system */
 #define SINGLE_THREADED
-/* File system disable */
-#if 0
-    #define NO_FILESYSTEM
-#endif
 
 /* Enable crypto callbacks */
 #define WOLF_CRYPTO_CB
 
-/* Enable PRNG (SHA2-256) */
+#ifdef USE_LOW_RESOURCE
-#define HAVE_HASHDRBG
+    /* Single Precision math for RSA 2048 only (small) */
-
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_SP_MATH
+    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_NO_3072 /* 2048-only */
+#else
     /* Enable SP math all (sp_int.c) with multi-precision support */
     #define WOLFSSL_SP_MATH_ALL
+#endif
 
 /* Enable hardening (timing resistance) */
 #define TFM_TIMING_RESISTANT
 #define ECC_TIMING_RESISTANT
 #define WC_RSA_BLINDING
 
+/* Enable PRNG (SHA2-256) */
+#ifdef USE_LOW_RESOURCE
+    /* use TPM TRNG */
+    #define WC_NO_HASHDRBG
+#else
+    #define HAVE_HASHDRBG
+#endif
+
 /* Asymmetric */
-#define HAVE_ECC
+#if 1 /* RSA - needed to encrypt salt */
     #undef  NO_RSA
-#define NO_DH
+    #ifdef USE_LOW_RESOURCE
-#ifndef NO_DH
+        #define WOLFSSL_RSA_PUBLIC_ONLY
+        #define WOLFSSL_RSA_VERIFY_INLINE
+        #define NO_CHECK_PRIVATE_KEY
+    #endif
+#else
+    #define NO_RSA
+#endif
+#ifndef USE_LOW_RESOURCE /* ECC */
+    #define HAVE_ECC
+    #define ECC_USER_CURVES /* default to only SECP256R1 */
+#endif
+#ifndef USE_LOW_RESOURCE /* DH */
+    #undef  NO_DH
     #define HAVE_FFDHE_2048
     #define HAVE_DH_DEFAULT_PARAMS
+#else
+    #define NO_DH
 #endif
 
 /* Symmetric Hash */
 #undef NO_SHA
 #undef NO_SHA256
+#ifndef USE_LOW_RESOURCE
     #define WOLFSSL_SHA512
     #define WOLFSSL_SHA384
+#endif
 
 /* Symmetric Cipher */
+#define WOLFSSL_AES_CFB
+#define HAVE_AES_DECRYPT
+#ifndef USE_LOW_RESOURCE
     #define HAVE_AES_KEYWRAP
     #define WOLFSSL_AES_DIRECT
-#define WOLFSSL_AES_CFB
     #define HAVE_AESGCM
     #define GCM_TABLE_4BIT
+#else
+    #define NO_AES_CBC
+#endif
 
-#if 0
+#if 0 /* ChaCha20 / Poly1305 */
     #define HAVE_POLY1305
     #define HAVE_CHACHA
 #endif
 
 /* Features */
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
+#ifndef USE_LOW_RESOURCE
     #define WOLFSSL_CERT_GEN
     #define WOLFSSL_CERT_REQ
     #define WOLFSSL_CERT_EXT
@@ -113,17 +179,45 @@ extern "C" {
     #define HAVE_PKCS7
     #define HAVE_X963_KDF
     #define WOLFSSL_BASE64_ENCODE
-
+#endif
 
 /* Disables */
+#define NO_PKCS8
+#define NO_PKCS12
+#define NO_PWDBASED
 #define NO_DSA
 #define NO_DES3
 #define NO_RC4
 #define NO_PSK
 #define NO_MD4
+#define NO_MD5
 #define WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE256
+#define NO_WRITEV
 
+/* Low Resource Options */
+#ifdef USE_LOW_RESOURCE
+    #define NO_FILESYSTEM /* File system disable */
+    #define NO_ERROR_STRINGS
+    #define WOLFSSL_NO_ASM
+    #define TFM_NO_ASM
+    #define NO_WOLFSSL_MEMORY
+    #define NO_SESSION_CACHE
+    #define RSA_LOW_MEM
+    #define WOLFSSL_AES_SMALL_TABLES
+    #define WOLFSSL_AES_NO_UNROLL
+    #define GCM_SMALL
+    #undef  GCM_TABLE_4BIT
+    #define NO_AES_192
+    #define NO_AES_256
+    #define USE_SLOW_SHA
+    #define USE_SLOW_SHA256
+    #define USE_SLOW_SHA512
+    #define NO_SIG_WRAPPER
+    #define NO_ASN_TIME
+    #define NO_CODING
+    #define NO_BIG_INT
+#endif
 
 #ifdef __cplusplus
 }

wolfcrypt/benchmark/benchmark.c

@@ -6516,7 +6516,7 @@ exit_rsa_pub:
                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaSSL_Sign(message, len, enc[i],
-                                                rsaKeySz/8, &rsaKey[i], &gRng);
+                                            rsaKeySz/8, &rsaKey[i], GLOBAL_RNG);
                         if (!bench_async_handle(&ret,
                                            BENCH_ASYNC_GET_DEV(&rsaKey[i]),
                                            1, &times, &pending)) {
@@ -7371,7 +7371,7 @@ exit_ecdhe:
                     }
 
                     ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i],
-                                           &x[i], &gRng, &genKey[i]);
+                                           &x[i], GLOBAL_RNG, &genKey[i]);
 
                     if (!bench_async_handle(&ret,
                                 BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,

wolfcrypt/src/cryptocb.c

@@ -235,7 +235,7 @@ int wc_CryptoCb_GetDevIdAtIndex(int startIdx)
 
 /* Used to register a find device function. Useful for cases where the
  * device ID in the struct may not have been set but still wanting to use
- * a specifice crypto callback device ID. The find callback is global and
+ * a specific crypto callback device ID. The find callback is global and
  * not thread safe. */
 void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb)
 {

wolfcrypt/src/sp_int.c

@@ -5605,7 +5605,7 @@ int sp_cnt_lsb(const sp_int* a)
 }
 #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
 
-#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_ASN_TEMPLATE) || \
     (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_ASN))
 /* Determine if the most significant byte of the encoded multi-precision number
  * has the top bit set.

wolfcrypt/test/test.c

@@ -758,6 +758,22 @@ static int wolfssl_pb_print(const char* msg, ...)
 }
 #endif /* WOLFSSL_PB */
 
+
+#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+    !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+/* Enable support for RNG with crypto callback */
+static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
+{
+    int rc = CRYPTOCB_UNAVAILABLE;
+    if (info->algo_type == WC_ALGO_TYPE_RNG) {
+        rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
+    }
+    (void)ctx;
+    (void)thisDevId;
+    return rc;
+}
+#endif
+
 /* optional macro to add sleep between tests */
 #ifndef TEST_SLEEP
 #define TEST_SLEEP()
@@ -925,6 +941,16 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 #endif
 
+#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+    !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+    if (devId == INVALID_DEVID) {
+        /* for testing RNG with crypto callback register function */
+        devId = 100; /* any value beside -2 (INVALID_DEVID) */
+        wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
+    }
+#endif
+
+
 #ifdef HAVE_SELFTEST
     if ( (ret = wolfCrypt_SelfTest()) != 0)
         TEST_FAIL("CAVP selftest failed!\n", ret);
@@ -8561,6 +8587,7 @@ EVP_TEST_END:
         }
         #endif
     #endif
+#endif /* WOLFSSL_AES_256 */
 
   out:
 
@@ -8580,7 +8607,6 @@ EVP_TEST_END:
 #endif
 #endif
 
-#endif /* WOLFSSL_AES_256 */
         return ret;
     }
 
@@ -8776,6 +8802,7 @@ EVP_TEST_END:
             goto out;
         }
     #endif
+#endif /* WOLFSSL_AES_256 */
 
       out:
 
@@ -8795,8 +8822,6 @@ EVP_TEST_END:
 #endif
 #endif
 
-#endif /* WOLFSSL_AES_256 */
-
         return ret;
     }
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
@@ -13244,7 +13269,6 @@ exit:
     return ret;
 }
 
-
 static int random_rng_test(void)
 {
     WC_RNG localRng;
@@ -13277,6 +13301,7 @@ static int random_rng_test(void)
         if (rng == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
+        rng->devId = devId;
         ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
 
         wc_rng_free(rng);
@@ -44565,7 +44590,12 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 #endif
 
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
-    #ifndef WC_NO_RNG
+    #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
+        !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+        /* if RNG only supports crypto callback, just use seed */
+        ret = wc_GenerateSeed(&info->rng.rng->seed,
+            info->rng.out, info->rng.sz);
+    #elif !defined(WC_NO_RNG)
         /* set devId to invalid, so software is used */
         info->rng.rng->devId = INVALID_DEVID;
 
@@ -45172,6 +45202,7 @@ static int myCryptoCbFind(int currentId, int algoType)
 WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
 {
     int ret = 0;
+    int origDevId = devId;
     myCryptoDevCtx myCtx;
 
     /* example data for callback */
@@ -45272,8 +45303,8 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
         ret = cmac_test();
 #endif
 
-    /* reset devId */
+    /* restore devId */
-    devId = INVALID_DEVID;
+    devId = origDevId;
 
     return ret;
 }

wolfssl/wolfcrypt/random.h

@@ -113,6 +113,8 @@
      /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
 #elif defined(HAVE_INTEL_RDRAND)
     /* Intel RDRAND or RDSEED */
+#elif defined(WOLF_CRYPTO_CB)
+    /* Requires registered Crypto Callback to service RNG, with devId set */
 #elif !defined(WC_NO_RNG)
     #error No RNG source defined!
 #endif