From 8705d28d489237488e2f5322cb117e9b0203af01 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 1 Apr 2025 01:17:10 -0500 Subject: [PATCH] wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), rework support for WC_FLAG_DONT_USE_AESNI (fixes WC_C_DYNAMIC_FALLBACK). wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS. linuxkm/lkcapi_glue.c: * add check_skcipher_driver_masking() and check_aead_driver_masking(), * use _masking() checks in all linuxkm_test_*(). * add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm(). * add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb() * remove incomplete+disabled AES-CCM shim implementation. linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER. linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER. Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section. configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace. .wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI. wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it, wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests. --- .wolfssl_known_macro_extras | 1 + Makefile.am | 3 +- configure.ac | 7 +- linuxkm/Makefile | 2 + linuxkm/lkcapi_glue.c | 548 +++++++++-------------------------- linuxkm/module_hooks.c | 2 +- wolfcrypt/src/aes.c | 27 +- wolfcrypt/test/test.c | 12 +- wolfcrypt/test/test.h | 289 ++++++++++++++++++ wolfssl/wolfcrypt/settings.h | 9 +- 10 files changed, 458 insertions(+), 442 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 33547245f..a0ab08c6b 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -547,6 +547,7 @@ WC_SHA384_DIGEST_SIZE WC_SHA512 WC_SSIZE_TYPE WC_STRICT_SIG +WC_WANT_FLAG_DONT_USE_AESNI WC_XMSS_FULL_HASH WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE WOLFSENTRY_H diff --git a/Makefile.am b/Makefile.am index d8e4b6ddf..ba768ec35 100644 --- a/Makefile.am +++ b/Makefile.am @@ -213,7 +213,8 @@ if BUILD_LINUXKM EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \ AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \ AM_CCASFLAGS CCASFLAGS \ - src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_PIE ENABLED_ASM \ + src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_LKCAPI_REGISTER \ + ENABLED_LINUXKM_PIE ENABLED_ASM \ CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \ CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \ ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \ diff --git a/configure.ac b/configure.ac index 5b45e3cc2..b99c8ffb0 100644 --- a/configure.ac +++ b/configure.ac @@ -679,7 +679,7 @@ AC_SUBST([ENABLED_LINUXKM_BENCHMARKS]) if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC" if test "$ENABLED_LINUXKM_PIE" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK" fi @@ -3534,7 +3534,7 @@ then then AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP" ENABLED_AESNI=yes - ENABLED_AESNI_WITH_AVX=yes + ENABLED_AESNI_WITH_AVX=yes elif test "$ENABLED_AESNI_WITH_AVX" = "yes" then AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP_FOR_AES" @@ -9366,7 +9366,7 @@ then '-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;; '-gcm(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM" ;; '-rfc4106(gcm(aes))') - AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106" ;; + AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106" ;; '-xts(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESXTS" ;; '-ctr(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCTR" ;; '-ofb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESOFB" ;; @@ -9375,6 +9375,7 @@ then esac done fi +AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]) # Library Suffix LIBSUFFIX="" diff --git a/linuxkm/Makefile b/linuxkm/Makefile index d673da6c3..ba6629c56 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -43,6 +43,8 @@ WOLFSSL_OBJ_FILES=$(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/ ifeq "$(ENABLED_CRYPT_TESTS)" "yes" WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o +else ifneq "$(ENABLED_LINUXKM_LKCAPI_REGISTER)" "none" + WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o else WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST endif diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index b48a26cd2..c7ae88124 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -74,7 +74,6 @@ static int disable_setkey_warnings = 0; #define WOLFKM_AESCTR_NAME "ctr(aes)" #define WOLFKM_AESOFB_NAME "ofb(aes)" #define WOLFKM_AESECB_NAME "ecb(aes)" -#define WOLFKM_AESCCM_NAME "ccm(aes)" #ifdef WOLFSSL_AESNI #define WOLFKM_DRIVER_ISA_EXT "-aesni" @@ -107,7 +106,6 @@ static int disable_setkey_warnings = 0; #define WOLFKM_AESCTR_DRIVER ("ctr-aes" WOLFKM_DRIVER_SUFFIX) #define WOLFKM_AESOFB_DRIVER ("ofb-aes" WOLFKM_DRIVER_SUFFIX) #define WOLFKM_AESECB_DRIVER ("ecb-aes" WOLFKM_DRIVER_SUFFIX) -#define WOLFKM_AESCCM_DRIVER ("ccm-aes" WOLFKM_DRIVER_SUFFIX) #ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES enum linux_errcodes { @@ -187,17 +185,6 @@ static int disable_setkey_warnings = 0; #undef LINUXKM_LKCAPI_REGISTER_AESECB #endif -#ifdef notyet -#ifdef HAVE_AESCCM - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCCM)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_AESCCM) - #define LINUXKM_LKCAPI_REGISTER_AESCCM - #endif -#else - #undef LINUXKM_LKCAPI_REGISTER_AESCCM -#endif -#endif /* notyet */ - #ifdef LINUXKM_LKCAPI_REGISTER_AESCBC static int linuxkm_test_aescbc(void); #endif @@ -222,9 +209,6 @@ static int disable_setkey_warnings = 0; #ifdef LINUXKM_LKCAPI_REGISTER_AESECB static int linuxkm_test_aesecb(void); #endif -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM - static int linuxkm_test_aesccm(void); -#endif /* km_AesX(): wrappers to wolfcrypt wc_AesX functions and * structures. */ @@ -248,6 +232,72 @@ static int disable_setkey_warnings = 0; #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but CAN_SAVE_VECTOR_REGISTERS is missing. #endif +WC_MAYBE_UNUSED static int check_skcipher_driver_masking(struct crypto_skcipher *tfm, const char *alg_name, const char *expected_driver_name) { +#ifdef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING + (void)tfm; (void)alg_name; (void)expected_driver_name; + return 0; +#else + const char *actual_driver_name; + int ret; + int alloced_tfm = 0; + + if (! tfm) { + alloced_tfm = 1; + tfm = crypto_alloc_skcipher(alg_name, 0, 0); + } + if (IS_ERR(tfm)) { + pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n", + alg_name, PTR_ERR(tfm)); + return -EINVAL; + } + actual_driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); + if (strcmp(actual_driver_name, expected_driver_name)) { + pr_err("error: unexpected implementation for %s: %s (expected %s)\n", + alg_name, actual_driver_name, expected_driver_name); + ret = -ENOENT; + } else + ret = 0; + + if (alloced_tfm) + crypto_free_skcipher(tfm); + + return ret; +#endif +} + +WC_MAYBE_UNUSED static int check_aead_driver_masking(struct crypto_aead *tfm, const char *alg_name, const char *expected_driver_name) { +#ifdef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING + (void)tfm; (void)alg_name; (void)expected_driver_name; + return 0; +#else + const char *actual_driver_name; + int ret; + int alloced_tfm = 0; + + if (! tfm) { + alloced_tfm = 1; + tfm = crypto_alloc_aead(alg_name, 0, 0); + } + if (IS_ERR(tfm)) { + pr_err("error: allocating AES AEAD algorithm %s failed: %ld\n", + alg_name, PTR_ERR(tfm)); + return -EINVAL; + } + actual_driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)); + if (strcmp(actual_driver_name, expected_driver_name)) { + pr_err("error: unexpected implementation for %s: %s (expected %s)\n", + alg_name, actual_driver_name, expected_driver_name); + ret = -ENOENT; + } else + ret = 0; + + if (alloced_tfm) + crypto_free_aead(tfm); + + return ret; +#endif +} + struct km_AesCtx { Aes *aes_encrypt; /* allocated in km_AesInitCommon() to assure * alignment, needed for AESNI. @@ -257,15 +307,8 @@ struct km_AesCtx { Aes *aes_encrypt_C; /* fallback if vector registers aren't available. */ Aes *aes_decrypt_C; #endif -#if defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106) || defined(LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309) - union { #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 - byte rfc4106_nonce[4]; -#endif -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309 - byte rfc4309_nonce[3]; -#endif - }; + byte rfc4106_nonce[4]; #endif }; @@ -275,8 +318,7 @@ struct km_AesCtx { defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106) || \ defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \ defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \ - defined(LINUXKM_LKCAPI_REGISTER_AESECB) || \ - defined(LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309) + defined(LINUXKM_LKCAPI_REGISTER_AESECB) static void km_AesExitCommon(struct km_AesCtx * ctx); @@ -480,8 +522,7 @@ static void km_AesExitCommon(struct km_AesCtx * ctx) defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \ defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \ defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \ - defined(LINUXKM_LKCAPI_REGISTER_AESECB) || \ - defined(LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309) + defined(LINUXKM_LKCAPI_REGISTER_AESECB) static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, unsigned int key_len, const char * name) @@ -558,15 +599,14 @@ static void km_AesExit(struct crypto_skcipher *tfm) * LINUXKM_LKCAPI_REGISTER_AESCFB || * LINUXKM_LKCAPI_REGISTER_AESCTR || * LINUXKM_LKCAPI_REGISTER_AESOFB || - * LINUXKM_LKCAPI_REGISTER_AESECB || - * LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309 + * LINUXKM_LKCAPI_REGISTER_AESECB */ #endif /* LINUXKM_LKCAPI_REGISTER_AESCBC || * LINUXKM_LKCAPI_REGISTER_AESCFB || LINUXKM_LKCAPI_REGISTER_AESGCM || * LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 || * LINUXKM_LKCAPI_REGISTER_AESCTR || LINUXKM_LKCAPI_REGISTER_AESOFB || - * LINUXKM_LKCAPI_REGISTER_AESECB || LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309 + * LINUXKM_LKCAPI_REGISTER_AESECB */ #ifdef LINUXKM_LKCAPI_REGISTER_AESCBC @@ -1330,7 +1370,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p) if (decrypt_p) { err = wc_AesGcmDecrypt(aes_copy, out_text, in_text, req->cryptlen - tfm->authsize, #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 - rfc4106_p ? rfc4106_iv : + rfc4106_p ? rfc4106_iv : #endif sk_walk.iv, GCM_NONCE_MID_SZ, authTag, tfm->authsize, @@ -1355,7 +1395,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p) else { err = wc_AesGcmEncrypt(aes_copy, out_text, in_text, req->cryptlen, #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 - rfc4106_p ? rfc4106_iv : + rfc4106_p ? rfc4106_iv : #endif sk_walk.iv, GCM_NONCE_MID_SZ, authTag, tfm->authsize, @@ -1473,8 +1513,8 @@ static int gcmAesAead_rfc4106_loaded = 0; #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream). #endif -#ifndef WC_C_DYNAMIC_FALLBACK - #error LKCAPI registration of AES-XTS requires WC_C_DYNAMIC_FALLBACK. +#if defined(WOLFSSL_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK) + #error LKCAPI registration of AES-XTS with AESNI requires WC_C_DYNAMIC_FALLBACK. #endif struct km_AesXtsCtx { @@ -1534,6 +1574,12 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key, return -EINVAL; } + /* It's possible to set ctx->aesXts->{tweak,aes,aes_decrypt}.use_aesni to + * WC_FLAG_DONT_USE_AESNI here, for WC_LINUXKM_C_FALLBACK_IN_SHIMS in + * AES-XTS, but we can use the WC_C_DYNAMIC_FALLBACK mechanism + * unconditionally because there's no AES-XTS in Cert 4718. + */ + return 0; } @@ -2280,342 +2326,6 @@ static int ecbAesAlg_loaded = 0; #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */ -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309 - -static int km_AesCcmInit(struct crypto_aead * tfm) -{ - struct km_AesCtx * ctx = crypto_aead_ctx(tfm); - return km_AesInitCommon(ctx, WOLFKM_AESCCM_DRIVER, 0); -} - -static void km_AesCcmExit(struct crypto_aead * tfm) -{ - struct km_AesCtx * ctx = crypto_aead_ctx(tfm); - km_AesExitCommon(ctx); -} - -static int km_AesCcmSetKey_rfc4309(struct crypto_aead *tfm, const u8 *in_key, - unsigned int key_len) -{ - int err; - struct km_AesCtx * ctx = crypto_aead_ctx(tfm); - - - - err = wc_AesCcmSetKey(ctx->aes_encrypt, in_key, key_len); - - if (unlikely(err)) { - if (! disable_setkey_warnings) - pr_err("%s: wc_AesCcmSetKey failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - return -EINVAL; - } - - return 0; -} - -static int km_AesCcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize) -{ - (void)tfm; - - if (wc_AesCcmCheckTagSize((int)authsize) == 0) - return 0; - -#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG - pr_err("%s: invalid authsize: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize); -#endif - return -EINVAL; -} - -/* - * aead ciphers receive data in scatterlists in following order: - * encrypt - * req->src: aad||plaintext - * req->dst: aad||ciphertext||tag - * decrypt - * req->src: aad||ciphertext||tag - * req->dst: aad||plaintext, return 0 or -EBADMSG - */ - -static int km_AesCcmEncrypt(struct aead_request *req) -{ - struct crypto_aead * tfm = NULL; - struct km_AesCtx * ctx = NULL; - struct skcipher_walk walk; - struct scatter_walk copy_walk; - u8 * copy_mem = NULL; - u8 authTag[WC_AES_BLOCK_SIZE]; - int err; - u8 * assoc = NULL; - Aes *aes_copy = NULL; - u8 * plaintext = NULL; - u8 * plaintext_copy = NULL; - u8 * ciphertext = NULL; - int iv_size; - - tfm = crypto_aead_reqtfm(req); - ctx = crypto_aead_ctx(tfm); - - err = skcipher_walk_aead_encrypt(&walk, req, false); - if (unlikely(err)) { - pr_err("%s: skcipher_walk_aead_encrypt failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - return -EINVAL; - } - - if (req->src->length >= req->assoclen + req->cryptlen && req->src->length) { - scatterwalk_start(©_walk, req->src); - assoc = scatterwalk_map(©_walk); - if (unlikely(IS_ERR(assoc))) { - pr_err("%s: scatterwalk_map failed: %ld\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), - PTR_ERR(assoc)); - goto out; - } - plaintext = assoc + req->assoclen; - ciphertext = ?; - } - else { - copy_mem = malloc(req->assoclen + req->cryptlen); - if (unlikely(copy_mem == NULL)) { - err = -ENOMEM; - goto out; - } - scatterwalk_map_and_copy(copy_mem, req->src, 0, req->assoclen + req->cryptlen, 0); - assoc = copy_mem; - plaintext = assoc + req->assoclen; - ciphertext = plaintext; - } - - - /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and - * aes->streamData. - */ - aes_copy = (struct Aes *)malloc(sizeof(Aes)); - if (aes_copy == NULL) { - err = -ENOMEM; - goto out; - } - XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes_copy->streamData = NULL; -#endif - - - -err = wc_AesCcmEncrypt(aes_copy, ciphertext, plaintext, req->cryptlen, - walk.iv, crypto_aead_ivsize(crypto_aead_tfm(tfm)), - authTag, sizeof authTag, - assoc, req->assoclen); - - if (unlikely(err)) { - pr_err("%s: wc_AesCcmEncrypt failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - err = -EINVAL; - goto out; - } - - err = skcipher_walk_done(&walk, 0); - - if (unlikely(err)) { - pr_err("%s: skcipher_walk_done failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - goto out; - } - } - - err = wc_AesCcmEncryptFinal(aes_copy, authTag, tfm->authsize); - if (unlikely(err)) { - pr_err("%s: wc_AesCcmEncryptFinal failed with return code %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - err = -EINVAL; - goto out; - } - - /* Now copy the auth tag into request scatterlist. */ - scatterwalk_map_and_copy(authTag, req->dst, - req->assoclen + req->cryptlen, - tfm->authsize, 1); - -out: - - if (assocmem) - free(assocmem); - else if (assoc) - scatterwalk_unmap(assoc); - - if (plaintext_copy) - free(plaintext_copy); - else if (plaintext) - scatterwalk_unmap(plaintext); - - if (aes_copy) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - free(aes_copy->streamData); -#endif - km_AesFree(&aes_copy); - } - - return err; -} - -static int km_AesCcmDecrypt(struct aead_request *req) -{ - struct crypto_aead * tfm = NULL; - struct km_AesCtx * ctx = NULL; - struct skcipher_walk walk; - struct scatter_walk assocSgWalk; - u8 origAuthTag[WC_AES_BLOCK_SIZE]; - int err; - u8 * assoc = NULL; - u8 * assocmem = NULL; - Aes *aes_copy; - - tfm = crypto_aead_reqtfm(req); - ctx = crypto_aead_ctx(tfm); - - /* Copy out original auth tag from req->src. */ - scatterwalk_map_and_copy(origAuthTag, req->src, - req->assoclen + req->cryptlen - tfm->authsize, - tfm->authsize, 0); - - err = skcipher_walk_aead_decrypt(&walk, req, false); - if (unlikely(err)) { - pr_err("%s: skcipher_walk_aead_decrypt failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - return err; - } - - /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and - * aes->streamData. - */ - aes_copy = (struct Aes *)malloc(sizeof(Aes)); - if (aes_copy == NULL) - return -ENOMEM; - XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* GCM uses the same - * schedule for encrypt - * and decrypt. - */ -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes_copy->streamData = NULL; -#endif - - err = wc_AesCcmInit(aes_copy, NULL /*key*/, 0 /*keylen*/, walk.iv, - GCM_NONCE_MID_SZ); - if (unlikely(err)) { - pr_err("%s: wc_AesCcmInit failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - err = -EINVAL; - goto out; - } - - if (req->src->length >= req->assoclen && req->src->length) { - scatterwalk_start(&assocSgWalk, req->src); - assoc = scatterwalk_map(&assocSgWalk); - if (unlikely(IS_ERR(assoc))) { - pr_err("%s: scatterwalk_map failed: %ld\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), - PTR_ERR(assoc)); - goto out; - } - } - else { - /* assoc can be any length, so if it's noncontiguous, we have to copy it - * to a contiguous heap allocation. - */ - assocmem = malloc(req->assoclen); - if (unlikely(assocmem == NULL)) { - err = -ENOMEM; - goto out; - } - assoc = assocmem; - scatterwalk_map_and_copy(assoc, req->src, 0, req->assoclen, 0); - } - - err = wc_AesCcmDecryptUpdate(aes_copy, NULL, NULL, 0, - assoc, req->assoclen); - - if (assocmem) - free(assocmem); - else - scatterwalk_unmap(assoc); - - if (unlikely(err)) { - pr_err("%s: wc_AesCcmDecryptUpdate failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - err = -EINVAL; - goto out; - } - - while (walk.nbytes) { - err = wc_AesCcmDecryptUpdate( - aes_copy, - walk.dst.virt.addr, - walk.src.virt.addr, - walk.nbytes, - NULL, 0); - - if (unlikely(err)) { - pr_err("%s: wc_AesCcmDecryptUpdate failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - err = -EINVAL; - goto out; - } - - err = skcipher_walk_done(&walk, 0); - - if (unlikely(err)) { - pr_err("%s: skcipher_walk_done failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); - goto out; - } - } - - err = wc_AesCcmDecryptFinal(aes_copy, origAuthTag, tfm->authsize); - if (unlikely(err)) { -#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG - pr_err("%s: wc_AesCcmDecryptFinal failed with return code %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); -#endif - if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) { - err = -EBADMSG; - goto out; - } - else { - err = -EINVAL; - goto out; - } - } - -out: - - km_AesFree(&aes_copy); - - return err; -} - -static struct aead_alg ccmAesAead = { - .base.cra_name = WOLFKM_AESCCM_NAME, - .base.cra_driver_name = WOLFKM_AESCCM_DRIVER, - .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, - .base.cra_blocksize = 1, - .base.cra_ctxsize = sizeof(struct km_AesCtx), - .base.cra_module = THIS_MODULE, - .init = km_AesCcmInit, - .exit = km_AesCcmExit, - .setkey = km_AesCcmSetKey, - .setauthsize = km_AesCcmSetAuthsize, - .encrypt = km_AesCcmEncrypt, - .decrypt = km_AesCcmDecrypt, - .ivsize = CCM_NONCE_MID_SZ, - .maxauthsize = WC_AES_BLOCK_SIZE, - .chunksize = WC_AES_BLOCK_SIZE, -}; -static int ccmAesAead_loaded = 0; - -#endif /* LINUXKM_LKCAPI_REGISTER_AESCCM */ - /* cipher tests, cribbed from test.c, with supplementary LKCAPI tests: */ #ifdef LINUXKM_LKCAPI_REGISTER_AESCBC @@ -2865,6 +2575,13 @@ static int linuxkm_test_aescfb(void) if (aes == NULL) return -ENOMEM; + ret = aesofb_test(); + if (ret) { + wc_test_render_error_message("aesgcm_test failed: ", ret); + ret = -EINVAL; + goto test_cfb_end; + } + XMEMSET(enc, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(enc)); @@ -2943,18 +2660,9 @@ static int linuxkm_test_aescfb(void) goto test_cfb_end; } -#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING - { - const char *driver_name = - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); - if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) { - pr_err("error: unexpected implementation for %s: %s (expected %s)\n", - WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER); - ret = -ENOENT; - goto test_cfb_end; - } - } -#endif + ret = check_skcipher_driver_masking(tfm, WOLFKM_AESCFB_NAME, WOLFKM_AESCFB_DRIVER); + if (ret) + goto test_cfb_end; ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2); if (ret) { @@ -3029,7 +2737,13 @@ test_cfb_end: static int linuxkm_test_aesgcm(void) { #ifndef WOLFSSL_AESGCM_STREAM - return 0; + wc_test_ret_t ret = aesgcm_test(); + if (ret >= 0) + return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_NAME, WOLFKM_AESGCM_DRIVER); + else { + wc_test_render_error_message("aesgcm_test failed: ", ret); + return -EINVAL; + } #else int ret = 0; struct crypto_aead * tfm = NULL; @@ -3204,17 +2918,9 @@ static int linuxkm_test_aesgcm(void) goto test_gcm_end; } -#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING - { - const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)); - if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) { - pr_err("error: unexpected implementation for %s: %s (expected %s)\n", - WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER); - ret = -ENOENT; - goto test_gcm_end; - } - } -#endif + ret = check_aead_driver_masking(tfm, WOLFKM_AESGCM_NAME, WOLFKM_AESGCM_DRIVER); + if (ret) + goto test_gcm_end; ret = crypto_aead_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2); if (ret) { @@ -3320,7 +3026,13 @@ test_gcm_end: static int linuxkm_test_aesgcm_rfc4106(void) { - return 0; + wc_test_ret_t ret = aesgcm_test(); + if (ret >= 0) + return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_RFC4106_NAME, WOLFKM_AESGCM_RFC4106_DRIVER); + else { + wc_test_render_error_message("aesgcm_test failed: ", ret); + return -EINVAL; + } } #endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */ @@ -4438,7 +4150,13 @@ out: #ifdef LINUXKM_LKCAPI_REGISTER_AESCTR static int linuxkm_test_aesctr(void) { - return 0; + wc_test_ret_t ret = aes_ctr_test(); + if (ret >= 0) + return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESCTR_NAME, WOLFKM_AESCTR_DRIVER); + else { + wc_test_render_error_message("aes_ctr_test failed: ", ret); + return -EINVAL; + } } #endif /* LINUXKM_LKCAPI_REGISTER_AESCTR */ @@ -4446,7 +4164,13 @@ static int linuxkm_test_aesctr(void) { #ifdef LINUXKM_LKCAPI_REGISTER_AESOFB static int linuxkm_test_aesofb(void) { - return 0; + wc_test_ret_t ret = aesofb_test(); + if (ret >= 0) + return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESOFB_NAME, WOLFKM_AESOFB_DRIVER); + else { + wc_test_render_error_message("aesofb_test failed: ", ret); + return -EINVAL; + } } #endif /* LINUXKM_LKCAPI_REGISTER_AESOFB */ @@ -4454,19 +4178,17 @@ static int linuxkm_test_aesofb(void) { #ifdef LINUXKM_LKCAPI_REGISTER_AESECB static int linuxkm_test_aesecb(void) { - return 0; + wc_test_ret_t ret = aes_test(); + if (ret >= 0) + return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESECB_NAME, WOLFKM_AESECB_DRIVER); + else { + wc_test_render_error_message("aes_test failed: ", ret); + return -EINVAL; + } } #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */ -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM - -static int linuxkm_test_aesccm(void) { - return 0; -} - -#endif /* LINUXKM_LKCAPI_REGISTER_AESCCM */ - #endif /* !NO_AES */ static int linuxkm_lkcapi_register(void) @@ -4553,12 +4275,6 @@ static int linuxkm_lkcapi_register(void) REGISTER_ALG(ecbAesAlg, crypto_register_skcipher, linuxkm_test_aesecb); #endif -#ifdef notyet -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM - REGISTER_ALG(ccmAesAead, crypto_register_aead, linuxkm_test_aesccm); -#endif -#endif /* notyet */ - #undef REGISTER_ALG out: @@ -4609,11 +4325,5 @@ static void linuxkm_lkcapi_unregister(void) UNREGISTER_ALG(ecbAesAlg, crypto_unregister_skcipher); #endif -#ifdef notyet -#ifdef LINUXKM_LKCAPI_REGISTER_AESCCM - UNREGISTER_ALG(ccmAesAlg, crypto_unregister_aead); -#endif -#endif /* notyet */ - #undef UNREGISTER_ALG } diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 8b431368e..32b1db9a2 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -45,7 +45,7 @@ #ifdef HAVE_FIPS #include #endif -#ifndef NO_CRYPT_TEST +#if !defined(NO_CRYPT_TEST) || defined(LINUXKM_LKCAPI_REGISTER) #include #endif #include diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 17273b3fb..c0e3c69b2 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4575,21 +4575,23 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif /* WC_C_DYNAMIC_FALLBACK */ #ifdef WOLFSSL_AESNI - -#if defined(WC_FLAG_DONT_USE_AESNI) - if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) { - aes->use_aesni = 0; + if (checkedAESNI == 0) { + haveAESNI = Check_CPU_support_AES(); + checkedAESNI = 1; } - else + if (haveAESNI +#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK) + && (aes->use_aesni != WC_FLAG_DONT_USE_AESNI) #endif + ) { - if (checkedAESNI == 0) { - haveAESNI = Check_CPU_support_AES(); - checkedAESNI = 1; +#if defined(WC_FLAG_DONT_USE_AESNI) + if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) { + aes->use_aesni = 0; + return 0; } - aes->use_aesni = haveAESNI; - } - if (aes->use_aesni) { +#endif + aes->use_aesni = 0; #ifdef WOLFSSL_LINUXKM /* runtime alignment check */ if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) { @@ -4623,6 +4625,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } } + else { + aes->use_aesni = 0; + } #endif /* WOLFSSL_AESNI */ #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9639e4096..1b7fec3db 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -41,7 +41,7 @@ #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS #endif -#ifndef NO_CRYPT_TEST +#if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS) #include #include @@ -832,7 +832,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void); /* Not all unexpected conditions are actually errors .*/ #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0) -static void render_error_message(const char* msg, wc_test_ret_t es) +void wc_test_render_error_message(const char* msg, wc_test_ret_t es) { (void)msg; (void)es; @@ -917,7 +917,7 @@ static THREAD_RETURN err_sys(const char* msg, int es) static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es) #endif { - render_error_message(msg, es); + wc_test_render_error_message(msg, es); print_fiducials(); #ifdef WOLFSSL_LINUXKM EXIT_TEST(es); @@ -1433,7 +1433,7 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void) #endif #ifdef TEST_ALWAYS_RUN_TO_END - #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0) + #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); wc_test_render_error_message(msg, retval); } while (0) #elif !defined(TEST_FAIL) #define TEST_FAIL(msg, retval) return err_sys(msg, retval) #endif @@ -60700,8 +60700,8 @@ static void print_fiducials(void) { fiducial1, fiducial2, fiducial3, fiducial4); } -#else +#else /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */ #ifndef NO_MAIN_DRIVER int main(void) { return 0; } #endif -#endif /* NO_CRYPT_TEST */ +#endif /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */ diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 7b2ececc9..bd4125b64 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -45,6 +45,8 @@ THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args); wc_test_ret_t wolfcrypt_test(void* args); #endif +void wc_test_render_error_message(const char* msg, wc_test_ret_t es); + #ifndef NO_MAIN_DRIVER wc_test_ret_t wolfcrypt_test_main(int argc, char** argv); #endif @@ -100,6 +102,293 @@ wc_static_assert(-(long)MIN_CODE_E < 0x7ffL); #endif /* !WC_TEST_RET_HAVE_CUSTOM_MACROS */ +#ifdef WC_TEST_EXPORT_SUBTESTS + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void); +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void); +#endif +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void); +#ifdef WOLFSSL_SM3 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void); +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ + defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \ + defined(WOLFSSL_AFALG_XILINX_RSA) +/* hkdf_test has issue with extern WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */ +static wc_test_ret_t hkdf_test(void); +#else +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void); +#endif +#endif /* HAVE_HKDF && ! NO_HMAC */ +#ifdef WOLFSSL_HAVE_PRF +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#ifdef WOLFSSL_BASE16 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void); +#endif /* WOLFSSL_BASE16 */ +#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF */ +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); +#ifdef WOLFSSL_TLS13 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); +#endif +#ifdef WC_SRTP_KDF +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void); +#ifdef WC_RC2 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void); +#if defined(WOLFSSL_AES_CFB) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void); +#endif +#ifdef WOLFSSL_AES_XTS +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void); +#ifdef HAVE_ASCON +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void); +#endif +#if defined(WOLFSSL_SIPHASH) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void); +#ifdef WOLFSSL_SM4 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void); +#endif +#ifdef WC_RSA_NO_PADDING +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); +#ifndef WC_NO_RNG +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); +#endif /* WC_NO_RNG */ +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void); +#endif + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void); +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); +#ifdef HAVE_ECC + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void); + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void); + #endif + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + /* skip for ATECC508/608A, cannot import private key buffers */ + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); + #endif +#endif +#ifdef HAVE_CURVE25519 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void); +#endif +#ifdef HAVE_ED25519 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void); +#endif +#ifdef HAVE_CURVE448 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void); +#endif +#ifdef HAVE_ED448 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void); +#endif +#ifdef WOLFSSL_HAVE_MLKEM + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void); +#endif +#ifdef HAVE_DILITHIUM + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void); +#endif +#if defined(WOLFSSL_HAVE_XMSS) + #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void); + #endif + #if !defined(WOLFSSL_XMSS_VERIFY_ONLY) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void); + #endif +#endif +#if defined(WOLFSSL_HAVE_LMS) + #if !defined(WOLFSSL_SMALL_STACK) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); + #endif + #endif + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); + #endif +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void); +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void); +#endif +#ifdef HAVE_BLAKE2 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void); +#endif +#ifdef HAVE_BLAKE2S + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void); +#endif +#ifdef HAVE_LIBZ + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void); +#endif +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void); + #endif + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void); + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void); + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void); + #endif + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, + word32 keySz); + #endif +#endif +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); +#endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void); +#endif +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void); +#if defined(WOLFSSL_PUBLIC_MP) && \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(USE_FAST_MATH)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); +#endif +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); +#endif +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void); +#endif +#if defined(__INCLUDE_NUTTX_CONFIG_H) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void); +#else +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void); +#endif +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void); +#endif +#ifdef WOLFSSL_CAAM_BLOB +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void); +#endif +#ifdef HAVE_ARIA +#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h" +void printOutput(const char *strName, unsigned char *data, unsigned int dataSz); +extern WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID); +#endif + +#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void); +#endif +#ifdef WOLFSSL_CERT_PIV +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void); +#endif +#ifdef WOLFSSL_AES_SIV +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void); +#endif + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void); +#endif /* WOLFSSL_AES_EAX */ + +#endif /* WC_TEST_EXPORT_SUBTESTS */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6cfd33d46..855cb8d5c 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3607,7 +3607,14 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_OLD_PRIME_CHECK #endif #ifndef WOLFSSL_TEST_SUBROUTINE - #define WOLFSSL_TEST_SUBROUTINE static + #ifdef LINUXKM_LKCAPI_REGISTER + #define WOLFSSL_TEST_SUBROUTINE + #else + #define WOLFSSL_TEST_SUBROUTINE static + #endif + #endif + #ifdef LINUXKM_LKCAPI_REGISTER + #define WC_TEST_EXPORT_SUBTESTS #endif #undef HAVE_PTHREAD /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */