WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfssl/wolfcrypt/dh.h: gate in wc_DhGeneratePublic() with WOLFSSL_DH_EXTRA, 

adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;

configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
  handling for -DWOLFSSL_DH_GEN_PUB, and add support for
  --enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
  any algs that are disabled in the target kernel, and #errors if any algs or
  registrations are disabled or incompatible in libwolfssl but enabled in the
  target kernel (note, it does not #error for algorithms we don't currently
  shim/implement);

linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
  to INT_MAX to make masking impossible;

linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
  respective algorithm family files, and in each family file, add
  LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
  corresponding algorithm is activated in the target kernel.

linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
  wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
  when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
pull/8735/head
Daniel Pouzzner 2025-05-05 13:17:06 -05:00
parent 9587b7b12e
commit b9b66042d7
10 changed files with 364 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.wolfssl_known_macro_extras
View File

@ -52,8 +52,23 @@ CONFIG_COMPILER_OPTIMIZATION_DEFAULT
CONFIG_COMPILER_OPTIMIZATION_NONE CONFIG_COMPILER_OPTIMIZATION_NONE
CONFIG_COMPILER_OPTIMIZATION_PERF CONFIG_COMPILER_OPTIMIZATION_PERF
CONFIG_COMPILER_OPTIMIZATION_SIZE CONFIG_COMPILER_OPTIMIZATION_SIZE
CONFIG_CRYPTO_AES
CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_CTR
CONFIG_CRYPTO_DH
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_ECDH
CONFIG_CRYPTO_ECDSA
CONFIG_CRYPTO_FIPS CONFIG_CRYPTO_FIPS
CONFIG_CRYPTO_GCM
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_MANAGER CONFIG_CRYPTO_MANAGER
CONFIG_CRYPTO_RSA
CONFIG_CRYPTO_SHA1
CONFIG_CRYPTO_SHA256
CONFIG_CRYPTO_SHA3
CONFIG_CRYPTO_SHA512
CONFIG_CRYPTO_XTS
CONFIG_CSPRNG_ENABLED CONFIG_CSPRNG_ENABLED
CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
@ -725,6 +740,7 @@ WOLFSSL_NO_CRL_NEXT_DATE
WOLFSSL_NO_DECODE_EXTRA WOLFSSL_NO_DECODE_EXTRA
WOLFSSL_NO_DER_TO_PEM WOLFSSL_NO_DER_TO_PEM
WOLFSSL_NO_DH186 WOLFSSL_NO_DH186
WOLFSSL_NO_DH_GEN_PUB
WOLFSSL_NO_DTLS_SIZE_CHECK WOLFSSL_NO_DTLS_SIZE_CHECK
WOLFSSL_NO_ETM_ALERT WOLFSSL_NO_ETM_ALERT
WOLFSSL_NO_FENCE WOLFSSL_NO_FENCE

17
configure.ac
View File

@ -9406,9 +9406,10 @@ then
do do
case "$lkcapi_alg" in case "$lkcapi_alg" in
all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA" all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA"
ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes
;; ;;
sysfs-nodes-only) ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND=yes ;; all-kconfig) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DLINUXKM_LKCAPI_REGISTER_ALL_KCONFIG -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA"
;;
sysfs-nodes-only) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" ;;
'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.]) 'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.]) 'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
@ -9449,7 +9450,6 @@ then
'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.]) 'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;; AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;;
'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA" 'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA"
ENABLED_LINUXKM_LKCAPI_REGISTER_DH=yes
;; ;;
# disable options # disable options
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;; '-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
@ -9476,17 +9476,6 @@ then
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;; *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
esac esac
done done
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_DH" = "yes" &&
(test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 7)
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_GEN_PUB"
fi
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND"
fi
fi fi
AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]) AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER])

86
linuxkm/lkcapi_aes_glue.c
View File

@ -19,12 +19,49 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/* included by linuxkm/lkcapi_glue.c */ #ifndef LINUXKM_LKCAPI_REGISTER
#error lkcapi_aes_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_AES))) && \
!defined(LINUXKM_LKCAPI_REGISTER_AES)
#define LINUXKM_LKCAPI_REGISTER_AES
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM) || \
defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106) || \
defined(LINUXKM_LKCAPI_REGISTER_AESXTS) || \
defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \
defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \
defined(LINUXKM_LKCAPI_REGISTER_AESECB)
#ifdef NO_AES
#error LINUXKM_LKCAPI_REGISTER_AES* requires !defined(NO_AES)
#endif
#ifndef LINUXKM_LKCAPI_REGISTER_AES
#define LINUXKM_LKCAPI_REGISTER_AES
#endif
#endif
#ifdef NO_AES #ifdef NO_AES
#error lkcapi_aes_glue.c compiled with NO_AES. #undef LINUXKM_LKCAPI_REGISTER_AES
#endif #endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && !defined(CONFIG_CRYPTO_AES)
#undef LINUXKM_LKCAPI_REGISTER_AES
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_AES) && \
!defined(LINUXKM_LKCAPI_REGISTER_AES)
#error Config conflict: CONFIG_CRYPTO_AES is defined, but LINUXKM_LKCAPI_REGISTER_AES is not.
#endif
#ifdef LINUXKM_LKCAPI_REGISTER_AES
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI) #if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI)
@ -65,15 +102,21 @@
#define WOLFKM_AESECB_DRIVER ("ecb-aes" WOLFKM_AES_DRIVER_SUFFIX) #define WOLFKM_AESECB_DRIVER ("ecb-aes" WOLFKM_AES_DRIVER_SUFFIX)
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESCBC) !defined(LINUXKM_LKCAPI_REGISTER_AESCBC)
#define LINUXKM_LKCAPI_REGISTER_AESCBC #define LINUXKM_LKCAPI_REGISTER_AESCBC
#endif #endif
#else #else
#undef LINUXKM_LKCAPI_REGISTER_AESCBC #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC)
#error Config conflict: target kernel has CONFIG_CRYPTO_CBC, but module is missing HAVE_AES_CBC.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESCBC
#endif #endif
#ifdef WOLFSSL_AES_CFB #ifdef WOLFSSL_AES_CFB
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCFB)) && \ #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCFB) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESCFB) !defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
#define LINUXKM_LKCAPI_REGISTER_AESCFB #define LINUXKM_LKCAPI_REGISTER_AESCFB
#endif #endif
@ -81,7 +124,9 @@
#undef LINUXKM_LKCAPI_REGISTER_AESCFB #undef LINUXKM_LKCAPI_REGISTER_AESCFB
#endif #endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESGCM) !defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
#define LINUXKM_LKCAPI_REGISTER_AESGCM #define LINUXKM_LKCAPI_REGISTER_AESGCM
#endif #endif
@ -90,27 +135,41 @@
#define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 #define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM)
#error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing HAVE_AESGCM.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESGCM #undef LINUXKM_LKCAPI_REGISTER_AESGCM
#undef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 #undef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
#endif #endif
#ifdef WOLFSSL_AES_XTS #ifdef WOLFSSL_AES_XTS
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESXTS) !defined(LINUXKM_LKCAPI_REGISTER_AESXTS)
#define LINUXKM_LKCAPI_REGISTER_AESXTS #define LINUXKM_LKCAPI_REGISTER_AESXTS
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS)
#error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing WOLFSSL_AES_XTS.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESXTS #undef LINUXKM_LKCAPI_REGISTER_AESXTS
#endif #endif
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESCTR) !defined(LINUXKM_LKCAPI_REGISTER_AESCTR)
#define LINUXKM_LKCAPI_REGISTER_AESCTR #define LINUXKM_LKCAPI_REGISTER_AESCTR
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR)
#error Config conflict: target kernel has CONFIG_CRYPTO_CTR, but module is missing WOLFSSL_AES_COUNTER.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESCTR #undef LINUXKM_LKCAPI_REGISTER_AESCTR
#endif #endif
#ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_OFB
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESOFB)) && \ #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESOFB) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESOFB) !defined(LINUXKM_LKCAPI_REGISTER_AESOFB)
#define LINUXKM_LKCAPI_REGISTER_AESOFB #define LINUXKM_LKCAPI_REGISTER_AESOFB
#endif #endif
@ -118,11 +177,16 @@
#undef LINUXKM_LKCAPI_REGISTER_AESOFB #undef LINUXKM_LKCAPI_REGISTER_AESOFB
#endif #endif
#ifdef HAVE_AES_ECB #ifdef HAVE_AES_ECB
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB) && \
!defined(LINUXKM_LKCAPI_REGISTER_AESECB) !defined(LINUXKM_LKCAPI_REGISTER_AESECB)
#define LINUXKM_LKCAPI_REGISTER_AESECB #define LINUXKM_LKCAPI_REGISTER_AESECB
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECB, but module is missing HAVE_AES_ECB.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESECB #undef LINUXKM_LKCAPI_REGISTER_AESECB
#endif #endif
@ -4088,3 +4152,5 @@ static int linuxkm_test_aesecb(void) {
} }
#endif /* LINUXKM_LKCAPI_REGISTER_AESECB */ #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */
#endif /* LINUXKM_LKCAPI_REGISTER_AES */

42
linuxkm/lkcapi_dh_glue.c
View File

@ -20,12 +20,50 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
#if defined(LINUXKM_LKCAPI_REGISTER_DH)
#ifndef LINUXKM_LKCAPI_REGISTER #ifndef LINUXKM_LKCAPI_REGISTER
#error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif #endif
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DH))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_DH) && \
!defined(LINUXKM_LKCAPI_REGISTER_DH)
#define LINUXKM_LKCAPI_REGISTER_DH
#define LINUXKM_DH
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_DH) && \
(!defined(WOLFSSL_DH_EXTRA) || \
!defined(WOLFSSL_DH_GEN_PUB))
/* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */
#undef LINUXKM_LKCAPI_REGISTER_DH
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DH)
#error Config conflict: missing features force off LINUXKM_LKCAPI_REGISTER_DH.
#endif
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER)
/*
* note: normal dh not fips_allowed in kernel crypto/testmgr.c,
* and will not pass the tests.
*/
#undef LINUXKM_DH
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#ifdef NO_DH
#undef LINUXKM_LKCAPI_REGISTER_DH
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_DH) && \
!defined(LINUXKM_LKCAPI_REGISTER_DH)
#error Config conflict: target kernel has CONFIG_CRYPTO_DH, but module is missing LINUXKM_LKCAPI_REGISTER_DH.
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_DH)
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/dh.h> #include <wolfssl/wolfcrypt/dh.h>
#include <crypto/dh.h> #include <crypto/dh.h>

32
linuxkm/lkcapi_ecdh_glue.c
View File

@ -20,12 +20,40 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
#if defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#ifndef LINUXKM_LKCAPI_REGISTER #ifndef LINUXKM_LKCAPI_REGISTER
#error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif #endif
#ifdef HAVE_ECC
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#define LINUXKM_LKCAPI_REGISTER_ECDH
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#endif /* HAVE_ECC */
#ifdef LINUXKM_LKCAPI_REGISTER_ECDH
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 13, 0)
/* currently incompatible with kernel 5.12 or earlier. */
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH)
#error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDH.
#endif
#endif
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_ECDH) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECDH, but module is missing LINUXKM_LKCAPI_REGISTER_ECDH.
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#include <crypto/ecdh.h> #include <crypto/ecdh.h>

52
linuxkm/lkcapi_ecdsa_glue.c
View File

@ -20,12 +20,60 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#ifndef LINUXKM_LKCAPI_REGISTER #ifndef LINUXKM_LKCAPI_REGISTER
#error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif #endif
#ifdef HAVE_ECC
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#define LINUXKM_LKCAPI_REGISTER_ECDSA
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
/* only register p192 if specifically enabled, and if not fips. */
#define LINUXKM_ECC192
#endif
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/*
* notes:
* - ecdsa supported with linux 6.12 and earlier for now, only.
* - pkcs1pad rsa supported both before and after linux 6.13, but
* without sign/verify after linux 6.13.
*
* In linux 6.13 the sign/verify callbacks were removed from
* akcipher_alg, and ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type.
*
* pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
* functionality.
*/
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA)
#error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDSA.
#endif
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_ECDSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECDSA, but module is missing LINUXKM_LKCAPI_REGISTER_ECDSA.
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>

121
linuxkm/lkcapi_glue.c
View File

@ -30,11 +30,13 @@
#error LINUXKM_LKCAPI_REGISTER is supported only on Linux kernel versions >= 5.4.0. #error LINUXKM_LKCAPI_REGISTER is supported only on Linux kernel versions >= 5.4.0.
#endif #endif
/* kernel crypto self-test includes test setups that have different expected
* results FIPS vs non-FIPS.
*/
#if defined(CONFIG_CRYPTO_MANAGER) && \ #if defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
/* kernel crypto self-test includes test setups that have different expected
* results FIPS vs non-FIPS, and the required kernel exported symbol
* "fips_enabled" is only available in CONFIG_CRYPTO_FIPS kernels (otherwise
* it's a macro hardcoding it to literal 0).
*/
#if defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS) #if defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS)
#error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS. #error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS.
#endif #endif
@ -55,7 +57,7 @@
/* Larger number means higher priority. The highest in-tree priority is /* Larger number means higher priority. The highest in-tree priority is
* 4001, in the Cavium driver. * 4001, in the Cavium driver.
*/ */
#define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000 #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY INT_MAX
#endif #endif
#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
@ -204,113 +206,12 @@ WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm,
#endif #endif
} }
#ifndef NO_AES #include "lkcapi_aes_glue.c"
#include "lkcapi_aes_glue.c"
#endif
#include "lkcapi_sha_glue.c" #include "lkcapi_sha_glue.c"
#include "lkcapi_ecdsa_glue.c"
#ifdef HAVE_ECC #include "lkcapi_ecdh_glue.c"
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA)) && \ #include "lkcapi_rsa_glue.c"
!defined(LINUXKM_LKCAPI_REGISTER_ECDSA) #include "lkcapi_dh_glue.c"
#define LINUXKM_LKCAPI_REGISTER_ECDSA
#endif
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH)) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#define LINUXKM_LKCAPI_REGISTER_ECDH
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#endif /* HAVE_ECC */
#if !defined(NO_RSA)
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA)) && \
!defined(LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_LKCAPI_REGISTER_RSA
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_RSA
#endif /* !NO_RSA */
/*
* extra checks on kernel version, and ecc sizes.
*/
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
/* only register p192 if specifically enabled, and if not fips. */
#define LINUXKM_ECC192
#endif
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#ifdef LINUXKM_LKCAPI_REGISTER_ECDH
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 13, 0)
/* currently incompatible with kernel 5.12 or earlier. */
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#endif
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/*
* notes:
* - ecdsa supported with linux 6.12 and earlier for now, only.
* - pkcs1pad rsa supported both before and after linux 6.13, but
* without sign/verify after linux 6.13.
*
* In linux 6.13 the sign/verify callbacks were removed from
* akcipher_alg, and ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type.
*
* pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
* functionality.
*/
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined (LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_AKCIPHER_NO_SIGNVERIFY
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#endif /* linux >= 6.13.0 */
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_DH)) && \
!defined(LINUXKM_LKCAPI_REGISTER_DH)
#define LINUXKM_LKCAPI_REGISTER_DH
#define LINUXKM_DH
#endif
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && !defined(WOLFSSL_DH_EXTRA) || \
!defined(WOLFSSL_DH_GEN_PUB)
/* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */
#undef LINUXKM_LKCAPI_REGISTER_DH
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#if defined (LINUXKM_LKCAPI_REGISTER_DH) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER)
/*
* note: normal dh not fips_allowed in kernel crypto/testmgr.c,
* and will not pass the tests.
*/
#undef LINUXKM_DH
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#include "linuxkm/lkcapi_ecdsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDH)
#include "linuxkm/lkcapi_ecdh_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
#if defined(LINUXKM_LKCAPI_REGISTER_RSA)
#include "linuxkm/lkcapi_rsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#if defined (LINUXKM_LKCAPI_REGISTER_DH)
#include "linuxkm/lkcapi_dh_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_DH */
static int linuxkm_lkcapi_register(void); static int linuxkm_lkcapi_register(void);
static int linuxkm_lkcapi_unregister(void); static int linuxkm_lkcapi_unregister(void);

44
linuxkm/lkcapi_rsa_glue.c
View File

@ -24,9 +24,43 @@
#error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif #endif
#if !defined(NO_RSA) && \ #if !defined(NO_RSA)
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_RSA)) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_RSA))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_LKCAPI_REGISTER_RSA
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_RSA
#endif /* !NO_RSA */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/*
* notes:
* - ecdsa supported with linux 6.12 and earlier for now, only.
* - pkcs1pad rsa supported both before and after linux 6.13, but
* without sign/verify after linux 6.13.
*
* In linux 6.13 the sign/verify callbacks were removed from
* akcipher_alg, and ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type.
*
* pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
* functionality.
*/
#if defined (LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_AKCIPHER_NO_SIGNVERIFY
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#endif /* linux >= 6.13.0 */
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_RSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_RSA)
#error Config conflict: target kernel has CONFIG_CRYPTO_RSA, but module is missing LINUXKM_LKCAPI_REGISTER_RSA.
#endif
#ifdef LINUXKM_LKCAPI_REGISTER_RSA
#if defined(WOLFSSL_RSA_VERIFY_ONLY) || \ #if defined(WOLFSSL_RSA_VERIFY_ONLY) || \
defined(WOLFSSL_RSA_PUBLIC_ONLY) defined(WOLFSSL_RSA_PUBLIC_ONLY)
@ -1907,6 +1941,4 @@ static int get_hash_enc_len(int hash_oid)
return enc_len; return enc_len;
} }
#endif /* !LINUXKM_AKCIPHER_NO_SIGNVERIFY */ #endif /* !LINUXKM_AKCIPHER_NO_SIGNVERIFY */
#endif /* !NO_RSA && #endif /* LINUXKM_LKCAPI_REGISTER_RSA */
* (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_RSA)
*/

111
linuxkm/lkcapi_sha_glue.c
View File

@ -19,7 +19,13 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/* included by linuxkm/lkcapi_glue.c */ #ifndef LINUXKM_LKCAPI_REGISTER
#error lkcapi_sha_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
#endif
#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && defined(USE_INTEL_SPEEDUP)
#error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported.
#endif
#include <wolfssl/wolfcrypt/sha.h> #include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/hmac.h> #include <wolfssl/wolfcrypt/hmac.h>
@ -47,7 +53,11 @@
#define WOLFKM_STDRNG_NAME "stdrng" #define WOLFKM_STDRNG_NAME "stdrng"
#if defined(USE_INTEL_SPEEDUP) #if defined(USE_INTEL_SPEEDUP)
#define WOLFKM_SHA_DRIVER_ISA_EXT "-avx" #ifndef NO_AVX2_SUPPORT
#define WOLFKM_SHA_DRIVER_ISA_EXT "-avx2"
#else
#define WOLFKM_SHA_DRIVER_ISA_EXT "-avx"
#endif
#else #else
#define WOLFKM_SHA_DRIVER_ISA_EXT "" #define WOLFKM_SHA_DRIVER_ISA_EXT ""
#endif #endif
@ -75,7 +85,13 @@
#define WOLFKM_SHA3_384_HMAC_DRIVER ("hmac-sha3-384" WOLFKM_SHA_DRIVER_SUFFIX) #define WOLFKM_SHA3_384_HMAC_DRIVER ("hmac-sha3-384" WOLFKM_SHA_DRIVER_SUFFIX)
#define WOLFKM_SHA3_512_HMAC_DRIVER ("hmac-sha3-512" WOLFKM_SHA_DRIVER_SUFFIX) #define WOLFKM_SHA3_512_HMAC_DRIVER ("hmac-sha3-512" WOLFKM_SHA_DRIVER_SUFFIX)
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg" WOLFKM_SHA_DRIVER_SUFFIX) /* "nopr" signifies no "prediction resistance". Prediction resistance entails
* implicit reseeding of the DRBG each time its generator method is called,
* which reduces performance and can rapidly lead to temporary entropy
* exhaustion. A caller that really needs PR can pass in seed data in its call
* to our rng_alg.generate() implementation.
*/
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX)
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2 #ifdef LINUXKM_LKCAPI_REGISTER_SHA2
#define LINUXKM_LKCAPI_REGISTER_SHA2_224 #define LINUXKM_LKCAPI_REGISTER_SHA2_224
@ -133,88 +149,133 @@
#define LINUXKM_LKCAPI_DONT_REGISTER_SHA3_512_HMAC #define LINUXKM_LKCAPI_DONT_REGISTER_SHA3_512_HMAC
#endif #endif
#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC)
#error Config conflict: target kernel has CONFIG_CRYPTO_HMAC, but module has NO_HMAC
#endif
#ifndef NO_SHA #ifndef NO_SHA
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA1) !defined(LINUXKM_LKCAPI_REGISTER_SHA1)
#define LINUXKM_LKCAPI_REGISTER_SHA1 #define LINUXKM_LKCAPI_REGISTER_SHA1
#endif #endif
#ifdef NO_HMAC #ifdef NO_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
#elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC)) && \ #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
!defined(LINUXKM_LKCAPI_REGISTER_SHA1_HMAC) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA1_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA1, but module has NO_SHA
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA1 #undef LINUXKM_LKCAPI_REGISTER_SHA1
#undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
#endif #endif
#ifdef WOLFSSL_SHA224 #ifdef WOLFSSL_SHA224
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_224) !defined(LINUXKM_LKCAPI_REGISTER_SHA2_224)
#define LINUXKM_LKCAPI_REGISTER_SHA2_224 #define LINUXKM_LKCAPI_REGISTER_SHA2_224
#endif #endif
#ifdef NO_HMAC #ifdef NO_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
#elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224_HMAC)) && \ #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module is missing WOLFSSL_SHA224
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA2_224 #undef LINUXKM_LKCAPI_REGISTER_SHA2_224
#undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_256) !defined(LINUXKM_LKCAPI_REGISTER_SHA2_256)
#define LINUXKM_LKCAPI_REGISTER_SHA2_256 #define LINUXKM_LKCAPI_REGISTER_SHA2_256
#endif #endif
#ifdef NO_HMAC #ifdef NO_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
#elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256_HMAC)) && \ #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module has NO_SHA256
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA2_256 #undef LINUXKM_LKCAPI_REGISTER_SHA2_256
#undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_384) !defined(LINUXKM_LKCAPI_REGISTER_SHA2_384)
#define LINUXKM_LKCAPI_REGISTER_SHA2_384 #define LINUXKM_LKCAPI_REGISTER_SHA2_384
#endif #endif
#ifdef NO_HMAC #ifdef NO_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
#elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384_HMAC)) && \ #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA384
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA2_384 #undef LINUXKM_LKCAPI_REGISTER_SHA2_384
#undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512)) && \ #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_512) !defined(LINUXKM_LKCAPI_REGISTER_SHA2_512)
#define LINUXKM_LKCAPI_REGISTER_SHA2_512 #define LINUXKM_LKCAPI_REGISTER_SHA2_512
#endif #endif
#ifdef NO_HMAC #ifdef NO_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
#elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512_HMAC)) && \ #elif (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC) (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512))) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA512
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA2_512 #undef LINUXKM_LKCAPI_REGISTER_SHA2_512
#undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
#endif #endif
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
#ifdef LINUXKM_LKCAPI_REGISTER_ALL #if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3))
#if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224) && \ #if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA3_224) !defined(LINUXKM_LKCAPI_REGISTER_SHA3_224)
#define LINUXKM_LKCAPI_REGISTER_SHA3_224 #define LINUXKM_LKCAPI_REGISTER_SHA3_224
@ -237,7 +298,8 @@
#undef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC
#undef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC #undef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC
#elif defined(LINUXKM_LKCAPI_REGISTER_ALL) #elif defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
(defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3))
#if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224_HMAC) && \ #if !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3_224_HMAC) && \
!defined(LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC) !defined(LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC)
#define LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC #define LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC
@ -256,6 +318,10 @@
#endif #endif
#endif #endif
#else #else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
#endif
#undef LINUXKM_LKCAPI_REGISTER_SHA3_224 #undef LINUXKM_LKCAPI_REGISTER_SHA3_224
#undef LINUXKM_LKCAPI_REGISTER_SHA3_256 #undef LINUXKM_LKCAPI_REGISTER_SHA3_256
#undef LINUXKM_LKCAPI_REGISTER_SHA3_384 #undef LINUXKM_LKCAPI_REGISTER_SHA3_384
@ -944,7 +1010,9 @@ static int wc_linuxkm_drbg_default_instance_registered = 0;
WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void) WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void)
{ {
int ret; int ret;
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
int cur_refcnt; int cur_refcnt;
#endif
if (wc_linuxkm_drbg_loaded) { if (wc_linuxkm_drbg_loaded) {
pr_err("wc_linuxkm_drbg_set_default called with wc_linuxkm_drbg_loaded."); pr_err("wc_linuxkm_drbg_set_default called with wc_linuxkm_drbg_loaded.");
@ -1093,7 +1161,6 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_startup(void)
WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) { WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) {
int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt);
int ret;
if (! wc_linuxkm_drbg_loaded) { if (! wc_linuxkm_drbg_loaded) {
pr_err("wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded"); pr_err("wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded");
@ -1112,7 +1179,7 @@ WC_MAYBE_UNUSED static int wc_linuxkm_drbg_cleanup(void) {
#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
if (wc_linuxkm_drbg_default_instance_registered) { if (wc_linuxkm_drbg_default_instance_registered) {
ret = crypto_del_default_rng(); int ret = crypto_del_default_rng();
if (ret) { if (ret) {
pr_err("crypto_del_default_rng failed: %d", ret); pr_err("crypto_del_default_rng failed: %d", ret);
return ret; return ret;

16
wolfssl/wolfcrypt/dh.h
View File

@ -145,11 +145,6 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
WOLFSSL_API int wc_InitDhKey(DhKey* key); WOLFSSL_API int wc_InitDhKey(DhKey* key);
WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
WOLFSSL_API int wc_FreeDhKey(DhKey* key); WOLFSSL_API int wc_FreeDhKey(DhKey* key);
#if defined(WOLFSSL_DH_GEN_PUB)
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz);
#endif /* WOLFSSL_DH_GEN_PUB */
WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
word32* privSz, byte* pub, word32* pubSz); word32* privSz, byte* pub, word32* pubSz);
WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
@ -177,6 +172,17 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
WOLFSSL_API int wc_DhCopyNamedKey(int name, WOLFSSL_API int wc_DhCopyNamedKey(int name,
byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz); byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
#ifndef WOLFSSL_NO_DH_GEN_PUB
#if defined(WOLFSSL_DH_EXTRA) && !defined(WOLFSSL_DH_GEN_PUB)
#define WOLFSSL_DH_GEN_PUB
#endif
#ifdef WOLFSSL_DH_GEN_PUB
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
word32 privSz, byte* pub,
word32* pubSz);
#endif /* WOLFSSL_DH_GEN_PUB */
#endif /* !WOLFSSL_NO_DH_GEN_PUB */
#ifdef WOLFSSL_DH_EXTRA #ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz); const byte* pub, word32 pubSz);