diff --git a/configure.ac b/configure.ac index bf5d630ae..f0410bb33 100644 --- a/configure.ac +++ b/configure.ac @@ -220,6 +220,7 @@ then enable_indef=yes AM_CFLAGS="-DHAVE_AES_DECRYPT $AM_CFLAGS" + AM_CFLAGS="-DHAVE_AES_ECB $AM_CFLAGS" fi AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"]) @@ -3771,6 +3772,7 @@ AC_ARG_ENABLE([oldnames], if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES" fi diff --git a/mcapi/crypto.c b/mcapi/crypto.c index af2663024..c937777b6 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -105,7 +105,7 @@ int CRYPT_SHA_Initialize(CRYPT_SHA_CTX* sha) if (sha == NULL) return BAD_FUNC_ARG; - return wc_InitSha((Sha*)sha); + return wc_InitSha((wc_Sha*)sha); } int CRYPT_SHA_DataSizeSet(CRYPT_SHA_CTX* sha, unsigned int sz) @@ -114,7 +114,7 @@ int CRYPT_SHA_DataSizeSet(CRYPT_SHA_CTX* sha, unsigned int sz) return BAD_FUNC_ARG; #ifdef WOLFSSL_PIC32MZ_HASH - wc_ShaSizeSet((Sha*)sha, sz); + wc_ShaSizeSet((wc_Sha*)sha, sz); #else (void)sz; #endif @@ -129,7 +129,7 @@ int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX* sha, const unsigned char* input, if (sha == NULL || input == NULL) return BAD_FUNC_ARG; - return wc_ShaUpdate((Sha*)sha, input, sz); + return wc_ShaUpdate((wc_Sha*)sha, input, sz); } @@ -139,7 +139,7 @@ int CRYPT_SHA_Finalize(CRYPT_SHA_CTX* sha, unsigned char* digest) if (sha == NULL || digest == NULL) return BAD_FUNC_ARG; - return wc_ShaFinal((Sha*)sha, digest); + return wc_ShaFinal((wc_Sha*)sha, digest); } #endif @@ -148,13 +148,13 @@ int CRYPT_SHA_Finalize(CRYPT_SHA_CTX* sha, unsigned char* digest) /* Initialize SHA-256 */ int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256) { - typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(Sha256) ? 1 : -1]; + typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1]; (void)sizeof(sha_test); if (sha256 == NULL) return BAD_FUNC_ARG; - return wc_InitSha256((Sha256*)sha256); + return wc_InitSha256((wc_Sha256*)sha256); } int CRYPT_SHA256_DataSizeSet(CRYPT_SHA256_CTX* sha256, unsigned int sz) @@ -163,7 +163,7 @@ int CRYPT_SHA256_DataSizeSet(CRYPT_SHA256_CTX* sha256, unsigned int sz) return BAD_FUNC_ARG; #ifdef WOLFSSL_PIC32MZ_HASH - wc_Sha256SizeSet((Sha256*)sha256, sz); + wc_Sha256SizeSet((wc_Sha256*)sha256, sz); #else (void)sz; #endif @@ -178,7 +178,7 @@ int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX* sha256, const unsigned char* input, if (sha256 == NULL || input == NULL) return BAD_FUNC_ARG; - return wc_Sha256Update((Sha256*)sha256, input, sz); + return wc_Sha256Update((wc_Sha256*)sha256, input, sz); } @@ -188,7 +188,7 @@ int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX* sha256, unsigned char* digest) if (sha256 == NULL || digest == NULL) return BAD_FUNC_ARG; - return wc_Sha256Final((Sha256*)sha256, digest); + return wc_Sha256Final((wc_Sha256*)sha256, digest); } #endif @@ -197,13 +197,13 @@ int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX* sha256, unsigned char* digest) /* Initialize SHA-384 */ int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX* sha384) { - typedef char sha_test[sizeof(CRYPT_SHA384_CTX) >= sizeof(Sha384) ? 1 : -1]; + typedef char sha_test[sizeof(CRYPT_SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1]; (void)sizeof(sha_test); if (sha384 == NULL) return BAD_FUNC_ARG; - return wc_InitSha384((Sha384*)sha384); + return wc_InitSha384((wc_Sha384*)sha384); } @@ -214,7 +214,7 @@ int CRYPT_SHA384_DataAdd(CRYPT_SHA384_CTX* sha384, const unsigned char* input, if (sha384 == NULL || input == NULL) return BAD_FUNC_ARG; - return wc_Sha384Update((Sha384*)sha384, input, sz); + return wc_Sha384Update((wc_Sha384*)sha384, input, sz); } @@ -224,7 +224,7 @@ int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX* sha384, unsigned char* digest) if (sha384 == NULL || digest == NULL) return BAD_FUNC_ARG; - return wc_Sha384Final((Sha384*)sha384, digest); + return wc_Sha384Final((wc_Sha384*)sha384, digest); } #endif @@ -232,13 +232,13 @@ int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX* sha384, unsigned char* digest) /* Initialize SHA-512 */ int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX* sha512) { - typedef char sha_test[sizeof(CRYPT_SHA512_CTX) >= sizeof(Sha512) ? 1 : -1]; + typedef char sha_test[sizeof(CRYPT_SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1]; (void)sizeof(sha_test); if (sha512 == NULL) return BAD_FUNC_ARG; - return wc_InitSha512((Sha512*)sha512); + return wc_InitSha512((wc_Sha512*)sha512); } @@ -249,7 +249,7 @@ int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX* sha512, const unsigned char* input, if (sha512 == NULL || input == NULL) return BAD_FUNC_ARG; - return wc_Sha512Update((Sha512*)sha512, input, sz); + return wc_Sha512Update((wc_Sha512*)sha512, input, sz); } @@ -259,7 +259,7 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest) if (sha512 == NULL || digest == NULL) return BAD_FUNC_ARG; - return wc_Sha512Final((Sha512*)sha512, digest); + return wc_Sha512Final((wc_Sha512*)sha512, digest); } #endif diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index f9f2eba32..bac831e70 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -279,10 +279,10 @@ static int check_sha(void) static int check_sha256(void) { CRYPT_SHA256_CTX mcSha256; - Sha256 defSha256; + wc_Sha256 defSha256; int ret; byte mcDigest[CRYPT_SHA256_DIGEST_SIZE]; - byte defDigest[SHA256_DIGEST_SIZE]; + byte defDigest[WC_SHA256_DIGEST_SIZE]; CRYPT_SHA256_Initialize(&mcSha256); ret = wc_InitSha256(&defSha256); @@ -319,10 +319,10 @@ static int check_sha256(void) static int check_sha384(void) { CRYPT_SHA384_CTX mcSha384; - Sha384 defSha384; + wc_Sha384 defSha384; int ret; byte mcDigest[CRYPT_SHA384_DIGEST_SIZE]; - byte defDigest[SHA384_DIGEST_SIZE]; + byte defDigest[WC_SHA384_DIGEST_SIZE]; CRYPT_SHA384_Initialize(&mcSha384); ret = wc_InitSha384(&defSha384); @@ -359,10 +359,10 @@ static int check_sha384(void) static int check_sha512(void) { CRYPT_SHA512_CTX mcSha512; - Sha512 defSha512; + wc_Sha512 defSha512; int ret; byte mcDigest[CRYPT_SHA512_DIGEST_SIZE]; - byte defDigest[SHA512_DIGEST_SIZE]; + byte defDigest[WC_SHA512_DIGEST_SIZE]; CRYPT_SHA512_Initialize(&mcSha512); ret = wc_InitSha512(&defSha512); @@ -402,13 +402,13 @@ static int check_hmac(void) Hmac defHmac; int ret; byte mcDigest[CRYPT_SHA512_DIGEST_SIZE]; - byte defDigest[SHA512_DIGEST_SIZE]; + byte defDigest[WC_SHA512_DIGEST_SIZE]; strncpy((char*)key, "Jefe", 4); /* SHA1 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA, key, 4); - ret = wc_HmacSetKey(&defHmac, SHA, key, 4); + ret = wc_HmacSetKey(&defHmac, WC_SHA, key, 4); if (ret != 0) { printf("hmac sha setkey default failed\n"); return -1; @@ -436,7 +436,7 @@ static int check_hmac(void) /* SHA-256 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA256, key, 4); - ret = wc_HmacSetKey(&defHmac, SHA256, key, 4); + ret = wc_HmacSetKey(&defHmac, WC_SHA256, key, 4); if (ret != 0) { printf("hmac sha256 setkey default failed\n"); return -1; @@ -464,7 +464,7 @@ static int check_hmac(void) /* SHA-384 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA384, key, 4); - ret = wc_HmacSetKey(&defHmac, SHA384, key, 4); + ret = wc_HmacSetKey(&defHmac, WC_SHA384, key, 4); if (ret != 0) { printf("hmac sha384 setkey default failed\n"); return -1; @@ -492,7 +492,7 @@ static int check_hmac(void) /* SHA-512 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA512, key, 4); - ret = wc_HmacSetKey(&defHmac, SHA512, key, 4); + ret = wc_HmacSetKey(&defHmac, WC_SHA512, key, 4); if (ret != 0) { printf("hmac sha512 setkey default failed\n"); return -1; diff --git a/src/ssl.c b/src/ssl.c index 84f46ce5a..2038f0e0d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21108,6 +21108,45 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits, } +#ifdef HAVE_AES_ECB +/* Encrypt/decrypt a 16 byte block of data using the key passed in. + * + * in buffer to encrypt/decyrpt + * out buffer to hold result of encryption/decryption + * key AES structure to use with encryption/decryption + * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption + */ +void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, + AES_KEY *key, const int enc) +{ + Aes* aes; + + WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt"); + + if (key == NULL || in == NULL || out == NULL) { + WOLFSSL_MSG("Error, Null argument passed in"); + return; + } + + aes = (Aes*)key; + if (enc == AES_ENCRYPT) { + if (wc_AesEcbEncrypt(aes, out, in, AES_BLOCK_SIZE) != 0) { + WOLFSSL_MSG("Error with AES CBC encrypt"); + } + } + else { + #ifdef HAVE_AES_DECRYPT + if (wc_AesEcbDecrypt(aes, out, in, AES_BLOCK_SIZE) != 0) { + WOLFSSL_MSG("Error with AES CBC decrypt"); + } + #else + WOLFSSL_MSG("AES decryption not compiled in"); + #endif + } +} +#endif /* HAVE_AES_ECB */ + + /* Encrypt data using key and iv passed in. iv gets updated to most recent iv * state after encryptiond/decryption. * @@ -29750,6 +29789,52 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif /* ! NO_SHA */ +#ifndef NO_SHA256 + /* One shot SHA256 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA256_DIGEST_SIZE]; + wc_Sha256 sha; + + WOLFSSL_ENTER("wolfSSL_SHA256"); + + if (wc_InitSha256_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA256 Init failed"); + return NULL; + } + + if (wc_Sha256Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA256 Update failed"); + return NULL; + } + + if (wc_Sha256Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA256 Final failed"); + return NULL; + } + + wc_Sha256Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA256_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* ! NO_SHA256 */ char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; diff --git a/tests/api.c b/tests/api.c index fb6bb62a2..4449dc3e6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -268,6 +268,9 @@ #include #include #include +#ifndef NO_AES + #include +#endif #ifndef NO_DES3 #include #endif @@ -16620,6 +16623,80 @@ static void test_wolfSSL_DH_1536_prime(void) #endif } +static void test_wolfSSL_AES_ecb_encrypt(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) + AES_KEY aes; + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte out[AES_BLOCK_SIZE]; + + printf(testingFmt, "wolfSSL_AES_ecb_encrypt()"); + + AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT); + AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0); + +#ifdef HAVE_AES_DECRYPT + AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT); + AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0); +#endif + + /* test bad arguments */ + AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT); + AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT); + AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT); + + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_SHA256(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ + defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + unsigned char input[] = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + unsigned char output[] = + "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + size_t inLen; + byte hash[WC_SHA256_DIGEST_SIZE]; + + printf(testingFmt, "wolfSSL_SHA256()"); + inLen = XSTRLEN((char*)input); + + XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(input, inLen, hash)); + AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0); + + printf(resultFmt, passed); +#endif +} + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -17453,6 +17530,8 @@ void ApiTest(void) test_wolfSSL_msg_callback(); test_wolfSSL_SHA(); test_wolfSSL_DH_1536_prime(); + test_wolfSSL_AES_ecb_encrypt(); + test_wolfSSL_SHA256(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h index ad92dc186..58d235f8c 100644 --- a/wolfssl/openssl/aes.h +++ b/wolfssl/openssl/aes.h @@ -58,11 +58,15 @@ WOLFSSL_API int wolfSSL_AES_set_decrypt_key WOLFSSL_API void wolfSSL_AES_cbc_encrypt (const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, unsigned char* iv, const int enc); +WOLFSSL_API void wolfSSL_AES_ecb_encrypt + (const unsigned char *in, unsigned char* out, + AES_KEY *key, const int enc); WOLFSSL_API void wolfSSL_AES_cfb128_encrypt (const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, unsigned char* iv, int* num, const int enc); #define AES_cbc_encrypt wolfSSL_AES_cbc_encrypt +#define AES_ecb_encrypt wolfSSL_AES_ecb_encrypt #define AES_cfb128_encrypt wolfSSL_AES_cfb128_encrypt #define AES_set_encrypt_key wolfSSL_AES_set_encrypt_key #define AES_set_decrypt_key wolfSSL_AES_set_decrypt_key diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 22d9e6432..51bf656b6 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -119,6 +119,14 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA256 wolfSSL_SHA256 + #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE + #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define SHA256_PAD_SIZE WC_SHA256_PAD_SIZE +#endif #ifdef WOLFSSL_SHA384 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b3988d56b..126c52ec6 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2560,6 +2560,7 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 72e5d22a7..61654acf8 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1633,6 +1633,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) + /* added to have compatibility with SHA256() */ + #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA256_NAMES + #endif +#endif + /* switch for compatibility layer functionality. Has subparts i.e. BIO/X509 * When opensslextra is enabled all subparts should be turned on. */ #ifdef OPENSSL_EXTRA @@ -1640,6 +1647,7 @@ extern void uITRON4_free(void *p) ; #define OPENSSL_EXTRA_X509_SMALL #endif /* OPENSSL_EXTRA */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 0be24798e..e726493ea 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -77,7 +77,7 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES +#ifndef NO_OLD_SHA256_NAMES #define Sha256 wc_Sha256 #define SHA256 WC_SHA256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE