WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8646 from philljj/register_rsa 

linuxkm: register rsa
pull/8683/head
Daniel Pouzzner 2025-04-16 17:51:20 -05:00 committed by GitHub
parent 91cd0e96fa ff93e6d5d4
commit bfab68f40c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 1904 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -9424,6 +9424,8 @@ then
'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
'ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA" ;;
# disable options
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
'-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
@ -9436,6 +9438,7 @@ then
'-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
'-ecdsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
'-ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
'-rsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
esac
done

1
linuxkm/include.am
View File

@ -16,4 +16,5 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
linuxkm/lkcapi_glue.c \
linuxkm/lkcapi_ecdsa_glue.c \
linuxkm/lkcapi_ecdh_glue.c \
linuxkm/lkcapi_rsa_glue.c \
linuxkm/x86_vector_register_glue.c

7
linuxkm/linuxkm_wc_port.h
View File

@ -294,14 +294,9 @@
#include <crypto/scatterwalk.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/akcipher.h>
#include <crypto/internal/kpp.h>
#if defined(HAVE_ECC) && \
(defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
defined(LINUXKM_LKCAPI_REGISTER_ECDSA))
#include <crypto/internal/akcipher.h>
#endif /* HAVE_ECC && (REGISTER_ALL || REGISTER_ECDSA) */
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in

75
linuxkm/lkcapi_glue.c
View File

@ -4231,17 +4231,19 @@ static int linuxkm_test_aesecb(void) {
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#endif /* HAVE_ECC */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/**
* note: ecdsa supported with linux 6.12 and earlier for now, only.
* In linux 6.13, ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type, and the sign/verify callbacks were removed
* from akcipher_alg.
* */
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* linux >= 6.13.0 */
#if !defined(NO_RSA)
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA)) && \
!defined(LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_LKCAPI_REGISTER_RSA
#endif
#else
#undef LINUXKM_LKCAPI_REGISTER_RSA
#endif /* !NO_RSA */
/**
* extra checks on kernel version, and ecc sizes.
* */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
/**
@ -4265,6 +4267,29 @@ static int linuxkm_test_aesecb(void) {
#endif
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/**
* notes:
* - ecdsa supported with linux 6.12 and earlier for now, only.
* - pkcs1pad rsa supported both before and after linux 6.13, but
* without sign/verify after linux 6.13.
*
* In linux 6.13 the sign/verify callbacks were removed from
* akcipher_alg, and ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type.
*
* pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
* functionality.
* */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined (LINUXKM_LKCAPI_REGISTER_RSA)
#define LINUXKM_AKCIPHER_NO_SIGNVERIFY
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#endif /* linux >= 6.13.0 */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#include "linuxkm/lkcapi_ecdsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
@ -4273,6 +4298,10 @@ static int linuxkm_test_aesecb(void) {
#include "linuxkm/lkcapi_ecdh_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
#if defined(LINUXKM_LKCAPI_REGISTER_RSA)
#include "linuxkm/lkcapi_rsa_glue.c"
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
static int linuxkm_lkcapi_register(void)
{
int ret = 0;
@ -4388,6 +4417,20 @@ static int linuxkm_lkcapi_register(void)
linuxkm_test_ecdh_nist_p384);
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
#ifdef LINUXKM_LKCAPI_REGISTER_RSA
#if defined(LINUXKM_DIRECT_RSA)
REGISTER_ALG(direct_rsa, crypto_register_akcipher, linuxkm_test_rsa);
#endif /* LINUXKM_DIRECT_RSA */
#ifndef NO_SHA256
REGISTER_ALG(pkcs1_sha256, crypto_register_akcipher,
linuxkm_test_pkcs1_sha256);
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA512
REGISTER_ALG(pkcs1_sha512, crypto_register_akcipher,
linuxkm_test_pkcs1_sha512);
#endif /* WOLFSSL_SHA512 */
#endif
#undef REGISTER_ALG
out:
@ -4458,5 +4501,17 @@ static void linuxkm_lkcapi_unregister(void)
/* no ecdh p521 in kernel. */
#endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
#ifdef LINUXKM_LKCAPI_REGISTER_RSA
#if defined(LINUXKM_DIRECT_RSA)
UNREGISTER_ALG(direct_rsa, crypto_unregister_akcipher);
#endif /* LINUXKM_DIRECT_RSA */
#ifndef NO_SHA256
UNREGISTER_ALG(pkcs1_sha256, crypto_unregister_akcipher);
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA512
UNREGISTER_ALG(pkcs1_sha512, crypto_unregister_akcipher);
#endif /* WOLFSSL_SHA512 */
#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
#undef UNREGISTER_ALG
}

1834
linuxkm/lkcapi_rsa_glue.c 100644
View File

File diff suppressed because it is too large Load Diff