Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix demos to work with new wolfHSM API #17

Merged
merged 18 commits into from
Nov 5, 2024
Merged

Fix demos to work with new wolfHSM API #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6d9cd1f
WIP
billphipps Oct 4, 2024
a536940
added missing re-set of AES IV
bigbrett Oct 7, 2024
b56dd6c
v1.0 rsa fixes
bigbrett Oct 7, 2024
598576b
remove erroneously committed file
bigbrett Oct 7, 2024
4d80df8
some curve25519 fixes - import demo still fails
bigbrett Oct 8, 2024
dab2887
updated curve25519 demo to use new DER cert parsing
bigbrett Oct 29, 2024
12b67e0
replace deprecated usleep with POSIX compliant nanosleep
bigbrett Nov 1, 2024
1dc3bf7
fix AES cbc and some return values
bigbrett Nov 1, 2024
8083713
fixed improper error code propagation
bigbrett Nov 1, 2024
1f8bce9
revert function name for simplicity
bigbrett Nov 1, 2024
c28eb2f
rebase + fix merge conflicts
bigbrett Nov 1, 2024
5dd9c52
formatting fixes
bigbrett Nov 5, 2024
915784a
fix bad user settings
bigbrett Nov 5, 2024
31e375e
add -Werror
bigbrett Nov 5, 2024
ccf65a8
add all algos back in, fix ECC to use DER keys
bigbrett Nov 5, 2024
0c13583
clang-format
bigbrett Nov 5, 2024
f362f3d
fixed RSA
bigbrett Nov 5, 2024
312b72d
add keys
bigbrett Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.DS_Store
Build/
demo/certs/*.pem

Binary file added demo/certs/alice-ecc256-key.der
View file
Open in desktop
Binary file not shown.
Binary file added demo/certs/bob-ecc256-key.der
View file
Open in desktop
Binary file not shown.
2 changes: 0 additions & 2 deletions demo/certs/curve25519-private-alice.raw
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion demo/certs/curve25519-private-bob.raw
View file
Open in desktop

This file was deleted.

2 changes: 0 additions & 2 deletions demo/certs/curve25519-public-alice.raw
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion demo/certs/curve25519-public-bob.raw
View file
Open in desktop

This file was deleted.

Binary file added demo/certs/curve25519_keyAlice.der
View file
Open in desktop
Binary file not shown.
Binary file added demo/certs/curve25519_keyBob.der
View file
Open in desktop
Binary file not shown.
Binary file removed demo/certs/ecc-private-alice.raw
View file
Open in desktop
Binary file not shown.
1 change: 0 additions & 1 deletion demo/certs/ecc-private-bob.raw
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion demo/certs/ecc-public-alice.raw
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion demo/certs/ecc-public-bob.raw
View file
Open in desktop

This file was deleted.

18 changes: 18 additions & 0 deletions demo/certs/genKeys.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

# ECC Keys
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out alice-ecc256-key.pem
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grumble. Hate relying on openssl. Maybe we should leave some pregenerated keys in PEM format in the repo as well in case they don't have openssl available? No change recommended at this point. Just a thought.

openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out bob-ecc256-key.pem
openssl ec -in alice-ecc256-key.pem -outform DER -out alice-ecc256-key.der
openssl ec -in bob-ecc256-key.pem -outform DER -out bob-ecc256-key.der

# RSA Key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out rsa-2048-key.pem
openssl rsa -in rsa-2048-key.pem -outform DER -out rsa-2048-key.der

# TODO: Curve25519 Keys
# Either need to modify examples to split out public/private operations, or modify wolfHSM to be able to recove public keys on deserialization of private only.
#openssl genpkey -algorithm X25519 -out alice-curve25519-key.pem
#openssl genpkey -algorithm X25519 -out bob-curve25519-key.pem
#openssl pkey -in alice-curve25519-key.pem -outform DER -out alice-curve25519-key.der
#openssl pkey -in bob-curve25519-key.pem -outform DER -out bob-curve25519-key.der
Binary file added demo/certs/rsa-2048-key.der
View file
Open in desktop
Binary file not shown.
16 changes: 15 additions & 1 deletion demo/client/wh_demo_client_all.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,15 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#ifndef NO_AES
rc = wh_DemoClient_KeystoreAes(clientContext);
if (rc != 0) {
return rc;
}
#endif

/* Crypto demos */
/**Crypto demos */
#ifndef NO_RSA
rc = wh_DemoClient_CryptoRsa(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -52,7 +55,9 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* !NO_RSA */

#ifdef HAVE_CURVE25519
rc = wh_DemoClient_CryptoCurve25519(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -62,7 +67,9 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* HAVE_CURVE25519 */

#ifdef HAVE_ECC
rc = wh_DemoClient_CryptoEcc(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -72,7 +79,9 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* HAVE_ECC */

#if !defined(NO_AES) && defined(HAVE_AES_CBC)
rc = wh_DemoClient_CryptoAesCbc(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -82,7 +91,9 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* !NO_AES && HAVE_AES_CBC */

#if !defined(NO_AES) && defined(HAVE_AESGCM)
rc = wh_DemoClient_CryptoAesGcm(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -92,7 +103,9 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* !NO_AES && HAVE_AESGCM */

#if defined(WOLFSSL_CMAC)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have additional constraints on CMAC like !NO_AES and WOLFSSL_AES_DIRECT. Do you capture these in the lower level? I'd love to simplify this compile-time logic to exactly what you have written here.

rc = wh_DemoClient_CryptoCmac(clientContext);
if (rc != 0) {
return rc;
Expand All @@ -107,6 +120,7 @@ int wh_DemoClient_All(whClientContext* clientContext)
if (rc != 0) {
return rc;
}
#endif /* WOLFSSL_CMAC */

return rc;
}
Loading