Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More FIPS tests #49

Merged
merged 11 commits into from
Sep 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions scripts/test-sanity.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
#!/bin/bash
# This script provides simple sanity checks to make sure the provider is working

SET_PRE=$( set )
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
LOG_FILE=${SCRIPT_DIR}/test-sanity.log
rm -f ${LOG_FILE}
source ${SCRIPT_DIR}/utils-wolfprovider.sh

echo "Using openssl: $OPENSSL_TAG, wolfssl: $WOLFSSL_TAG"

function doTestCmd() {
CMD=$*
echo ">>>>>> Running $CMD"
eval $CMD
RET=$?
if [ $RET -ne 0 ]; then
echo "Failed $CMD: $RET"
exit 1
fi
echo "<<<<<<"
}

function runSpotCheck() {
doTestCmd init_wolfprov

SET_POST=$( set )
echo "New variables set:"
diff <(echo "$SET_PRE") <(echo "$SET_POST") | grep "="

doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep 'Providers:' -A 10"

if [ $(${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep libwolfprov | wc -l) = 0 ]; then
echo "Not using wolfProvider for some reason"
exit 2
fi

if [ $(${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep OpenSSL | wc -l) -ne 0 ]; then
echo "OpenSSL provider is also enabled"
exit 2
fi

doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl s_client -CApath /etc/ssl/certs -connect github.com:443 </dev/null"
doTestCmd "curl https://github.com/wolfSSL/wolfProvider -o test.html"

doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl s_client -CApath /etc/ssl/certs -connect tls.support:443 </dev/null"
doTestCmd "curl https://tls.support -vv --tlsv1.3 --tls-max 1.3 -o test.html"
}

runSpotCheck

exit $?
4 changes: 3 additions & 1 deletion scripts/utils-wolfssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,11 @@ install_wolfssl() {
CONF_ARGS="-prefix=${WOLFSSL_INSTALL_DIR}"

if [ "$WOLFPROV_DEBUG" = "1" ]; then
CONF_ARGS+=" --enable-debug"
CONF_ARGS+=" --enable-debug --enable-debug-trace-errcodes=backtrace --enable-keylog-export"
WOLFSSL_CONFIG_CFLAGS+=" -DWOLFSSL_LOGGINGENABLED_DEFAULT=1"
fi
if [ "$WOLFSSL_ISFIPS" = "1" ]; then
printf "with FIPS ... "
CONF_ARGS+=" --enable-fips=ready"
if [ ! -e "XXX-fips-test" ]; then
./fips-check.sh keep nomakecheck fips-ready >>$LOG_FILE 2>&1
Expand Down
1 change: 1 addition & 0 deletions src/wp_aes_aead.c
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,7 @@ static int wp_aead_set_param_tls1_iv_rand(wp_AeadCtx* ctx,
#else
(void)ctx;
(void)params;
WOLFPROV_LEAVE(WP_LOG_CIPHER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down
1 change: 1 addition & 0 deletions src/wp_aes_stream.c
Original file line number Diff line number Diff line change
Expand Up @@ -450,6 +450,7 @@ static int wp_aes_stream_final(wp_AesStreamCtx* ctx, unsigned char *out,
(void)out;
(void)outSize;
*outLen = 0;
WOLFPROV_LEAVE(WP_LOG_CIPHER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
1 change: 1 addition & 0 deletions src/wp_dh_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,7 @@ int wp_dh_up_ref(wp_Dh* dh)
return ok;
#else
dh->refCnt++;
WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down
4 changes: 4 additions & 0 deletions src/wp_drbg.c
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ static int wp_drbg_uninstantiate(wp_DrbgCtx* ctx)
OPENSSL_clear_free(ctx->rng, sizeof(*ctx->rng));
#endif
ctx->rng = NULL;
WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down Expand Up @@ -331,6 +332,7 @@ static int wp_drbg_unlock(wp_DrbgCtx* ctx)
wc_UnLockMutex(ctx->mutex);
}
#endif
WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down Expand Up @@ -419,6 +421,7 @@ static int wp_drbg_set_ctx_params(wp_DrbgCtx* ctx, const OSSL_PARAM params[])
{
(void)ctx;
(void)params;
WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand All @@ -431,6 +434,7 @@ static int wp_drbg_set_ctx_params(wp_DrbgCtx* ctx, const OSSL_PARAM params[])
static int wp_drbg_verify_zeroization(wp_DrbgCtx* ctx)
{
(void)ctx;
WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
16 changes: 16 additions & 0 deletions src/wp_ecc_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,7 @@ int wp_ecc_up_ref(wp_Ecc* ecc)
return ok;
#else
ecc->refCnt++;
WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down Expand Up @@ -800,6 +801,14 @@ static int wp_ecc_get_params(wp_Ecc* ecc, OSSL_PARAM params[])
}
}

if (ok) {
/* Always assume not decoded from explicit params for now */
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
if ((p != NULL) && !OSSL_PARAM_set_int(p, 0)) {
ok = 0;
}
}

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
return ok;
}
Expand Down Expand Up @@ -1869,11 +1878,13 @@ static int wp_ecc_decode_params(wp_Ecc* ecc, unsigned char* data, word32 len)
ok = 0;
}
if (ok && (data[0] != 0x06)) {
WOLFPROV_MSG(WP_LOG_PK, "Invalid data");
ok = 0;
}
if (ok) {
oidLen = data[1];
if ((oidLen >= 0x80) || (oidLen + 2 > len)) {
WOLFPROV_MSG(WP_LOG_PK, "OID out of bounds");
ok = 0;
}
}
Expand All @@ -1884,17 +1895,20 @@ static int wp_ecc_decode_params(wp_Ecc* ecc, unsigned char* data, word32 len)
ecc->curveId = wp_ecc_get_curve_id_from_oid(data + 2, oidLen);
#endif
if (ecc->curveId == ECC_CURVE_INVALID) {
WOLFPROV_MSG(WP_LOG_PK, "Invalid curve");
ok = 0;
}
}

if (ok) {
rc = wc_ecc_set_curve(&ecc->key, 0, ecc->curveId);
if (rc != 0) {
WOLFPROV_MSG(WP_LOG_PK, "Can't set curve: %d",rc);
ok = 0;
}
}
if (ok && (!wp_ecc_set_bits(ecc))) {
WOLFPROV_MSG(WP_LOG_PK, "Can't set bits");
ok = 0;
}

Expand Down Expand Up @@ -2108,6 +2122,7 @@ static int wp_ecc_encode_params_size(const wp_Ecc *ecc, size_t* keyLen)
/* ASN.1 type, len and data. */
*keyLen = ecc->key.dp->oidSz + 2;

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand All @@ -2130,6 +2145,7 @@ static int wp_ecc_encode_params(const wp_Ecc *ecc, unsigned char* keyData,

*keyLen = ecc->key.dp->oidSz + 2;

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
1 change: 1 addition & 0 deletions src/wp_ecx_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@ int wp_ecx_up_ref(wp_Ecx* ecx)
return ok;
#else
ecx->refCnt++;
WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down
1 change: 1 addition & 0 deletions src/wp_file_store.c
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,7 @@ static int wp_file_eof(wp_FileCtx* ctx)
static int wp_file_close(wp_FileCtx* ctx)
{
wp_filectx_free(ctx);
WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
2 changes: 2 additions & 0 deletions src/wp_kdf_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ int wp_kdf_up_ref(wp_Kdf* kdf)
return ok;
#else
kdf->refCnt++;
WOLFPROV_LEAVE(WP_LOG_KDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down Expand Up @@ -151,6 +152,7 @@ static int wp_kdf_has(const wp_Kdf* kdf, int selection)
{
(void)kdf;
(void)selection;
WOLFPROV_LEAVE(WP_LOG_KDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
2 changes: 2 additions & 0 deletions src/wp_mac_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ int wp_mac_up_ref(wp_Mac* mac)
return ok;
#else
mac->refCnt++;
WOLFPROV_LEAVE(WP_LOG_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down Expand Up @@ -435,6 +436,7 @@ static int wp_mac_export_priv_key(wp_Mac* mac, OSSL_PARAM* params, int* pIdx,
}

*pIdx = i;
WOLFPROV_LEAVE(WP_LOG_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
3 changes: 3 additions & 0 deletions src/wp_rsa_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ int wp_rsa_up_ref(wp_Rsa* rsa)
return ok;
#else
rsa->refCnt++;
WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
#endif
}
Expand Down Expand Up @@ -468,6 +469,7 @@ static int wp_rsa_pss_params_set_pss_defaults(wp_RsaPssParams* pss)
pss->saltLen = 20;
pss->derTrailer = 1; /* Default: RFC8017 A.2.3 */

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down Expand Up @@ -1085,6 +1087,7 @@ static int wp_rsa_pss_params_export(wp_RsaPssParams* pss, OSSL_PARAM* params,
&pss->saltLen);

*idx = i;
WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down
11 changes: 11 additions & 0 deletions src/wp_wolfprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
#include "wolfprovider/wp_wolfprov.h"
#include "wolfprovider/alg_funcs.h"

#include "wolfssl/wolfcrypt/logging.h"

const char* wolfprovider_id = "libwolfprov";

/* Core function that gets the table of parameters. */
Expand Down Expand Up @@ -73,6 +75,7 @@ static const OSSL_PARAM* wolfprov_gettable_params(void* provCtx)
int wolfssl_prov_is_running(void)
{
/* Always running. */
WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down Expand Up @@ -172,6 +175,7 @@ static int bio_core_new(BIO *bio)
{
BIO_set_init(bio, 1);

WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand All @@ -180,6 +184,7 @@ static int bio_core_free(BIO *bio)
BIO_set_init(bio, 0);
wolfssl_prov_bio_free(BIO_get_data(bio));

WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}

Expand Down Expand Up @@ -909,6 +914,7 @@ static int wp_dummy_decode(WOLFPROV_CTX* ctx, OSSL_CORE_BIO* cBio,
(void)pwCb;
(void)pwCbArg;

WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
return 1;
}
/**
Expand Down Expand Up @@ -1133,6 +1139,11 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
int ok = 1;
OSSL_FUNC_core_get_libctx_fn* c_get_libctx = NULL;

#ifdef WOLFPROV_DEBUG
ok = (wolfProv_Debugging_ON() == 0) && (wolfSSL_Debugging_ON() == 0);
wolfSSL_SetLoggingPrefix("wolfSSL");
#endif

for (; in->function_id != 0; in++) {
switch (in->function_id) {
case OSSL_FUNC_CORE_GETTABLE_PARAMS:
Expand Down