Skip to content

Commit 16fb84d

Browse files
dgarskedgarske
committed
Peer review fixes. Tested with brainpool.
1 parent 54f0ecb commit 16fb84d

2 files changed

Lines changed: 91 additions & 33 deletions

File tree

wolfcrypt/src/port/st/stsafe.c

Lines changed: 85 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -120,12 +120,12 @@ static int stsafe_get_key_size(stsafe_curve_id_t curve_id)
120120
{
121121
switch (curve_id) {
122122
case STSAFE_ECC_CURVE_P256:
123-
#ifdef STSAFE_ECC_CURVE_BP256
123+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
124124
case STSAFE_ECC_CURVE_BP256:
125125
#endif
126126
return 32;
127127
case STSAFE_ECC_CURVE_P384:
128-
#ifdef STSAFE_ECC_CURVE_BP384
128+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
129129
case STSAFE_ECC_CURVE_BP384:
130130
#endif
131131
return 48;
@@ -145,11 +145,11 @@ static stsafe_curve_id_t stsafe_get_ecc_curve_id(int ecc_curve)
145145
return STSAFE_ECC_CURVE_P256;
146146
case ECC_SECP384R1:
147147
return STSAFE_ECC_CURVE_P384;
148-
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSAFE_ECC_CURVE_BP256)
148+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
149149
case ECC_BRAINPOOLP256R1:
150150
return STSAFE_ECC_CURVE_BP256;
151151
#endif
152-
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSAFE_ECC_CURVE_BP384)
152+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
153153
case ECC_BRAINPOOLP384R1:
154154
return STSAFE_ECC_CURVE_BP384;
155155
#endif
@@ -170,11 +170,11 @@ static int stsafe_get_ecc_curve(stsafe_curve_id_t curve_id)
170170
return ECC_SECP256R1;
171171
case STSAFE_ECC_CURVE_P384:
172172
return ECC_SECP384R1;
173-
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSAFE_ECC_CURVE_BP256)
173+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
174174
case STSAFE_ECC_CURVE_BP256:
175175
return ECC_BRAINPOOLP256R1;
176176
#endif
177-
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSAFE_ECC_CURVE_BP384)
177+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
178178
case STSAFE_ECC_CURVE_BP384:
179179
return ECC_BRAINPOOLP384R1;
180180
#endif
@@ -413,13 +413,25 @@ static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id,
413413
int rc = STSAFE_A_OK;
414414
stse_ReturnCode_t ret;
415415
int key_sz = stsafe_get_key_size(curve_id);
416+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
417+
uint8_t* peerPubKey = NULL;
418+
#else
416419
uint8_t peerPubKey[STSAFE_MAX_PUBKEY_RAW_LEN];
420+
#endif
417421

418422
if (pPubKeyX == NULL || pPubKeyY == NULL || pSharedSecret == NULL ||
419423
pSharedSecretLen == NULL) {
420424
return BAD_FUNC_ARG;
421425
}
422426

427+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
428+
peerPubKey = (uint8_t*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL,
429+
DYNAMIC_TYPE_TMP_BUFFER);
430+
if (peerPubKey == NULL) {
431+
return MEMORY_E;
432+
}
433+
#endif
434+
423435
/* Combine peer X and Y (X||Y format) */
424436
XMEMCPY(peerPubKey, pPubKeyX, key_sz);
425437
XMEMCPY(peerPubKey + key_sz, pPubKeyY, key_sz);
@@ -441,6 +453,10 @@ static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id,
441453
*pSharedSecretLen = (int32_t)key_sz;
442454
}
443455

456+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
457+
XFREE(peerPubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
458+
#endif
459+
444460
return rc;
445461
}
446462

@@ -458,13 +474,25 @@ static int stsafe_shared_secret_ecdhe(stsafe_curve_id_t curve_id,
458474
int rc = STSAFE_A_OK;
459475
stse_ReturnCode_t ret;
460476
int key_sz = stsafe_get_key_size(curve_id);
477+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
478+
uint8_t* peerPubKey = NULL;
479+
#else
461480
uint8_t peerPubKey[STSAFE_MAX_PUBKEY_RAW_LEN];
481+
#endif
462482

463483
if (pPubKeyX == NULL || pPubKeyY == NULL || pSharedSecret == NULL ||
464484
pSharedSecretLen == NULL || key_sz == 0) {
465485
return BAD_FUNC_ARG;
466486
}
467487

488+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
489+
peerPubKey = (uint8_t*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL,
490+
DYNAMIC_TYPE_TMP_BUFFER);
491+
if (peerPubKey == NULL) {
492+
return MEMORY_E;
493+
}
494+
#endif
495+
468496
/* Combine peer X and Y (X||Y format) */
469497
XMEMCPY(peerPubKey, pPubKeyX, key_sz);
470498
XMEMCPY(peerPubKey + key_sz, pPubKeyY, key_sz);
@@ -483,6 +511,10 @@ static int stsafe_shared_secret_ecdhe(stsafe_curve_id_t curve_id,
483511
*pSharedSecretLen = (int32_t)key_sz;
484512
}
485513

514+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
515+
XFREE(peerPubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
516+
#endif
517+
486518
return rc;
487519
}
488520

@@ -1820,7 +1852,14 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
18201852
curve_id = stsafe_get_ecc_curve_id(ecc_curve);
18211853
/* Note: STSAFE_ECC_CURVE_P256 is 0, so we can't use STSAFE_DEFAULT_CURVE check.
18221854
* Instead, verify the curve_id is valid by checking it's one of the supported curves */
1823-
if (curve_id != STSAFE_ECC_CURVE_P256 && curve_id != STSAFE_ECC_CURVE_P384) {
1855+
if (curve_id != STSAFE_ECC_CURVE_P256 && curve_id != STSAFE_ECC_CURVE_P384
1856+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
1857+
&& curve_id != STSAFE_ECC_CURVE_BP256
1858+
#endif
1859+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
1860+
&& curve_id != STSAFE_ECC_CURVE_BP384
1861+
#endif
1862+
) {
18241863
rc = BAD_FUNC_ARG;
18251864
}
18261865
}
@@ -1873,35 +1912,52 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
18731912
* existing key in ephemeral slot, so for bidirectional ECDH, both keys
18741913
* should be generated in ephemeral slot from the start. */
18751914
stse_ReturnCode_t ret;
1915+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
1916+
byte* ephemeralPubKey = NULL;
1917+
#else
18761918
byte ephemeralPubKey[STSAFE_MAX_PUBKEY_RAW_LEN];
1919+
#endif
18771920
int key_sz = stsafe_get_key_size(curve_id);
18781921
slot = STSAFE_KEY_SLOT_EPHEMERAL;
18791922

1880-
ret = stse_generate_ecc_key_pair(&g_stse_handler, slot,
1881-
(stse_ecc_key_type_t)curve_id,
1882-
STSAFE_EPHEMERAL_KEY_USAGE_LIMIT,
1883-
ephemeralPubKey);
1884-
if (ret != STSE_OK) {
1885-
STSAFE_INTERFACE_PRINTF("stse_generate_ecc_key_pair (ephemeral for ECDH) error: %d\n", ret);
1886-
rc = (int)ret;
1887-
} else {
1888-
WOLFSSL_MSG("STSAFE: Generated ephemeral key for ECDH");
1889-
/* Update devCtx to reflect ephemeral slot for this key */
1890-
if (info->pk.ecdh.private_key != NULL) {
1891-
info->pk.ecdh.private_key->devCtx = STSAFE_SLOT_TO_DEVCXT(slot);
1892-
}
1893-
/* Update the public key in the key structure to match the new ephemeral key */
1894-
if (info->pk.ecdh.private_key != NULL && rc == 0) {
1895-
void* saved_devCtx = info->pk.ecdh.private_key->devCtx;
1896-
rc = wc_ecc_import_unsigned(info->pk.ecdh.private_key,
1897-
ephemeralPubKey, &ephemeralPubKey[key_sz],
1898-
NULL, ecc_curve);
1899-
/* Restore devCtx in case import cleared it */
1900-
if (saved_devCtx != NULL && info->pk.ecdh.private_key->devCtx != saved_devCtx) {
1901-
info->pk.ecdh.private_key->devCtx = saved_devCtx;
1923+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
1924+
ephemeralPubKey = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL,
1925+
DYNAMIC_TYPE_TMP_BUFFER);
1926+
if (ephemeralPubKey == NULL) {
1927+
rc = MEMORY_E;
1928+
}
1929+
#endif
1930+
1931+
if (rc == 0) {
1932+
ret = stse_generate_ecc_key_pair(&g_stse_handler, slot,
1933+
(stse_ecc_key_type_t)curve_id,
1934+
STSAFE_EPHEMERAL_KEY_USAGE_LIMIT,
1935+
ephemeralPubKey);
1936+
if (ret != STSE_OK) {
1937+
STSAFE_INTERFACE_PRINTF("stse_generate_ecc_key_pair (ephemeral for ECDH) error: %d\n", ret);
1938+
rc = (int)ret;
1939+
} else {
1940+
WOLFSSL_MSG("STSAFE: Generated ephemeral key for ECDH");
1941+
/* Update devCtx to reflect ephemeral slot for this key */
1942+
if (info->pk.ecdh.private_key != NULL) {
1943+
info->pk.ecdh.private_key->devCtx = STSAFE_SLOT_TO_DEVCXT(slot);
1944+
}
1945+
/* Update the public key in the key structure to match the new ephemeral key */
1946+
if (info->pk.ecdh.private_key != NULL && rc == 0) {
1947+
void* saved_devCtx = info->pk.ecdh.private_key->devCtx;
1948+
rc = wc_ecc_import_unsigned(info->pk.ecdh.private_key,
1949+
ephemeralPubKey, &ephemeralPubKey[key_sz],
1950+
NULL, ecc_curve);
1951+
/* Restore devCtx in case import cleared it */
1952+
if (saved_devCtx != NULL && info->pk.ecdh.private_key->devCtx != saved_devCtx) {
1953+
info->pk.ecdh.private_key->devCtx = saved_devCtx;
1954+
}
19021955
}
19031956
}
19041957
}
1958+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
1959+
XFREE(ephemeralPubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1960+
#endif
19051961
#else /* WOLFSSL_STSAFEA100 */
19061962
/* For A100/A110, ephemeral key generation in ECDH callback
19071963
* is not supported. Keys must be generated in ephemeral slot

wolfssl/wolfcrypt/port/st/stsafe.h

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -77,12 +77,14 @@
7777
/* Curve ID mappings - values depend on stse_conf.h settings!
7878
* With only NIST P-256 and P-384 enabled:
7979
* STSE_ECC_KT_NIST_P_256 = 0, STSE_ECC_KT_NIST_P_384 = 1
80-
* NOTE: If other curves are enabled, these values change! */
80+
* NOTE: If other curves are enabled, these values change!
81+
*
82+
* Compile-time static assertions and runtime checks in stsafe_interface_init()
83+
* verify that these constants match the actual STSE_ECC_KT enum values. */
8184
#define STSAFE_ECC_CURVE_P256 0 /* STSE_ECC_KT_NIST_P_256 */
8285
#define STSAFE_ECC_CURVE_P384 1 /* STSE_ECC_KT_NIST_P_384 */
83-
/* Brainpool curves - only defined when enabled in stse_conf.h */
84-
/* #define STSAFE_ECC_CURVE_BP256 2 */ /* STSE_ECC_KT_BP_P_256 */
85-
/* #define STSAFE_ECC_CURVE_BP384 3 */ /* STSE_ECC_KT_BP_P_384 */
86+
#define STSAFE_ECC_CURVE_BP256 2 /* STSE_ECC_KT_BP_P_256 */
87+
#define STSAFE_ECC_CURVE_BP384 3 /* STSE_ECC_KT_BP_P_384 */
8688

8789
/* Slot mappings */
8890
#define STSAFE_KEY_SLOT_0 0

0 commit comments

Comments
 (0)