Skip to content

Commit cbb7bfc

Browse files
sebastian-carpentersebastian-carpenter
committed
improved ifdef's for hpke
1 parent fcedc91 commit cbb7bfc

5 files changed

Lines changed: 87 additions & 53 deletions

File tree

examples/server/server.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2559,21 +2559,21 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
25592559
case 270:
25602560
echSuite = myoptarg;
25612561

2562-
/* parse alg id's ignoring overflows
2562+
/* parse alg id's
25632563
* commas can be entered with no number to accept the default */
25642564
if (echSuite != NULL) {
25652565
kemId = (word16)atoi(echSuite);
25662566
for (; *echSuite != '\0' && *echSuite != ','; echSuite++);
25672567
if (*echSuite != ',') {
2568-
LOG_ERROR("Expected two commas '%s'\n", myoptarg);
2568+
LOG_ERROR("Expected two commas in '%s'\n", myoptarg);
25692569
XEXIT_T(EXIT_FAILURE);
25702570
}
25712571
echSuite++;
25722572

25732573
kdfId = (word16)atoi(echSuite);
25742574
for (; *echSuite != '\0' && *echSuite != ','; echSuite++);
25752575
if (*echSuite != ',') {
2576-
LOG_ERROR("Expected two commas'%s'\n", myoptarg);
2576+
LOG_ERROR("Expected two commas in '%s'\n", myoptarg);
25772577
XEXIT_T(EXIT_FAILURE);
25782578
}
25792579
echSuite++;

wolfcrypt/src/hpke.c

Lines changed: 51 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
148148
if (ret == 0) {
149149
switch (kem) {
150150
#if defined(HAVE_ECC)
151-
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
151+
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
152152
case DHKEM_P256_HKDF_SHA256:
153153
hpke->curveId = ECC_SECP256R1;
154154
hpke->Nsecret = WC_SHA256_DIGEST_SIZE;
@@ -158,7 +158,8 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
158158
break;
159159
#endif
160160

161-
#ifdef WOLFSSL_SHA384
161+
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
162+
defined(WOLFSSL_SHA384)
162163
case DHKEM_P384_HKDF_SHA384:
163164
hpke->curveId = ECC_SECP384R1;
164165
hpke->Nsecret = WC_SHA384_DIGEST_SIZE;
@@ -168,7 +169,8 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
168169
break;
169170
#endif
170171

171-
#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
172+
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
173+
defined(WOLFSSL_SHA512)
172174
case DHKEM_P521_HKDF_SHA512:
173175
hpke->curveId = ECC_SECP521R1;
174176
hpke->Nsecret = WC_SHA512_DIGEST_SIZE;
@@ -177,10 +179,9 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
177179
hpke->Npk = 1 + hpke->Ndh * 2;
178180
break;
179181
#endif
180-
#endif
182+
#endif /* HAVE_ECC */
181183

182-
#if defined(HAVE_CURVE25519) &&\
183-
(defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
184+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
184185
case DHKEM_X25519_HKDF_SHA256:
185186
hpke->Nsecret = WC_SHA256_DIGEST_SIZE;
186187
hpke->kemDigest = WC_SHA256;
@@ -189,8 +190,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
189190
break;
190191
#endif
191192

192-
#if defined(HAVE_CURVE448) &&\
193-
(defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
193+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
194194
case DHKEM_X448_HKDF_SHA512:
195195
hpke->Nsecret = WC_SHA512_DIGEST_SIZE;
196196
hpke->kemDigest = WC_SHA512;
@@ -209,7 +209,7 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
209209

210210
if (ret == 0) {
211211
switch (kdf) {
212-
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
212+
#if !defined(NO_SHA256)
213213
case HKDF_SHA256:
214214
hpke->Nh = WC_SHA256_DIGEST_SIZE;
215215
hpke->kdfDigest = WC_SHA256;
@@ -278,26 +278,34 @@ int wc_HpkeGenerateKeyPair(Hpke* hpke, void** keypair, WC_RNG* rng)
278278

279279
switch (hpke->kem) {
280280
#if defined(HAVE_ECC)
281+
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
281282
case DHKEM_P256_HKDF_SHA256:
282283
*keypair = wc_ecc_key_new(hpke->heap);
283284
if (*keypair != NULL)
284285
ret = wc_ecc_make_key_ex(rng, 32, (ecc_key*)*keypair,
285286
ECC_SECP256R1);
286287
break;
288+
#endif
289+
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
290+
defined(WOLFSSL_SHA384)
287291
case DHKEM_P384_HKDF_SHA384:
288292
*keypair = wc_ecc_key_new(hpke->heap);
289293
if (*keypair != NULL)
290294
ret = wc_ecc_make_key_ex(rng, 48, (ecc_key*)*keypair,
291295
ECC_SECP384R1);
292296
break;
297+
#endif
298+
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
299+
defined(WOLFSSL_SHA512)
293300
case DHKEM_P521_HKDF_SHA512:
294301
*keypair = wc_ecc_key_new(hpke->heap);
295302
if (*keypair != NULL)
296303
ret = wc_ecc_make_key_ex(rng, 66, (ecc_key*)*keypair,
297304
ECC_SECP521R1);
298305
break;
306+
#endif
299307
#endif
300-
#if defined(HAVE_CURVE25519)
308+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
301309
case DHKEM_X25519_HKDF_SHA256:
302310
*keypair = XMALLOC(sizeof(curve25519_key), hpke->heap,
303311
DYNAMIC_TYPE_CURVE25519);
@@ -310,8 +318,10 @@ int wc_HpkeGenerateKeyPair(Hpke* hpke, void** keypair, WC_RNG* rng)
310318
}
311319
break;
312320
#endif
321+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
313322
case DHKEM_X448_HKDF_SHA512:
314323
/* TODO: Add X448 */
324+
#endif
315325
default:
316326
ret = BAD_FUNC_ARG;
317327
break;
@@ -350,13 +360,16 @@ int wc_HpkeSerializePublicKey(Hpke* hpke, void* key, byte* out, word16* outSz)
350360
ret = wc_ecc_export_x963_ex((ecc_key*)key, out, &tmpOutSz, 0);
351361
break;
352362
#endif
353-
#if defined(HAVE_CURVE25519)
363+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
354364
case DHKEM_X25519_HKDF_SHA256:
355365
ret = wc_curve25519_export_public_ex((curve25519_key*)key, out,
356366
&tmpOutSz, EC25519_LITTLE_ENDIAN);
357367
break;
358368
#endif
369+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
359370
case DHKEM_X448_HKDF_SHA512:
371+
/* TODO: Add X448 */
372+
#endif
360373
default:
361374
ret = -1;
362375
break;
@@ -396,7 +409,7 @@ int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key, const byte* in,
396409
}
397410
break;
398411
#endif
399-
#if defined(HAVE_CURVE25519)
412+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
400413
case DHKEM_X25519_HKDF_SHA256:
401414
*key = XMALLOC(sizeof(curve25519_key), hpke->heap,
402415
DYNAMIC_TYPE_CURVE25519);
@@ -409,7 +422,10 @@ int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key, const byte* in,
409422
}
410423
break;
411424
#endif
425+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
412426
case DHKEM_X448_HKDF_SHA512:
427+
/* TODO: Add X448 */
428+
#endif
413429
default:
414430
ret = -1;
415431
break;
@@ -438,14 +454,16 @@ void wc_HpkeFreeKey(Hpke* hpke, word16 kem, void* keypair, void* heap)
438454
wc_ecc_key_free((ecc_key*)keypair);
439455
break;
440456
#endif
441-
#if defined(HAVE_CURVE25519)
457+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
442458
case DHKEM_X25519_HKDF_SHA256:
443459
wc_curve25519_free((curve25519_key*)keypair);
444460
XFREE(keypair, heap, DYNAMIC_TYPE_CURVE25519);
445461
break;
446462
#endif
463+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
447464
case DHKEM_X448_HKDF_SHA512:
448465
/* TODO: Add X448 */
466+
#endif
449467
default:
450468
break;
451469
}
@@ -753,7 +771,7 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey,
753771
byte* sharedSecret)
754772
{
755773
int ret;
756-
#ifdef ECC_TIMING_RESISTANT
774+
#if defined(ECC_TIMING_RESISTANT) && defined(HAVE_ECC)
757775
WC_RNG* rng;
758776
#endif
759777
word32 dh_len;
@@ -814,15 +832,17 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey,
814832
#endif
815833
break;
816834
#endif
817-
#if defined(HAVE_CURVE25519)
835+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
818836
case DHKEM_X25519_HKDF_SHA256:
819837
ret = wc_curve25519_shared_secret_ex((curve25519_key*)ephemeralKey,
820838
(curve25519_key*)receiverKey, dh, &dh_len,
821839
EC25519_LITTLE_ENDIAN);
822840
break;
823841
#endif
842+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
824843
case DHKEM_X448_HKDF_SHA512:
825844
/* TODO: Add X448 */
845+
#endif
826846
default:
827847
ret = -1;
828848
break;
@@ -1047,7 +1067,7 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey,
10471067
#endif
10481068
break;
10491069
#endif
1050-
#if defined(HAVE_CURVE25519)
1070+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
10511071
case DHKEM_X25519_HKDF_SHA256:
10521072
#ifdef WOLFSSL_CURVE25519_BLINDING
10531073
rng = wc_rng_new(NULL, 0, hpke->heap);
@@ -1067,8 +1087,10 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey,
10671087
#endif
10681088
break;
10691089
#endif
1090+
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512)
10701091
case DHKEM_X448_HKDF_SHA512:
10711092
/* TODO: Add X448 */
1093+
#endif
10721094
default:
10731095
ret = -1;
10741096
break;
@@ -1225,21 +1247,22 @@ WOLFSSL_LOCAL word16 wc_HpkeKemGetEncLen(word16 kemId)
12251247
switch (kemId)
12261248
{
12271249
#if defined(HAVE_ECC)
1228-
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
1250+
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
12291251
case DHKEM_P256_HKDF_SHA256:
12301252
return DHKEM_P256_ENC_LEN;
12311253
#endif
1232-
#ifdef WOLFSSL_SHA384
1254+
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
1255+
defined(WOLFSSL_SHA384)
12331256
case DHKEM_P384_HKDF_SHA384:
12341257
return DHKEM_P384_ENC_LEN;
12351258
#endif
1236-
#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
1259+
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
1260+
defined(WOLFSSL_SHA512)
12371261
case DHKEM_P521_HKDF_SHA512:
12381262
return DHKEM_P521_ENC_LEN;
12391263
#endif
12401264
#endif /* HAVE_ECC */
1241-
#if defined(HAVE_CURVE25519) && \
1242-
(defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
1265+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
12431266
case DHKEM_X25519_HKDF_SHA256:
12441267
return DHKEM_X25519_ENC_LEN;
12451268
#endif
@@ -1254,18 +1277,19 @@ WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId)
12541277
{
12551278
switch (kemId) {
12561279
#if defined(HAVE_ECC)
1257-
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
1280+
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
12581281
case DHKEM_P256_HKDF_SHA256:
12591282
#endif
1260-
#ifdef WOLFSSL_SHA384
1283+
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
1284+
defined(WOLFSSL_SHA384)
12611285
case DHKEM_P384_HKDF_SHA384:
12621286
#endif
1263-
#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
1287+
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
1288+
defined(WOLFSSL_SHA512)
12641289
case DHKEM_P521_HKDF_SHA512:
12651290
#endif
12661291
#endif /* HAVE_ECC */
1267-
#if defined(HAVE_CURVE25519) && \
1268-
(defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
1292+
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
12691293
case DHKEM_X25519_HKDF_SHA256:
12701294
#endif
12711295
return 1;
@@ -1280,7 +1304,7 @@ WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId)
12801304
WOLFSSL_LOCAL int wc_HpkeKdfIsSupported(word16 kdfId)
12811305
{
12821306
switch (kdfId) {
1283-
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
1307+
#if !defined(NO_SHA256)
12841308
case HKDF_SHA256:
12851309
#endif
12861310
#ifdef WOLFSSL_SHA384

0 commit comments

Comments
 (0)