Merge pull request #313 from dgarske/cryptocb

Various improvements to crypto callback examples

Author: JacobBarthelmeh

certgen/Makefile

@@ -9,9 +9,25 @@ CC=gcc
 #END EXAMPLE
 
 WOLF_INSTALL_DIR=/usr/local
-CFLAGS=-I$(WOLF_INSTALL_DIR)/include -Wall
-LIBS=-L$(WOLF_INSTALL_DIR)/lib -lwolfssl
 
+# ECC Examples Makefile
+CC       = gcc
+LIB_PATH = /usr/local
+CFLAGS   = -Wall -I$(LIB_PATH)/include
+LIBS     = -L$(LIB_PATH)/lib -lm
+
+# option variables
+DYN_LIB         = -lwolfssl
+STATIC_LIB      = $(LIB_PATH)/lib/libwolfssl.a
+DEBUG_FLAGS     = -g -DDEBUG
+DEBUG_INC_PATHS = -MD
+OPTIMIZE        = -Os
+
+# Options
+#CFLAGS+=$(DEBUG_FLAGS)
+CFLAGS+=$(OPTIMIZE)
+#LIBS+=$(STATIC_LIB)
+LIBS+=$(DYN_LIB)
 
 all:certgen_example csr_example csr_w_ed25519_example csr_sign csr_cryptocb custom_ext custom_ext_callback
 

certgen/csr_cryptocb.c

@@ -35,8 +35,6 @@
 
 #define LARGE_TEMP_SZ 4096
 
-#define DEBUG_CRYPTOCB
-
 #if defined(WOLF_CRYPTO_CB) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
     (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519))
@@ -72,14 +70,10 @@ typedef struct {
 /* Forward declarations */
 static int load_key_file(const char* fname, byte* derBuf, word32* derLen,
     int isPubKey);
-#ifdef DEBUG_CRYPTOCB
-static const char* GetAlgoTypeStr(int algo);
-static const char* GetPkTypeStr(int pk);
-#endif
 
 /* Example crypto dev callback function that calls software version */
 /* This is where you would plug-in calls to your own hardware crypto */
-static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
+static int myCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
     int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
     myCryptoCbCtx* myCtx = (myCryptoCbCtx*)ctx;
@@ -88,15 +82,14 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     if (info == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_CRYPTOCB
+    wc_CryptoCb_InfoString(info);
+#endif
+
     if (info->algo_type == WC_ALGO_TYPE_PK) {
         byte   der[LARGE_TEMP_SZ];
         word32 derSz;
 
-    #ifdef DEBUG_CRYPTOCB
-        printf("CryptoCb: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
-            GetPkTypeStr(info->pk.type), info->pk.type);
-    #endif
-
         ret = load_key_file(myCtx->keyFilePriv, der, &derSz, 0);
         if (ret != 0) {
             printf("Error %d loading %s\n", ret, myCtx->keyFilePriv);
@@ -105,36 +98,42 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
     #ifndef NO_RSA
         if (info->pk.type == WC_PK_TYPE_RSA) {
-            RsaKey rsaPriv;
-            ret = wc_InitRsaKey_ex(&rsaPriv, NULL, INVALID_DEVID);
-            if (ret != 0) {
-                return ret;
-            }
-            ret = wc_RsaPrivateKeyDecode(der, &idx, &rsaPriv, derSz);
-            if (ret != 0) {
-                wc_FreeRsaKey(&rsaPriv);
-                return ret;
-            }
-
             switch (info->pk.rsa.type) {
                 case RSA_PUBLIC_ENCRYPT:
                 case RSA_PUBLIC_DECRYPT:
+                    /* set devId to invalid, so software is used */
+                    info->pk.rsa.key->devId = INVALID_DEVID;
                     /* perform software based RSA public op */
                     ret = wc_RsaFunction(
                         info->pk.rsa.in, info->pk.rsa.inLen,
                         info->pk.rsa.out, info->pk.rsa.outLen,
-                        info->pk.rsa.type, &rsaPriv, info->pk.rsa.rng);
+                        info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
+                    info->pk.rsa.key->devId = devIdArg; /* reset devId */
                     break;
                 case RSA_PRIVATE_ENCRYPT:
                 case RSA_PRIVATE_DECRYPT:
+                {
+                    RsaKey rsaPriv;
+
+                    ret = wc_InitRsaKey_ex(&rsaPriv, NULL, INVALID_DEVID);
+                    if (ret != 0) {
+                        return ret;
+                    }
+                    ret = wc_RsaPrivateKeyDecode(der, &idx, &rsaPriv, derSz);
+                    if (ret != 0) {
+                        wc_FreeRsaKey(&rsaPriv);
+                        return ret;
+                    }
+                
                     /* perform software based RSA private op */
                     ret = wc_RsaFunction(
                         info->pk.rsa.in, info->pk.rsa.inLen,
                         info->pk.rsa.out, info->pk.rsa.outLen,
                         info->pk.rsa.type, &rsaPriv, info->pk.rsa.rng);
+                    wc_FreeRsaKey(&rsaPriv);
                     break;
+                }
             }
-            wc_FreeRsaKey(&rsaPriv);
         }
     #endif /* !NO_RSA */
     #ifdef HAVE_ECC
@@ -188,38 +187,6 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     return ret;
 }
 
-
-#ifdef DEBUG_CRYPTOCB
-static const char* GetAlgoTypeStr(int algo)
-{
-    switch (algo) { /* enum wc_AlgoType */
-        case WC_ALGO_TYPE_HASH:   return "Hash";
-        case WC_ALGO_TYPE_CIPHER: return "Cipher";
-        case WC_ALGO_TYPE_PK:     return "PK";
-        case WC_ALGO_TYPE_RNG:    return "RNG";
-        case WC_ALGO_TYPE_SEED:   return "Seed";
-        case WC_ALGO_TYPE_HMAC:   return "HMAC";
-    }
-    return NULL;
-}
-static const char* GetPkTypeStr(int pk)
-{
-    switch (pk) {
-        case WC_PK_TYPE_RSA: return "RSA";
-        case WC_PK_TYPE_DH: return "DH";
-        case WC_PK_TYPE_ECDH: return "ECDH";
-        case WC_PK_TYPE_ECDSA_SIGN: return "ECDSA-Sign";
-        case WC_PK_TYPE_ECDSA_VERIFY: return "ECDSA-Verify";
-        case WC_PK_TYPE_ED25519_SIGN: return "ED25519-Sign";
-        case WC_PK_TYPE_ED25519_VERIFY: return "ED25519-Verify";
-        case WC_PK_TYPE_CURVE25519: return "CURVE25519";
-        case WC_PK_TYPE_RSA_KEYGEN: return "RSA KeyGen";
-        case WC_PK_TYPE_EC_KEYGEN: return "ECC KeyGen";
-    }
-    return NULL;
-}
-#endif /* DEBUG_CRYPTOCB */
-
 /* reads file size, allocates buffer, reads into buffer, returns buffer */
 static int load_file(const char* fname, byte** buf, size_t* bufLen)
 {
@@ -364,7 +331,7 @@ static int gen_csr(const char* arg1)
     wolfCrypt_Init();
 
     /* register a devID for crypto callbacks */
-    ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
+    ret = wc_CryptoCb_RegisterDevice(devId, myCryptoCb, &myCtx);
     if (ret != 0) {
         printf("Crypto callback register failed: %d\n", ret);
         goto exit;
@@ -481,7 +448,7 @@ static int gen_csr(const char* arg1)
     if (type == ED25519_TYPE)
         req.sigType = CTC_ED25519;
 #endif
-    /* Because the key has devId set, it will call myCryptoDevCb for signing */
+    /* Because the key has devId set, it will call myCryptoCb for signing */
     ret = wc_SignCert_ex(req.bodySz, req.sigType, der, sizeof(der), type,
         keyPtr, &rng);
     if (ret <= 0) {

pkcs7/Makefile

@@ -4,7 +4,7 @@ LIB_PATH = /usr/local
 CFLAGS   = -Wall -I$(LIB_PATH)/include
 ZLIB     =
 #ZLIB    += -lz
-LIBS     = -L$(LIB_PATH)/lib -lwolfssl -lm ${ZLIB}
+LIBS     = -L$(LIB_PATH)/lib -lm ${ZLIB}
 
 # option variables
 DYN_LIB         = -lwolfssl

pkcs7/README.md

@@ -443,7 +443,7 @@ Generated bundle files: `signedEncryptedFirmwarePkgData_noattrs.der`,
 This example creates two PKCS#7/CMS SignedData bundles, one with attributes and
 one without them. It uses RSA with SHA256 as the the signature algorithm,
 and specifies the signed content type as EncryptedData. The inner EncryptedData
-content type encpasulates a FirmwarePkgData type. After creating the
+content type encapsulates a FirmwarePkgData type. After creating the
 bundles, the app decodes them and verifies the operation was successful.
 
 The generated SignedData bundles are written out to a file for analysis and
@@ -469,7 +469,7 @@ Generated bundle files: `signedCompressedFirmwarePkgData_noattrs.der`,
 This example creates two PKCS#7/CMS SignedData bundles, one with attributes and
 one without them. It uses RSA with SHA256 as the the signature algorithm,
 and specifies the signed content type as CompressedData. The inner
-CompressedData content type encpasulates a FirmwarePkgData type. After creating
+CompressedData content type encapsulates a FirmwarePkgData type. After creating
 the bundles, the app decodes them and verifies the operation was successful.
 
 The generated SignedData bundles are written out to a file for analysis and
@@ -479,21 +479,23 @@ If wolfSSL has been configured and compiled with debug support, the bytes
 of the bundle will be printed out to the terminal window.
 
 ```
-./signedData-CommpressedFirmwarePkgData
+./signedData-CompressedFirmwarePkgData
 Successfully encoded Signed Compressed FirmwarePkgData (signedCompressedFPD_noattrs.der)
 Successfully extracted and verified bundle contents
 Successfully encoded Signed Compressed FirmwarePkgData (signedCompressedFPD_attrs.der)
 Successfully extracted and verified bundle contents
 ```
 
-### SignedData using CryptoDev Callback
+### SignedData using Crypto Callback
 
-Example file: `signedData-cryptodev.c`
-Generated bundle files: `signedData_cryptodev_noattrs.der`,
-                        `signedData_cryptodev_attrs.der`
+Build wolfssl using: `./configure --enable-pkcs7 --enable-pwdbased --enable-cryptocb`.
+
+Example file: `signedData-cryptocb.c`
+Generated bundle files: `signedData_cryptocb_noattrs.der`,
+                        `signedData_cryptocb_attrs.der`
 
 This example creates a PKCS#7/CMS SignedData bundle using the wolfCrypt
-CryptoDev callback. CryptoDev allows a user to register a callback to do
+Crypto callback. This allows a user to register a callback to do
 cryptographic operations outside of wolfCrypt proper. This can be useful
 in order to take advantage of hardware-based cryptography instead of the
 default software implementation.
@@ -509,10 +511,10 @@ If wolfSSL has been configured and compiled with debug support, the bytes
 of the bundle will be printed out to the terminal window.
 
 ```
-./signedData-cryptodev
-Successfully encoded SignedData bundle (signedData_cryptodev_noattrs.der)
+./signedData-cryptocb
+Successfully encoded SignedData bundle (signedData_cryptocb_noattrs.der)
 Successfully verified SignedData bundle.
-Successfully encoded SignedData bundle (signedData_cryptodev_attrs.der)
+Successfully encoded SignedData bundle (signedData_cryptocb_attrs.der)
 Successfully verified SignedData bundle.
 ```
 
@@ -552,7 +554,7 @@ Generated bundle files: `signedEncryptedCompressedFirmwarePkgData_noattrs.der`,
 This example creates two PKCS#7/CMS SignedData bundles, one with attributes and
 one without them. It uses RSA with SHA256 as the the signature algorithm,
 and specifies the signed content type as CompressedData. The inner
-CompressedData content type encpasulates an EncryptedData type, which in turn
+CompressedData content type encapsulates an EncryptedData type, which in turn
 encapsulates a FirmwarePkgData type. After creating the bundles, the app
 decodes them and verifies the operation was successful.
 
@@ -563,7 +565,7 @@ If wolfSSL has been configured and compiled with debug support, the bytes
 of the bundle will be printed out to the terminal window.
 
 ```
-./signedData-EncryptedCommpressedFirmwarePkgData
+./signedData-EncryptedCompressedFirmwarePkgData
 Successfully encoded Signed Encrypted Compressed FirmwarePkgData (signedEncryptedCompressedFPD_noattrs.der)
 Successfully extracted and verified bundle contents
 Successfully encoded Signed Encrypted Compressed FirmwarePkgData (signedEncryptedCompressedFPD_attrs.der)