/* ECC DHE Make shared secret with our private and peer public */ int CRYPT_ECC_DHE_SharedSecretMake(CRYPT_ECC_CTX* priv, CRYPT_ECC_CTX* pub, unsigned char* out, unsigned int outSz, unsigned int* usedSz) { int ret; unsigned int inOut = outSz; if (priv == NULL || pub == NULL || out == NULL || usedSz == NULL) return BAD_FUNC_ARG; ret = wc_ecc_shared_secret((ecc_key*)priv->holder, (ecc_key*)pub->holder, out, &inOut); *usedSz = inOut; return ret; }
/* Example crypto dev callback function that calls software versions, could * be set up to call down to hardware module for crypto operations if * desired by user. If an algorithm is not supported by hardware, or user * callback, the cryptodev callback can return NOT_COMPILED_IN to default * back to using software crypto implementation. */ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) { int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; if (info == NULL) return BAD_FUNC_ARG; if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef DEBUG_WOLFSSL printf("CryptoDevCb: Pk Type %d\n", info->pk.type); #endif #ifndef NO_RSA if (info->pk.type == WC_PK_TYPE_RSA) { /* set devId to invalid, so software is used */ info->pk.rsa.key->devId = INVALID_DEVID; switch (info->pk.rsa.type) { case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_DECRYPT: /* perform software based RSA public op */ ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); break; case RSA_PRIVATE_ENCRYPT: case RSA_PRIVATE_DECRYPT: /* perform software based RSA private op */ ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); break; } /* reset devId */ info->pk.rsa.key->devId = devIdArg; } #ifdef WOLFSSL_KEY_GEN else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { info->pk.rsakg.key->devId = INVALID_DEVID; ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, info->pk.rsakg.e, info->pk.rsakg.rng); /* reset devId */ info->pk.rsakg.key->devId = devIdArg; } #endif #endif /* !NO_RSA */ #ifdef HAVE_ECC if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { /* set devId to invalid, so software is used */ info->pk.eckg.key->devId = INVALID_DEVID; ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, info->pk.eckg.key, info->pk.eckg.curveId); /* reset devId */ info->pk.eckg.key->devId = devIdArg; } else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { /* set devId to invalid, so software is used */ info->pk.eccsign.key->devId = INVALID_DEVID; ret = wc_ecc_sign_hash( info->pk.eccsign.in, info->pk.eccsign.inlen, info->pk.eccsign.out, info->pk.eccsign.outlen, info->pk.eccsign.rng, info->pk.eccsign.key); /* reset devId */ info->pk.eccsign.key->devId = devIdArg; } else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { /* set devId to invalid, so software is used */ info->pk.eccverify.key->devId = INVALID_DEVID; ret = wc_ecc_verify_hash( info->pk.eccverify.sig, info->pk.eccverify.siglen, info->pk.eccverify.hash, info->pk.eccverify.hashlen, info->pk.eccverify.res, info->pk.eccverify.key); /* reset devId */ info->pk.eccverify.key->devId = devIdArg; } else if (info->pk.type == WC_PK_TYPE_ECDH) { /* set devId to invalid, so software is used */ info->pk.ecdh.private_key->devId = INVALID_DEVID; ret = wc_ecc_shared_secret( info->pk.ecdh.private_key, info->pk.ecdh.public_key, info->pk.ecdh.out, info->pk.ecdh.outlen); /* reset devId */ info->pk.ecdh.private_key->devId = devIdArg; } #endif /* HAVE_ECC */ } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) && defined(HAVE_AESGCM) if (info->cipher.type == WC_CIPHER_AES_GCM) { if (info->cipher.enc) { /* set devId to invalid, so software is used */ info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; ret = wc_AesGcmEncrypt( info->cipher.aesgcm_enc.aes, info->cipher.aesgcm_enc.out, info->cipher.aesgcm_enc.in, info->cipher.aesgcm_enc.sz, info->cipher.aesgcm_enc.iv, info->cipher.aesgcm_enc.ivSz, info->cipher.aesgcm_enc.authTag, info->cipher.aesgcm_enc.authTagSz, info->cipher.aesgcm_enc.authIn, info->cipher.aesgcm_enc.authInSz); /* reset devId */ info->cipher.aesgcm_enc.aes->devId = devIdArg; } else { /* set devId to invalid, so software is used */ info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; ret = wc_AesGcmDecrypt( info->cipher.aesgcm_dec.aes, info->cipher.aesgcm_dec.out, info->cipher.aesgcm_dec.in, info->cipher.aesgcm_dec.sz, info->cipher.aesgcm_dec.iv, info->cipher.aesgcm_dec.ivSz, info->cipher.aesgcm_dec.authTag, info->cipher.aesgcm_dec.authTagSz, info->cipher.aesgcm_dec.authIn, info->cipher.aesgcm_dec.authInSz); /* reset devId */ info->cipher.aesgcm_dec.aes->devId = devIdArg; } } #endif /* !NO_AES && HAVE_AESGCM */ } (void)devIdArg; (void)myCtx; return ret; }