Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfcrypt tests: disable ecc sign/verify of all zero digest #8118

Merged
merged 3 commits into from
Oct 31, 2024
Merged

wolfcrypt tests: disable ecc sign/verify of all zero digest #8118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cac11e3
add non-feature-specific macro to disable ECC sign/verify of all-zero…
bigbrett Oct 28, 2024
17c7b6c
moved some macro logic from test.c to settings.h
bigbrett Oct 31, 2024
aafd07d
remove ECC_SHAMIR macro protection for ECC sign/verify of zero digest
bigbrett Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 3 additions & 6 deletions wolfcrypt/test/test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30869,11 +30869,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
#ifdef HAVE_ECC_SIGN
/* ECC w/out Shamir has issue with all 0 digest */
/* WC_BIGINT doesn't have 0 len well on hardware */
/* Cryptocell has issues with all 0 digest */
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
!defined(WOLFSSL_CRYPTOCELL)
/* some hardware doesn't support sign/verify of all zero digest */
#if !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST)
/* test DSA sign hash with zeros */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = 0;
bigbrett marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -30910,7 +30907,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
TEST_SLEEP();
}
#endif /* HAVE_ECC_VERIFY */
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
#endif /* !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST */

/* test DSA sign hash with sequence (0,1,2,3,4,...) */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
Expand Down
14 changes: 14 additions & 0 deletions wolfssl/wolfcrypt/settings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3168,6 +3168,14 @@ extern void uITRON4_free(void *p) ;
#undef NO_DH
#endif

/* CryptoCell defines */
#ifdef WOLFSSL_CRYPTOCELL
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you may have lost the WOLFSSL_ASYNC_CRYPT one? This section can just be about which ECC signing hardware support zero digest.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dgarske I added it later on in the WOLFSSL_ASYNC_CRYPT section of settings.h, see line 3206.

That is fair, I was thinking I'd add the disable to the section of settings.h that corresponds to each higher level feature that wants to disable it, since that is what would drive the decision.

That way all the dependent options for ASYNC are set in the ASYNC section, the dependent options for cryptocell are set in the cryptocell section, etc. I noticed there wasn't a centralized cryptocell section for settings.h, so I created one.

Let me know if you would rather have it relocated to the ECC section?

#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
/* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
#define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
#endif /* HAVE_ECC && HAVE_ECC_SIGN */
#endif

/* Asynchronous Crypto */
#ifdef WOLFSSL_ASYNC_CRYPT
#if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
Expand All @@ -3192,6 +3200,12 @@ extern void uITRON4_free(void *p) ;
* but not required */
#define ECC_CACHE_CURVE
#endif

#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
/* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
#define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
#endif /* HAVE_ECC && HAVE_ECC_SIGN */

#endif /* WOLFSSL_ASYNC_CRYPT */
#ifndef WC_ASYNC_DEV_SIZE
#define WC_ASYNC_DEV_SIZE 0
Expand Down
Loading