Skip to content

Commit

Permalink
Add support for AES-CCM.
Browse files Browse the repository at this point in the history
  • Loading branch information
anhu committed Dec 5, 2024
1 parent 17d5d53 commit 76293f4
Show file tree
Hide file tree
Showing 8 changed files with 472 additions and 3 deletions.
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Build wolfSSL:
git clone https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-aescfb --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
./configure --enable-aescfb --enable-aesccm --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
make
make check
sudo make install
Expand All @@ -33,7 +33,6 @@ make
make check
```


### TPM support with wolfTPM

Enables using a TPM for cryptography and keystore.
Expand Down
13 changes: 13 additions & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,18 @@ else
DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESGCM"
fi

AC_ARG_ENABLE([aesccm],
[AS_HELP_STRING([--enable-aesccm],[Enable AES-CCM (default: enabled)])],
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=yes ]
)
if test "$ENABLED_AES" = "yes" && test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
else
DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESCCM"
fi

AC_ARG_ENABLE([hmac],
[AS_HELP_STRING([--enable-hmac],[Enable HMAC (default: enabled)])],
[ ENABLED_HMAC=$enableval ],
Expand Down Expand Up @@ -501,6 +513,7 @@ echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * AES: $ENABLED_AES"
echo " * AES-CBC: $ENABLED_AESCBC"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * MD5: $ENABLED_MD5"
echo " * SHA: $ENABLED_SHA1"
echo " * SHA-224: $ENABLED_SHA224"
Expand Down
89 changes: 89 additions & 0 deletions src/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -1288,6 +1288,30 @@ CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession,
break;
}
#endif

#ifdef HAVE_AESCCM
case CKM_AES_CCM: {
CK_CCM_PARAMS* params;

if (type != CKK_AES)
return CKR_KEY_TYPE_INCONSISTENT;
if (pMechanism->pParameter == NULL)
return CKR_MECHANISM_PARAM_INVALID;
if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
return CKR_MECHANISM_PARAM_INVALID;

params = (CK_CCM_PARAMS*)pMechanism->pParameter;
ret = WP11_Session_SetCcmParams(session,
(int)params->ulDataLen,
params->pIv, (int)params->ulIvLen,
params->pAAD, (int)params->ulAADLen,
(int)params->ulMacLen);
if (ret != 0)
return CKR_MECHANISM_PARAM_INVALID;
init = WP11_INIT_AES_CCM_ENC;
break;
}
#endif
#endif
default:
(void)type;
Expand Down Expand Up @@ -1471,6 +1495,27 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
*pulEncryptedDataLen = encDataLen;
break;
#endif
#ifdef HAVE_AESCCM
case CKM_AES_CCM:
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_ENC))
return CKR_OPERATION_NOT_INITIALIZED;

encDataLen = (word32)ulDataLen +
WP11_AesCcm_GetMacLen(session);
if (pEncryptedData == NULL) {
*pulEncryptedDataLen = encDataLen;
return CKR_OK;
}
if (encDataLen > (word32)*pulEncryptedDataLen)
return CKR_BUFFER_TOO_SMALL;

ret = WP11_AesCcm_Encrypt(pData, (int)ulDataLen, pEncryptedData,
&encDataLen, obj, session);
if (ret < 0)
return CKR_FUNCTION_FAILED;
*pulEncryptedDataLen = encDataLen;
break;
#endif
#endif
default:
(void)ret;
Expand Down Expand Up @@ -1858,6 +1903,29 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession,
break;
}
#endif
#ifdef HAVE_AESCCM
case CKM_AES_CCM: {
CK_CCM_PARAMS* params;

if (type != CKK_AES)
return CKR_KEY_TYPE_INCONSISTENT;
if (pMechanism->pParameter == NULL)
return CKR_MECHANISM_PARAM_INVALID;
if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
return CKR_MECHANISM_PARAM_INVALID;

params = (CK_CCM_PARAMS*)pMechanism->pParameter;
ret = WP11_Session_SetCcmParams(session,
(int)params->ulDataLen,
params->pIv, (int)params->ulIvLen,
params->pAAD, (int)params->ulAADLen,
(int)params->ulMacLen);
if (ret != 0)
return CKR_MECHANISM_PARAM_INVALID;
init = WP11_INIT_AES_CCM_DEC;
break;
}
#endif
#endif
default:
(void)type;
Expand Down Expand Up @@ -2042,6 +2110,27 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
*pulDataLen = decDataLen;
break;
#endif
#ifdef HAVE_AESCCM
case CKM_AES_CCM:
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_DEC))
return CKR_OPERATION_NOT_INITIALIZED;

decDataLen = (word32)ulEncryptedDataLen -
WP11_AesCcm_GetMacLen(session);
if (pData == NULL) {
*pulDataLen = decDataLen;
return CKR_OK;
}
if (decDataLen > (word32)*pulDataLen)
return CKR_BUFFER_TOO_SMALL;

ret = WP11_AesCcm_Decrypt(pEncryptedData, (int)ulEncryptedDataLen,
pData, &decDataLen, obj, session);
if (ret < 0)
return CKR_FUNCTION_FAILED;
*pulDataLen = decDataLen;
break;
#endif
#endif
default:
(void)decDataLen;
Expand Down
Loading

0 comments on commit 76293f4

Please sign in to comment.