Skip to content

Commit c5c8b01

Browse files
night1ridernight1rider
committed
SHE API: remove key storage from context, add direct output params
1 parent 9b748a2 commit c5c8b01

12 files changed

Lines changed: 1039 additions & 933 deletions

File tree

.github/workflows/os-check.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,11 @@ jobs:
4949
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
5050
--enable-psk --enable-aesccm --enable-nullcipher
5151
CPPFLAGS=-DWOLFSSL_STATIC_RSA',
52-
'--enable-she --enable-cmac',
53-
'--enable-she --enable-cmac --enable-cryptocb --enable-cryptocbutils',
52+
'--enable-she=standard --enable-cmac',
53+
'--enable-she=extended --enable-cmac --enable-cryptocb --enable-cryptocbutils',
54+
'--enable-she=standard --enable-cmac CPPFLAGS=''-DNO_WC_SHE_IMPORT_M123'' ',
55+
'--enable-she=extended --enable-cmac --enable-cryptocb --enable-cryptocbutils
56+
CPPFLAGS=''-DNO_WC_SHE_GETUID -DNO_WC_SHE_GETCOUNTER -DNO_WC_SHE_EXPORTKEY'' ',
5457
'--enable-ascon --enable-experimental',
5558
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
5659
'--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ',

.wolfssl_known_macro_extras

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -444,6 +444,10 @@ NO_TKERNEL_MEM_POOL
444444
NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
445445
NO_VERIFY_OID
446446
NO_WC_DHGENERATEPUBLIC
447+
NO_WC_SHE_EXPORTKEY
448+
NO_WC_SHE_GETCOUNTER
449+
NO_WC_SHE_GETUID
450+
NO_WC_SHE_IMPORT_M123
447451
NO_WC_SSIZE_TYPE
448452
NO_WOLFSSL_ALLOC_ALIGN
449453
NO_WOLFSSL_AUTOSAR_CRYIF
@@ -885,6 +889,7 @@ WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
885889
WOLFSSL_SERVER_EXAMPLE
886890
WOLFSSL_SETTINGS_FILE
887891
WOLFSSL_SHE
892+
WOLFSSL_SHE_EXTENDED
888893
WOLFSSL_SH224
889894
WOLFSSL_SHA256_ALT_CH_MAJ
890895
WOLFSSL_SHA512_HASHTYPE

CMakeLists.txt

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1641,11 +1641,12 @@ if(WOLFSSL_CMAC)
16411641
endif()
16421642

16431643
# SHE (Secure Hardware Extension) key update message generation
1644+
# standard: core SHE support, extended: adds custom KDF/header overrides
16441645
add_option("WOLFSSL_SHE"
1645-
"Enable SHE key update support (default: disabled)"
1646-
"no" "yes;no")
1646+
"Enable SHE key update support (standard|extended|no)"
1647+
"no" "standard;extended;no")
16471648

1648-
if(WOLFSSL_SHE)
1649+
if(WOLFSSL_SHE STREQUAL "standard" OR WOLFSSL_SHE STREQUAL "extended")
16491650
if (NOT WOLFSSL_AES)
16501651
message(FATAL_ERROR "Cannot use SHE without AES.")
16511652
else()
@@ -1654,6 +1655,11 @@ if(WOLFSSL_SHE)
16541655
endif()
16551656
endif()
16561657

1658+
if(WOLFSSL_SHE STREQUAL "extended")
1659+
list(APPEND WOLFSSL_DEFINITIONS
1660+
"-DWOLFSSL_SHE_EXTENDED")
1661+
endif()
1662+
16571663
# TODO: - RC2
16581664
# - FIPS, again (there's more logic for FIPS in configure.ac)
16591665
# - Selftest

configure.ac

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5942,14 +5942,24 @@ AS_IF([test "x$ENABLED_CMAC" = "xyes"],
59425942
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
59435943

59445944
# SHE (Secure Hardware Extension) key update message generation
5945+
# --enable-she=standard: standard SHE support
5946+
# --enable-she=extended: standard + extended overrides (custom KDF/headers)
59455947
AC_ARG_ENABLE([she],
5946-
[AS_HELP_STRING([--enable-she],[Enable SHE key update support (default: disabled)])],
5948+
[AS_HELP_STRING([--enable-she@<:@=standard|extended@:>@],
5949+
[Enable SHE key update support (default: disabled)])],
59475950
[ ENABLED_SHE=$enableval ],
59485951
[ ENABLED_SHE=no ]
59495952
)
59505953

5951-
AS_IF([test "x$ENABLED_SHE" = "xyes"],
5952-
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE"])
5954+
if test "x$ENABLED_SHE" = "xstandard" || test "x$ENABLED_SHE" = "xextended"
5955+
then
5956+
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE"
5957+
fi
5958+
5959+
if test "x$ENABLED_SHE" = "xextended"
5960+
then
5961+
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE_EXTENDED"
5962+
fi
59535963

59545964
# AES-XTS
59555965
AC_ARG_ENABLE([aesxts],
@@ -11549,7 +11559,7 @@ AM_CONDITIONAL([BUILD_FIPS_V6],[test $HAVE_FIPS_VERSION = 6])
1154911559
AM_CONDITIONAL([BUILD_FIPS_V6_PLUS],[test $HAVE_FIPS_VERSION -ge 6])
1155011560
AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
1155111561
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
11552-
AM_CONDITIONAL([BUILD_SHE],[test "x$ENABLED_SHE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
11562+
AM_CONDITIONAL([BUILD_SHE],[test "x$ENABLED_SHE" = "xstandard" || test "x$ENABLED_SHE" = "xextended" || test "x$ENABLED_USERSETTINGS" = "xyes"])
1155311563
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
1155411564
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
1155511565
AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])

tests/api.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34444,6 +34444,9 @@ TEST_CASE testCases[] = {
3444434444
TEST_CMAC_DECLS,
3444534445
/* SHE */
3444634446
TEST_SHE_DECLS,
34447+
#ifdef WOLFSSL_SHE_EXTENDED
34448+
TEST_SHE_EXT_DECLS,
34449+
#endif
3444734450
#if defined(WOLF_CRYPTO_CB) && defined(WOLFSSL_SHE)
3444834451
TEST_SHE_CB_DECLS,
3444934452
#endif

0 commit comments

Comments
 (0)