From 95095f5bc468031dbaabcd56fd783249d04a0f56 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 17 May 2024 08:16:04 -0700 Subject: [PATCH 1/2] Add option for using a custom salt for ourselves. ZD 17988 --- wolfcrypt/src/ecc.c | 33 ++++++++++++++++++++++++++++++--- wolfssl/wolfcrypt/ecc.h | 2 ++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 37fb321397..f123582f60 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -13830,7 +13830,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) * * @param [in, out] ctx ECIES context object. * @param [in] salt Salt to use with KDF. - * @param [in] len Length of salt in bytes. + * @param [in] sz Length of salt in bytes. * @return 0 on success. * @return BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0. */ @@ -13852,9 +13852,37 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len) return 0; } +/* Set your own salt. By default we generate a random salt for ourselves. + * This allows overriding that after init or reset. + * + * @param [in, out] ctx ECIES context object. + * @param [in] salt Salt to use for ourselves + * @param [in] sz Length of salt in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0. + */ +int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz) +{ + byte* saltBuffer; + + if (ctx == NULL || ctx->protocol == 0 || salt == NULL) + return BAD_FUNC_ARG; + + if (sz > EXCHANGE_SALT_SZ) + sz = EXCHANGE_SALT_SZ; + saltBuffer = (ctx->protocol == REQ_RESP_CLIENT) ? + ctx->clientSalt : + ctx->serverSalt; + XMEMSET(saltBuffer, 0, EXCHANGE_SALT_SZ); + XMEMCPY(saltBuffer, salt, sz); + + return 0; +} + + static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags) { - byte* saltBuffer = NULL; + byte* saltBuffer; if (ctx == NULL || flags == 0) return BAD_FUNC_ARG; @@ -13864,7 +13892,6 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags) return wc_RNG_GenerateBlock(ctx->rng, saltBuffer, EXCHANGE_SALT_SZ); } - static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng) { if (ctx) { diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 48a43f63c4..c91cd095d6 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -978,6 +978,8 @@ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx); WOLFSSL_API int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); WOLFSSL_API +int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz); +WOLFSSL_API int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); WOLFSSL_API int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz); From 5a0594d257f1470dd89579d0d7ede4a779a0103c Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 20 May 2024 08:35:39 -0700 Subject: [PATCH 2/2] Match `wc_ecc_ctx_set_kdf_salt` argument names between header and implementation. --- doc/dox_comments/header_files/ecc.h | 4 ++-- wolfcrypt/src/ecc.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h index 49de5aa02d..bad010751e 100644 --- a/doc/dox_comments/header_files/ecc.h +++ b/doc/dox_comments/header_files/ecc.h @@ -1722,7 +1722,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); \param ctx pointer to the ecEncCtx for which to set the salt \param salt pointer to salt buffer - \param len length salt in bytes + \param sz length salt in bytes _Example_ \code @@ -1742,7 +1742,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); \sa wc_ecc_ctx_get_peer_salt */ -int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len); +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); /*! \ingroup ECC diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index f123582f60..cfe220f4b9 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -13834,13 +13834,13 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) * @return 0 on success. * @return BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0. */ -int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len) +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz) { - if (ctx == NULL || (salt == NULL && len != 0)) + if (ctx == NULL || (salt == NULL && sz != 0)) return BAD_FUNC_ARG; ctx->kdfSalt = salt; - ctx->kdfSaltSz = len; + ctx->kdfSaltSz = sz; if (ctx->protocol == REQ_RESP_CLIENT) { ctx->cliSt = ecCLI_SALT_SET;