diff --git a/examples/add_cert_file.c b/examples/add_cert_file.c index 4a65fe5f..67d618a3 100644 --- a/examples/add_cert_file.c +++ b/examples/add_cert_file.c @@ -39,7 +39,7 @@ #include #endif -#ifndef WOLFPKCS11_NO_STORE +#if !defined(WOLFPKCS11_NO_STORE) && !defined(NO_FILESYSTEM) #ifdef DEBUG_WOLFPKCS11 #define CHECK_CKR(rv, op) \ @@ -397,5 +397,4 @@ int add_cert(int argc, char* argv[]) return 0; } -#endif - +#endif /* !WOLFPKCS11_NO_STORE && !NO_FILESYSTEM */ diff --git a/examples/add_rsa_key_file.c b/examples/add_rsa_key_file.c index 42415d42..2661bab8 100644 --- a/examples/add_rsa_key_file.c +++ b/examples/add_rsa_key_file.c @@ -40,7 +40,7 @@ #include #endif -#if !defined(WOLFPKCS11_NO_STORE) && !defined(NO_RSA) +#if !defined(WOLFPKCS11_NO_STORE) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) #ifdef DEBUG_WOLFPKCS11 #define CHECK_CKR(rv, op) \ @@ -422,5 +422,4 @@ int add_rsa_key_file(int argc, char* argv[]) return 0; } -#endif - +#endif /* !WOLFPKCS11_NO_STORE && !NO_RSA && !NO_FILESYSTEM */ diff --git a/src/crypto.c b/src/crypto.c index 4cb47405..ef9c7fd0 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -1088,8 +1088,8 @@ CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, WOLFPKCS11_ENTER("C_CopyObject"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", - (unsigned long)hSession, (unsigned long)hObject, + WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", + (unsigned long)hSession, (unsigned long)hObject, (unsigned long)ulCount); } #endif @@ -1312,8 +1312,8 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, WOLFPKCS11_ENTER("C_GetAttributeValue"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", - (unsigned long)hSession, (unsigned long)hObject, + WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", + (unsigned long)hSession, (unsigned long)hObject, (unsigned long)ulCount); } #endif @@ -1414,8 +1414,8 @@ CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, WOLFPKCS11_ENTER("C_SetAttributeValue"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", - (unsigned long)hSession, (unsigned long)hObject, + WOLFPKCS11_MSG(" hSession=%lu, hObject=%lu, ulCount=%lu", + (unsigned long)hSession, (unsigned long)hObject, (unsigned long)ulCount); } #endif @@ -6534,6 +6534,7 @@ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, break; } (void)pWrappedKey; + (void)wrapkeyType; err_out: @@ -6724,6 +6725,7 @@ CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, rv = CKR_KEY_NOT_WRAPPABLE; goto err_out; } + (void)wrapkeyType; err_out: @@ -6772,6 +6774,7 @@ static int SymmKeyLen(WP11_Object* obj, word32 len, word32* symmKeyLen) } #endif +#ifdef WOLFSSL_HAVE_PRF static int SetKeyExtract(WP11_Session* session, byte* ptr, CK_ULONG length, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_BBOOL isMac, CK_OBJECT_HANDLE* handle) @@ -6909,6 +6912,7 @@ static int Tls12_Extract_Keys(WP11_Session* session, } return ret; } +#endif /** * Generate a symmetric key into a new key object. diff --git a/src/internal.c b/src/internal.c index a1fbebcc..77315461 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9570,6 +9570,7 @@ int WP11_AesCbc_DeriveKey(unsigned char* plain, word32 plainSz, return ret; } +#ifdef WOLFSSL_HAVE_PRF /* Used for wc_PRF_TLS, less than sha256_mac not possible */ static enum wc_MACAlgorithm MechToMac(CK_MECHANISM_TYPE mech) { @@ -9589,7 +9590,6 @@ static enum wc_MACAlgorithm MechToMac(CK_MECHANISM_TYPE mech) } } -#ifdef WOLFSSL_HAVE_PRF int WP11_Tls12_Master_Key_Derive(CK_SSL3_RANDOM_DATA* random, CK_MECHANISM_TYPE mech, const char* label, CK_ULONG ulLabelLen, byte* enc, @@ -9667,7 +9667,7 @@ int WP11_Nss_Tls12_Master_Key_Derive(CK_BYTE_PTR pSessionHash, return ret; } #endif -#endif +#endif /* WOLFSSL_HAVE_PRF */ /** * Encrypt plain text with AES-CBC. diff --git a/src/slot.c b/src/slot.c index 35bd748c..c13994fb 100644 --- a/src/slot.c +++ b/src/slot.c @@ -643,9 +643,11 @@ static CK_MECHANISM_INFO ssl3MasterKeyDeriveInfo = { 48, 48, CKF_DERIVE }; #endif +#ifdef WOLFSSL_HAVE_PRF static CK_MECHANISM_INFO tlsMacMechInfo = { 0, 512, CKF_SIGN | CKF_VERIFY }; +#endif #ifndef NO_AES static CK_MECHANISM_INFO aesKeyGenMechInfo = { 16, 32, CKF_GENERATE @@ -1295,7 +1297,7 @@ CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, WOLFPKCS11_ENTER("C_SetPIN"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, ulOldLen=%lu, ulNewLen=%lu", + WOLFPKCS11_MSG(" hSession=%lu, ulOldLen=%lu, ulNewLen=%lu", (unsigned long)hSession, (unsigned long)ulOldLen, (unsigned long)ulNewLen); } #endif @@ -1658,7 +1660,7 @@ CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, WOLFPKCS11_ENTER("C_SetOperationState"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, ulOperationStateLen=%lu", + WOLFPKCS11_MSG(" hSession=%lu, ulOperationStateLen=%lu", (unsigned long)hSession, (unsigned long)ulOperationStateLen); } #endif @@ -1719,7 +1721,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, WOLFPKCS11_ENTER("C_Login"); #ifdef DEBUG_WOLFPKCS11 if (wolfpkcs11_debugging) { - WOLFPKCS11_MSG(" hSession=%lu, userType=%lu, ulPinLen=%lu", + WOLFPKCS11_MSG(" hSession=%lu, userType=%lu, ulPinLen=%lu", (unsigned long)hSession, (unsigned long)userType, (unsigned long)ulPinLen); } #endif diff --git a/tests/debug_test.c b/tests/debug_test.c index a6018079..6d86c6c2 100644 --- a/tests/debug_test.c +++ b/tests/debug_test.c @@ -23,7 +23,25 @@ #include #include #include -#include "wolfpkcs11/pkcs11.h" + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include +#include + +#ifndef WOLFPKCS11_USER_SETTINGS + #include +#endif +#include + +#ifndef HAVE_PKCS11_STATIC +#include +#endif #ifdef DEBUG_WOLFPKCS11 static FILE* original_stdout = NULL; @@ -42,23 +60,23 @@ static int check_debug_output(void) { char buffer[1024]; int found_debug = 0; - + if (!capture_file) { return 0; } - + stdout = original_stdout; rewind(capture_file); - + while (fgets(buffer, sizeof(buffer), capture_file)) { - if (strstr(buffer, "WOLFPKCS11 ENTER:") || + if (strstr(buffer, "WOLFPKCS11 ENTER:") || strstr(buffer, "WOLFPKCS11 LEAVE:") || strstr(buffer, "WOLFPKCS11:")) { found_debug = 1; break; } } - + fclose(capture_file); return found_debug; } @@ -83,48 +101,48 @@ int main(void) printf("=== wolfPKCS11 Debug Test Program ===\n"); printf("Debug mode is ENABLED (DEBUG_WOLFPKCS11 defined)\n"); - + printf("\nTesting debug control functions:\n"); wolfPKCS11_Debugging_On(); printf("Debug enabled\n"); - + wolfPKCS11_Debugging_Off(); printf("Debug disabled\n"); - + wolfPKCS11_Debugging_On(); printf("Debug re-enabled\n"); - + printf("\nTesting PKCS#11 functions with debug output capture:\n"); - + setup_output_capture(); - + rv = C_GetFunctionList(&pFunctionList); - + if (rv == CKR_OK && pFunctionList != NULL) { rv = pFunctionList->C_Initialize(NULL); - + if (rv == CKR_OK) { CK_INFO info; rv = pFunctionList->C_GetInfo(&info); pFunctionList->C_Finalize(NULL); } } - + debug_found = check_debug_output(); - + printf("C_GetFunctionList returned: %lu\n", (unsigned long)rv); printf("Debug output detection: %s\n", debug_found ? "PASS" : "FAIL"); - + wolfPKCS11_Debugging_Off(); printf("Debug disabled at end\n"); - + printf("\n=== Test Complete ===\n"); - + if (!debug_found) { printf("ERROR: No debug output was detected during PKCS#11 function calls\n"); return 1; } - + printf("SUCCESS: Debug output was properly generated\n"); return 0; #endif diff --git a/tests/pkcs11mtt.c b/tests/pkcs11mtt.c index fb2ed536..c13b7b7f 100644 --- a/tests/pkcs11mtt.c +++ b/tests/pkcs11mtt.c @@ -2766,26 +2766,34 @@ static CK_RV test_rsa_fixed_keys_oaep(void* args) (unsigned char*)"aad", 3); CHECK_CKR(ret, "SHA256 with AAD"); } +#ifndef NO_SHA if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA1, CKG_MGF1_SHA1, NULL, 0); CHECK_CKR(ret, "SHA1 No AAD"); } +#endif +#ifdef WOLFSSL_SHA224 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224, NULL, 0); CHECK_CKR(ret, "SHA224 No AAD"); } +#endif +#ifdef WOLFSSL_SHA384 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384, NULL, 0); CHECK_CKR(ret, "SHA384 No AAD"); } +#endif +#ifdef WOLFSSL_SHA512 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA512, CKG_MGF1_SHA512, NULL, 0); CHECK_CKR(ret, "SHA512 No AAD"); } +#endif funcList->C_DestroyObject(session, pub); funcList->C_DestroyObject(session, priv); @@ -2842,22 +2850,30 @@ static CK_RV test_rsa_fixed_keys_pss(void* args) ret = rsa_pss_test(session, priv, pub, CKM_SHA256, CKG_MGF1_SHA256, 32); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA256"); } +#ifndef NO_SHA if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA1, CKG_MGF1_SHA1, 20); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA1"); } +#endif +#ifdef WOLFSSL_SHA224 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224, 28); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA224"); } +#endif +#ifdef WOLFSSL_SHA384 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384, 48); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA384"); } +#endif +#ifdef WOLFSSL_SHA512 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA512, CKG_MGF1_SHA512, 64); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA512"); } +#endif funcList->C_DestroyObject(session, pub); funcList->C_DestroyObject(session, priv); diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c index 4e302718..c3ac87fc 100644 --- a/tests/pkcs11test.c +++ b/tests/pkcs11test.c @@ -2562,7 +2562,9 @@ static CK_RV get_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, #endif { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, +#ifndef NO_AES { CKA_VALUE, aes_128_key, sizeof(aes_128_key) }, +#endif { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, { CKA_ID, id, idLen }, }; @@ -5258,11 +5260,13 @@ static CK_RV test_rsa_fixed_keys_oaep(void* args) (unsigned char*)"aad", 3); CHECK_CKR(ret, "SHA256 with AAD"); } +#ifndef NO_SHA if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA1, CKG_MGF1_SHA1, NULL, 0); CHECK_CKR(ret, "SHA1 No AAD"); } +#endif #ifdef WOLFSSL_SHA224 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224, @@ -5270,16 +5274,20 @@ static CK_RV test_rsa_fixed_keys_oaep(void* args) CHECK_CKR(ret, "SHA224 No AAD"); } #endif +#ifdef WOLFSSL_SHA384 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384, NULL, 0); CHECK_CKR(ret, "SHA384 No AAD"); } +#endif +#ifdef WOLFSSL_SHA512 if (ret == CKR_OK) { ret = rsa_oaep_test(session, priv, pub, CKM_SHA512, CKG_MGF1_SHA512, NULL, 0); CHECK_CKR(ret, "SHA512 No AAD"); } +#endif return ret; } @@ -5379,25 +5387,30 @@ static CK_RV test_rsa_fixed_keys_pss(void* args) ret = rsa_pss_test(session, priv, pub, CKM_SHA256, CKG_MGF1_SHA256, 32); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA256"); } +#ifndef NO_SHA if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA1, CKG_MGF1_SHA1, 20); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA1"); } +#endif #ifdef WOLFSSL_SHA224 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224, 28); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA224"); } #endif +#ifdef WOLFSSL_SHA384 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384, 48); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA384"); } +#endif +#ifdef WOLFSSL_SHA512 if (ret == CKR_OK) { ret = rsa_pss_test(session, priv, pub, CKM_SHA512, CKG_MGF1_SHA512, 64); CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA512"); } - +#endif if (ret == CKR_OK) { ret = sha256_rsa_pss_test(session, priv, pub, CKM_SHA256, CKG_MGF1_SHA256, 32); @@ -10079,7 +10092,7 @@ static CK_RV test_aes_cmac_general(void* args) #endif - +#ifdef WOLFSSL_HAVE_PRF static CK_RV test_tls_mac(CK_SESSION_HANDLE session, int hashType, unsigned char* exp, int expLen, CK_OBJECT_HANDLE key) { @@ -10245,6 +10258,7 @@ static CK_RV test_tls_mac_sha512(void* args) return ret; } #endif +#endif /* WOLFSSL_HAVE_PRF */ #ifndef NO_HMAC static CK_RV test_hmac(CK_SESSION_HANDLE session, int mechanism, @@ -13784,6 +13798,7 @@ static TEST_FUNC testFunc[] = { PKCS11TEST_FUNC_SESS_DECL(test_hkdf_derive_extract_with_expand_salt_key), PKCS11TEST_FUNC_SESS_DECL(test_hkdf_gen_key), #endif +#ifdef WOLFSSL_HAVE_PRF #ifndef NO_MD5 PKCS11TEST_FUNC_SESS_DECL(test_tls_mac_tls_prf), #endif @@ -13796,6 +13811,7 @@ static TEST_FUNC testFunc[] = { #ifdef WOLFSSL_SHA512 PKCS11TEST_FUNC_SESS_DECL(test_tls_mac_sha512), #endif +#endif /* WOLFSSL_HAVE_PRF */ PKCS11TEST_FUNC_SESS_DECL(test_random), PKCS11TEST_FUNC_SESS_DECL(test_x509), #ifndef NO_RSA diff --git a/wolfpkcs11/internal.h b/wolfpkcs11/internal.h index eecd833e..58465db7 100644 --- a/wolfpkcs11/internal.h +++ b/wolfpkcs11/internal.h @@ -35,6 +35,10 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif + #ifdef HAVE_FIPS #define NO_MD5 #endif @@ -61,10 +65,23 @@ C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT" #error Compiling with HKDF requires HMAC and wolfSSL to be compiled with HKDF. #endif -#ifdef __cplusplus -extern "C" { +/* Disable SHA3 if not supported by wolfSSL */ +#ifndef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + #define WOLFSSL_NOSHA3_224 + #endif + #ifndef WOLFSSL_NOSHA3_256 + #define WOLFSSL_NOSHA3_256 + #endif + #ifndef WOLFSSL_NOSHA3_384 + #define WOLFSSL_NOSHA3_384 + #endif + #ifndef WOLFSSL_NOSHA3_512 + #define WOLFSSL_NOSHA3_512 + #endif #endif + /* We need the next two for NSS, just for storage, even if we have no algos */ #ifndef WC_MD5_DIGEST_SIZE #define WC_MD5_DIGEST_SIZE 16