Rust wrapper: add scrypt KDF and RSA-OAEP support

wrapper/rust/include.am

@@ -13,44 +13,66 @@ EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/build.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/headers.h
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/aes.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/blake2_digest.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/blake2_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/cmac_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/dh.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ecdsa.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/fips.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/hmac_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/lib.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/lms.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/mlkem_kem.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/pbkdf2_password_hash.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/prf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/random.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/rsa_oaep.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/rsa_pkcs1v15.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/scrypt_password_hash.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/sha.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/sha_digest.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/sys.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2_digest.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ecdsa.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac_mac.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem_kem.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_pbkdf2_password_hash.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa_oaep.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa_pkcs1v15.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_scrypt_password_hash.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs
+EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_sha_digest.rs
 EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs

wrapper/rust/wolfssl-wolfcrypt/build.rs

@@ -425,6 +425,7 @@ fn scan_cfg() -> Result<()> {
     /* kdf */
     check_cfg(&binding, "wc_PBKDF2", "kdf_pbkdf2");
     check_cfg(&binding, "wc_PKCS12_PBKDF_ex", "kdf_pkcs12");
+    check_cfg(&binding, "wc_scrypt", "kdf_scrypt");
     check_cfg(&binding, "wc_SRTP_KDF", "kdf_srtp");
     check_cfg(&binding, "wc_SSH_KDF", "kdf_ssh");
     check_cfg(&binding, "wc_Tls13_HKDF_Extract_ex", "kdf_tls13");
@@ -457,6 +458,7 @@ fn scan_cfg() -> Result<()> {
     check_cfg(&binding, "wc_RsaDirect", "rsa_direct");
     check_cfg(&binding, "wc_MakeRsaKey", "rsa_keygen");
     check_cfg(&binding, "wc_RsaPSS_Sign", "rsa_pss");
+    check_cfg(&binding, "wc_RsaPublicEncrypt_ex", "rsa_oaep");
     check_cfg(&binding, "wc_RsaSetRNG", "rsa_setrng");
     check_cfg(&binding, "WC_MGF1SHA512_224", "rsa_mgf1sha512_224");
     check_cfg(&binding, "WC_MGF1SHA512_256", "rsa_mgf1sha512_256");

wrapper/rust/wolfssl-wolfcrypt/src/aes.rs

@@ -806,19 +806,23 @@ impl CFB {
     /// * `din`: Data to encrypt.
     /// * `dout`: Buffer in which to store the encrypted data. The size of
     ///   the buffer must match that of the `din` buffer.
+    /// * `size`: Number of bits to encrypt. The `din` and `dout` buffers must
+    ///   each be large enough to hold this number of bits.
     ///
     /// # Returns
     ///
     /// A Result which is Ok(()) on success or an Err containing the wolfSSL
     /// library return code on failure.
-    pub fn encrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
-        let in_size = crate::buffer_len_to_u32(din.len())?;
-        let out_size = crate::buffer_len_to_u32(dout.len())?;
-        if in_size != out_size {
+    pub fn encrypt1(&mut self, din: &[u8], dout: &mut [u8], size: usize) -> Result<(), i32> {
+        if din.len() != dout.len() {
             return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
         }
+        if din.len() < size.div_ceil(8) {
+            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let bit_size = crate::buffer_len_to_u32(size)?;
         let rc = unsafe {
-            sys::wc_AesCfb1Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
+            sys::wc_AesCfb1Encrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), bit_size)
         };
         if rc != 0 {
             return Err(rc);
@@ -894,20 +898,24 @@ impl CFB {
     /// * `din`: Data to decrypt.
     /// * `dout`: Buffer in which to store the decrypted data. The size of
     ///   the buffer must match that of the `din` buffer.
+    /// * `size`: Number of bits to decrypt. The `din` and `dout` buffers must
+    ///   each be large enough to hold this number of bits.
     ///
     /// # Returns
     ///
     /// A Result which is Ok(()) on success or an Err containing the wolfSSL
     /// library return code on failure.
     #[cfg(aes_decrypt)]
-    pub fn decrypt1(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> {
-        let in_size = crate::buffer_len_to_u32(din.len())?;
-        let out_size = crate::buffer_len_to_u32(dout.len())?;
-        if in_size != out_size {
+    pub fn decrypt1(&mut self, din: &[u8], dout: &mut [u8], size: usize) -> Result<(), i32> {
+        if din.len() != dout.len() {
+            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        if din.len() < size.div_ceil(8) {
             return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
         }
+        let bit_size = crate::buffer_len_to_u32(size)?;
         let rc = unsafe {
-            sys::wc_AesCfb1Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), in_size)
+            sys::wc_AesCfb1Decrypt(&mut self.ws_aes, dout.as_mut_ptr(), din.as_ptr(), bit_size)
         };
         if rc != 0 {
             return Err(rc);
@@ -2993,7 +3001,10 @@ impl XTSStream {
 #[cfg(aes_xts_stream)]
 impl XTSStream {
     fn zeroize(&mut self) {
-        unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }
+        unsafe {
+            crate::zeroize_raw(&mut self.ws_xtsaes);
+            crate::zeroize_raw(&mut self.ws_xtsaesstreamdata);
+        }
     }
 }
 #[cfg(aes_xts_stream)]

wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs

@@ -201,6 +201,9 @@ impl CMAC {
                 data.as_ptr(), data_size,
                 key.as_ptr(), key_size)
         };
+        if rc == sys::wolfCrypt_ErrorCodes_MAC_CMP_FAILED_E {
+            return Ok(false);
+        }
         if rc < 0 {
             return Err(rc);
         }
@@ -402,6 +405,9 @@ impl CMAC {
                 data.as_ptr(), data_size,
                 key.as_ptr(), key_size, heap, dev_id)
         };
+        if rc == sys::wolfCrypt_ErrorCodes_MAC_CMP_FAILED_E {
+            return Ok(false);
+        }
         if rc < 0 {
             return Err(rc);
         }

wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs

@@ -269,6 +269,114 @@ pub fn pkcs12_pbkdf_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32,
     Ok(())
 }
 
+/// Implement the scrypt password-based key derivation function as defined
+/// in RFC 7914.
+///
+/// # Parameters
+///
+/// * `password`: Password to use for key derivation.
+/// * `salt`: Salt value to use for key derivation.
+/// * `cost`: log base 2 of the iteration count (`N = 1 << cost`). Must
+///   satisfy `1 <= cost < 128 * block_size / 8`.
+/// * `block_size`: Number of 128-byte octets in a working block (the `r`
+///   parameter from RFC 7914). Must be in `1..=8`.
+/// * `parallel`: Number of parallel mix operations to perform (the `p`
+///   parameter from RFC 7914). This implementation does not use threads.
+/// * `out`: Output buffer in which to store the derived key.
+///
+/// # Returns
+///
+/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
+/// library error code value.
+///
+/// # Example
+///
+/// ```rust
+/// #[cfg(kdf_scrypt)]
+/// {
+/// use wolfssl_wolfcrypt::kdf::scrypt;
+/// let password = b"password";
+/// let salt = b"NaCl";
+/// let expected_key = [
+///     0xfdu8, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+///     0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+///     0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+///     0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+///     0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+///     0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+///     0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+///     0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+/// ];
+/// let mut keyout = [0u8; 64];
+/// scrypt(password, salt, 10, 8, 16, &mut keyout).expect("Error with scrypt()");
+/// assert_eq!(keyout, expected_key);
+/// }
+/// ```
+#[cfg(kdf_scrypt)]
+pub fn scrypt(password: &[u8], salt: &[u8], cost: i32, block_size: i32,
+        parallel: i32, out: &mut [u8]) -> Result<(), i32> {
+    let password_size = crate::buffer_len_to_i32(password.len())?;
+    let salt_size = crate::buffer_len_to_i32(salt.len())?;
+    let out_size = crate::buffer_len_to_i32(out.len())?;
+    let rc = unsafe {
+        sys::wc_scrypt(out.as_mut_ptr(), password.as_ptr(), password_size,
+            salt.as_ptr(), salt_size, cost, block_size, parallel, out_size)
+    };
+    if rc != 0 {
+        return Err(rc);
+    }
+    Ok(())
+}
+
+/// Implement the scrypt password-based key derivation function as defined
+/// in RFC 7914. This variant takes the iteration count `N` directly
+/// instead of `log2(N)`.
+///
+/// # Parameters
+///
+/// * `password`: Password to use for key derivation.
+/// * `salt`: Salt value to use for key derivation.
+/// * `iterations`: Iteration count (`N`). Must be a power of two greater
+///   than 1.
+/// * `block_size`: Number of 128-byte octets in a working block (the `r`
+///   parameter from RFC 7914). Must be in `1..=8`.
+/// * `parallel`: Number of parallel mix operations to perform (the `p`
+///   parameter from RFC 7914). This implementation does not use threads.
+/// * `out`: Output buffer in which to store the derived key.
+///
+/// # Returns
+///
+/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
+/// library error code value.
+///
+/// # Example
+///
+/// ```rust
+/// #[cfg(kdf_scrypt)]
+/// {
+/// use wolfssl_wolfcrypt::kdf::scrypt_ex;
+/// let password = b"password";
+/// let salt = b"NaCl";
+/// let mut keyout = [0u8; 64];
+/// scrypt_ex(password, salt, 1024, 8, 16, &mut keyout).expect("Error with scrypt_ex()");
+/// }
+/// ```
+#[cfg(kdf_scrypt)]
+pub fn scrypt_ex(password: &[u8], salt: &[u8], iterations: u32,
+        block_size: i32, parallel: i32, out: &mut [u8]) -> Result<(), i32> {
+    let password_size = crate::buffer_len_to_i32(password.len())?;
+    let salt_size = crate::buffer_len_to_i32(salt.len())?;
+    let out_size = crate::buffer_len_to_i32(out.len())?;
+    let rc = unsafe {
+        sys::wc_scrypt_ex(out.as_mut_ptr(), password.as_ptr(), password_size,
+            salt.as_ptr(), salt_size, iterations, block_size, parallel, out_size)
+    };
+    if rc != 0 {
+        return Err(rc);
+    }
+    Ok(())
+}
+
 /// Perform RFC 5869 HKDF-Extract operation for TLS v1.3 key derivation.
 ///
 /// # Parameters

wrapper/rust/wolfssl-wolfcrypt/src/lib.rs

@@ -74,11 +74,15 @@ pub mod mlkem_kem;
 pub mod prf;
 pub mod random;
 pub mod rsa;
+#[cfg(rsa_oaep)]
+pub mod rsa_oaep;
 #[cfg(feature = "signature")]
 pub mod rsa_pkcs1v15;
 pub mod sha;
 #[cfg(all(feature = "password-hash", hmac, kdf_pbkdf2))]
 pub mod pbkdf2_password_hash;
+#[cfg(all(feature = "password-hash", kdf_scrypt))]
+pub mod scrypt_password_hash;
 #[cfg(feature = "digest")]
 pub mod sha_digest;
 

wrapper/rust/wolfssl-wolfcrypt/src/lms.rs

@@ -774,6 +774,9 @@ impl Lms {
         if rc != 0 {
             return Err(rc);
         }
+        if kid_ptr.is_null() {
+            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
         let src = unsafe { core::slice::from_raw_parts(kid_ptr, kid_sz as usize) };
         if kid.len() < src.len() {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);

wrapper/rust/wolfssl-wolfcrypt/src/mlkem_kem.rs

@@ -135,6 +135,7 @@ macro_rules! impl_mlkem_kem {
                 let mut ss = [0u8; crate::mlkem::MlKem::SHARED_SECRET_SIZE];
                 wc_key.encapsulate_with_random(&mut ct, &mut ss, &rand)
                     .expect("encapsulate_with_random failed");
+                zeroize::Zeroize::zeroize(&mut rand[..]);
 
                 (ct.into(), ss.into())
             }
@@ -184,6 +185,7 @@ macro_rules! impl_mlkem_kem {
                 let wc_key = crate::mlkem::MlKem::generate_with_random(
                     $key_type, &rand,
                 ).expect("generate_with_random failed");
+                zeroize::Zeroize::zeroize(&mut rand[..]);
 
                 let mut pk = [0u8; $pk_len];
                 let mut sk = [0u8; $sk_len];

wrapper/rust/wolfssl-wolfcrypt/src/pbkdf2_password_hash.rs

@@ -217,10 +217,14 @@ impl password_hash::CustomizedPasswordHasher<PasswordHash> for Pbkdf2 {
             None => self.algorithm,
         };
 
-        if params.rounds < MIN_ROUNDS || params.output_len > Output::MAX_LENGTH {
+        if params.rounds < MIN_ROUNDS {
             return Err(Error::ParamInvalid { name: "i" });
         }
 
+        if params.output_len > Output::MAX_LENGTH {
+            return Err(Error::ParamInvalid { name: "l" });
+        }
+
         let iterations = i32::try_from(params.rounds)
             .map_err(|_| Error::ParamInvalid { name: "i" })?;