feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #302 from dgarske/EccOnlyNoSignVerify

Browse Source 
New ECC and ASN build options for reduce build size options
This commit is contained in:
toddouska
2016-02-15 12:13:43 -08:00
parent d7d2a6f565 a969dd8efd
commit 3d8f91d418
9 changed files with 171 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
configure.ac
View File

@@ -1032,9 +1032,9 @@ AC_ARG_ENABLE([asn],
if test "$ENABLED_ASN" = "no" if test "$ENABLED_ASN" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS" AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
if test "$ENABLED_DH" = "no" if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" == "no"
then then
# DH needs bigint # DH and ECC need bigint
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT" AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi fi
else else
@@ -1056,18 +1056,8 @@ then
AC_MSG_ERROR([please disable dsa if disabling asn.]) AC_MSG_ERROR([please disable dsa if disabling asn.])
fi fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no" # DH and ECC need bigint
then if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
# DH needs bigint
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no"
then then
ENABLED_FASTMATH=no ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no ENABLED_SLOWMATH=no
@@ -2161,6 +2151,19 @@ fi
AM_CONDITIONAL([BUILD_CRYPTONLY], [test "x$ENABLED_CRYPTONLY" = "xyes"]) AM_CONDITIONAL([BUILD_CRYPTONLY], [test "x$ENABLED_CRYPTONLY" = "xyes"])
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
fi
# set fastmath default # set fastmath default
FASTMATH_DEFAULT=no FASTMATH_DEFAULT=no
@@ -2179,10 +2182,10 @@ AC_ARG_ENABLE([fastmath],
if test "x$ENABLED_FASTMATH" = "xyes" if test "x$ENABLED_FASTMATH" = "xyes"
then then
# turn off fastmth if leanpsk on or asn off (w/o dh) # turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then then
if test "$ENABLED_DH" = "no" if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
then then
ENABLED_FASTMATH=no ENABLED_FASTMATH=no
else else

4
wolfcrypt/benchmark/benchmark.c
View File

@@ -1671,7 +1671,9 @@ void bench_eccKeyAgree(void)
double start, total, each, milliEach; double start, total, each, milliEach;
int i, ret; int i, ret;
byte shared[32]; byte shared[32];
#ifndef NO_ASN
byte sig[64+16]; /* der encoding too */ byte sig[64+16]; /* der encoding too */
#endif
byte digest[32]; byte digest[32];
word32 x = 0; word32 x = 0;
@@ -1712,6 +1714,7 @@ void bench_eccKeyAgree(void)
digest[i] = (byte)i; digest[i] = (byte)i;
#ifndef NO_ASN
start = current_time(1); start = current_time(1);
for(i = 0; i < agreeTimes; i++) { for(i = 0; i < agreeTimes; i++) {
@@ -1739,6 +1742,7 @@ void bench_eccKeyAgree(void)
return; return;
} }
} }
#endif
total = current_time(0) - start; total = current_time(0) - start;
each = total / agreeTimes; /* per second */ each = total / agreeTimes; /* per second */

31
wolfcrypt/src/asn.c
View File

@@ -25,6 +25,13 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
/*
ASN Options:
* NO_ASN_TIME: Disables time parts of the ASN code for systems without an RTC
or wishing to save space.
* IGNORE_NAME_CONSTRAINTS: Skip ASN name checks.
*/
#ifndef NO_ASN #ifndef NO_ASN
#ifdef HAVE_RTP_SYS #ifdef HAVE_RTP_SYS
@@ -94,7 +101,7 @@
#define FALSE 0 #define FALSE 0
#endif #endif
#ifndef NO_ASN_TIME
#if defined(HAVE_RTP_SYS) #if defined(HAVE_RTP_SYS)
/* uses parital <time.h> structures */ /* uses parital <time.h> structures */
#define XTIME(tl) (0) #define XTIME(tl) (0)
@@ -491,6 +498,7 @@ time_t idirect_time(time_t * timer)
#endif /* IDIRECT_DEV_TIME */ #endif /* IDIRECT_DEV_TIME */
#endif /* !NO_ASN_TIME */
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
@@ -617,7 +625,7 @@ static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
} }
#endif /* !NO_PWDBASED */ #endif /* !NO_PWDBASED */
#ifndef NO_ASN_TIME
/* May not have one, not an error */ /* May not have one, not an error */
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
{ {
@@ -634,7 +642,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx) word32 maxIdx)
@@ -2216,7 +2224,7 @@ void FreeDecodedCert(DecodedCert* cert)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
#ifndef NO_ASN_TIME
static int GetCertHeader(DecodedCert* cert) static int GetCertHeader(DecodedCert* cert)
{ {
int ret = 0, len; int ret = 0, len;
@@ -2292,6 +2300,7 @@ static int StoreRsaKey(DecodedCert* cert)
return 0; return 0;
} }
#endif #endif
#endif /* !NO_ASN_TIME */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@@ -2331,7 +2340,7 @@ static int StoreRsaKey(DecodedCert* cert)
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifndef NO_ASN_TIME
static int GetKey(DecodedCert* cert) static int GetKey(DecodedCert* cert)
{ {
int length; int length;
@@ -3188,7 +3197,7 @@ static int GetSignature(DecodedCert* cert)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
static word32 SetDigest(const byte* digest, word32 digSz, byte* output) static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
{ {
@@ -3448,7 +3457,7 @@ int wc_GetCTC_HashOID(int type)
}; };
} }
#ifndef NO_ASN_TIME
/* return true (1) or false (0) for Confirmation */ /* return true (1) or false (0) for Confirmation */
static int ConfirmSignature(const byte* buf, word32 bufSz, static int ConfirmSignature(const byte* buf, word32 bufSz,
const byte* key, word32 keySz, word32 keyOID, const byte* key, word32 keySz, word32 keyOID,
@@ -4498,6 +4507,7 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert)
return 0; return 0;
} }
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
#endif /* NO_ASN_TIME */
#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP) #if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)
@@ -4674,7 +4684,7 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
} }
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifndef NO_ASN_TIME
static int DecodeCertExtensions(DecodedCert* cert) static int DecodeCertExtensions(DecodedCert* cert)
/* /*
* Processing the Certificate Extensions. This does not modify the current * Processing the Certificate Extensions. This does not modify the current
@@ -4888,6 +4898,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
return ret; return ret;
} }
#endif /* !NO_ASN_TIME */
/* from SSL proper, for locking can't do find here anymore */ /* from SSL proper, for locking can't do find here anymore */
@@ -4924,7 +4935,7 @@ Signer* GetCAByName(void* signers, byte* hash)
#endif /* WOLFCRYPT_ONLY */ #endif /* WOLFCRYPT_ONLY */
#ifndef NO_ASN_TIME
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
{ {
word32 confirmOID; word32 confirmOID;
@@ -5047,7 +5058,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
/* Create and init an new signer */ /* Create and init an new signer */
Signer* MakeSigner(void* heap) Signer* MakeSigner(void* heap)

79
wolfcrypt/src/ecc.c
View File

@@ -27,8 +27,40 @@
/* in case user set HAVE_ECC there */ /* in case user set HAVE_ECC there */
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
/*
Possible ECC enable options:
* HAVE_ECC: Overall control of ECC default: on
* HAVE_ECC_ENCRYPT: ECC encrypt/decrypt w/AES and HKDF default: off
* HAVE_ECC_SIGN: ECC sign default: on
* HAVE_ECC_VERIFY: ECC verify default: on
* HAVE_ECC_DHE: ECC build shared secret default: on
* HAVE_ECC_KEY_IMPORT: ECC Key import default: on
* HAVE_ECC_KEY_EXPORT: ECC Key export default: on
* ECC_SHAMIR: Enables Shamir calc method default: on
* HAVE_COMP_KEY: Enables compressed key default: off
* WOLFSSL_VALIDATE_ECC_IMPORT: Validate ECC key on import default: off
*/
/*
ECC Curves:
* ECC_USER_CURVES: Allows custom combination of key sizes below
* HAVE_ALL_CURVES: Enable all key sizes (on unless ECC_USER_CURVES is defined)
* HAVE_ECC112: 112 bit key
* HAVE_ECC128: 128 bit key
* HAVE_ECC160: 160 bit key
* HAVE_ECC192: 192 bit key
* HAVE_ECC224: 224 bit key
* NO_ECC256: Disables 256 bit key (on by default)
* HAVE_ECC384: 384 bit key
* HAVE_ECC521: 521 bit key
*/
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if (defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)) && defined(NO_ASN)
#error ASN must be enabled for ECC sign/verify
#endif
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/openssl/ec.h> #include <wolfssl/openssl/ec.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
@@ -1506,13 +1538,13 @@ int wc_ecc_is_valid_idx(int n)
return 0; return 0;
} }
#ifdef HAVE_ECC_DHE
/** /**
Create an ECC shared secret between two keys Create an ECC shared secret between two keys
private_key The private ECC key private_key The private ECC key
public_key The public key public_key The public key
out [out] Destination of the shared secret out [out] Destination of the shared secret
Conforms to EC-DH from ANSI X9.63 Conforms to EC-DH from ANSI X9.63
outlen [in/out] The max size and resulting size of the shared secret outlen [in/out] The max size and resulting size of the shared secret
return MP_OKAY if successful return MP_OKAY if successful
*/ */
@@ -1533,10 +1565,12 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
/* Verify domain params supplied */
if (wc_ecc_is_valid_idx(private_key->idx) == 0 || if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
wc_ecc_is_valid_idx(public_key->idx) == 0) wc_ecc_is_valid_idx(public_key->idx) == 0)
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
/* Verify curve name matches */
if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0) if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0)
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
@@ -1576,14 +1610,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
} }
/** /**
Create an ECC shared secret between two keys Create an ECC shared secret between private key and public point
private_key The private ECC key private_key The private ECC key
point The point to use (public key) point The point to use (public key)
out [out] Destination of the shared secret out [out] Destination of the shared secret
Conforms to EC-DH from ANSI X9.63 Conforms to EC-DH from ANSI X9.63
outlen [in/out] The max size and resulting size of the shared secret outlen [in/out] The max size and resulting size of the shared secret
return MP_OKAY if successful return MP_OKAY if successful
*/ */
int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen) byte* out, word32 *outlen)
{ {
@@ -1600,6 +1634,7 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
/* Verify domain params supplied */
if (wc_ecc_is_valid_idx(private_key->idx) == 0) if (wc_ecc_is_valid_idx(private_key->idx) == 0)
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
@@ -1637,7 +1672,7 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
return err; return err;
} }
#endif /* HAVE_ECC_DHE */
/* return 1 if point is at infinity, 0 if not, < 0 on error */ /* return 1 if point is at infinity, 0 if not, < 0 on error */
int wc_ecc_point_is_at_infinity(ecc_point* p) int wc_ecc_point_is_at_infinity(ecc_point* p)
@@ -1832,6 +1867,9 @@ int wc_ecc_init(ecc_key* key)
} }
#ifdef HAVE_ECC_SIGN
#ifndef NO_ASN
/** /**
Sign a message digest Sign a message digest
in The message digest to sign in The message digest to sign
@@ -1865,6 +1903,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
return err; return err;
} }
#endif /* !NO_ASN */
/** /**
Sign a message digest Sign a message digest
@@ -1971,7 +2010,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
return err; return err;
} }
#endif /* HAVE_ECC_SIGN */
/** /**
Free an ECC key from memory Free an ECC key from memory
@@ -2225,7 +2264,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
#endif /* ECC_SHAMIR */ #endif /* ECC_SHAMIR */
#ifdef HAVE_ECC_VERIFY
#ifndef NO_ASN
/* verify /* verify
* *
* w = s^-1 mod n * w = s^-1 mod n
@@ -2276,6 +2316,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
return err; return err;
} }
#endif /* !NO_ASN */
/** /**
Verify an ECC signature Verify an ECC signature
@@ -2440,7 +2481,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
return err; return err;
} }
#endif /* HAVE_ECC_VERIFY */
#ifdef HAVE_ECC_KEY_IMPORT
/* import point from der */ /* import point from der */
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
ecc_point* point) ecc_point* point)
@@ -2562,7 +2605,9 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
return err; return err;
} }
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
/* export point to der */ /* export point to der */
int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
word32* outLen) word32* outLen)
@@ -2712,7 +2757,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
} }
#endif /* HAVE_ECC_KEY_EXPORT */
/* is ec point on curve described by dp ? */ /* is ec point on curve described by dp ? */
static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime) static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
@@ -2916,7 +2961,7 @@ int wc_ecc_check_key(ecc_key* key)
return err; return err;
} }
#ifdef HAVE_ECC_KEY_IMPORT
/* import public ECC key in ANSI X9.63 format */ /* import public ECC key in ANSI X9.63 format */
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key) int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
{ {
@@ -3065,8 +3110,9 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
return err; return err;
} }
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
/* export ecc private key only raw, outLen is in/out size /* export ecc private key only raw, outLen is in/out size
return MP_OKAY on success */ return MP_OKAY on success */
int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen) int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
@@ -3090,8 +3136,9 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
return mp_to_unsigned_bin(&key->k, out + (numlen - return mp_to_unsigned_bin(&key->k, out + (numlen -
mp_unsigned_bin_size(&key->k))); mp_unsigned_bin_size(&key->k)));
} }
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_IMPORT
/* ecc private key import, public key in ANSI X9.63 format, private raw */ /* ecc private key import, public key in ANSI X9.63 format, private raw */
int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key) word32 pubSz, ecc_key* key)
@@ -3111,7 +3158,9 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
return ret; return ret;
} }
#endif /* HAVE_ECC_KEY_IMPORT */
#ifndef NO_ASN
/** /**
Convert ECC R,S to signature Convert ECC R,S to signature
r R component of signature r R component of signature
@@ -3151,7 +3200,9 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen)
return err; return err;
} }
#endif /* !NO_ASN */
#ifdef HAVE_ECC_KEY_IMPORT
/** /**
Import raw ECC key Import raw ECC key
key The destination ecc_key structure key The destination ecc_key structure
@@ -3235,7 +3286,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
return err; return err;
} }
#endif /* HAVE_ECC_KEY_IMPORT */
/* key size in octets */ /* key size in octets */
int wc_ecc_size(ecc_key* key) int wc_ecc_size(ecc_key* key)

17
wolfcrypt/src/signature.c
View File

@@ -38,7 +38,8 @@
#endif #endif
/* If ECC and RSA are disabled then disable signature wrapper */ /* If ECC and RSA are disabled then disable signature wrapper */
#if !defined(HAVE_ECC) && defined(NO_RSA) #if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \
&& !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA)
#undef NO_SIG_WRAPPER #undef NO_SIG_WRAPPER
#define NO_SIG_WRAPPER #define NO_SIG_WRAPPER
#endif #endif
@@ -54,7 +55,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte** hash_data,
if (ret > 0) { if (ret > 0) {
int oid = ret; int oid = ret;
/* Allocate buffer for hash and encoded ASN header */ /* Allocate buffer for hash and max DER encoded */
word32 digest_len = *hash_len + MAX_DER_DIGEST_SZ; word32 digest_len = *hash_len + MAX_DER_DIGEST_SZ;
byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (digest_buf) { if (digest_buf) {
@@ -62,7 +63,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte** hash_data,
if (ret > 0) { if (ret > 0) {
digest_len = ret; digest_len = ret;
/* Replace hash with digest (encoded ASN header + hash) */ /* Replace hash with digest (DER encoding + hash) */
XFREE(*hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(*hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
*hash_data = digest_buf; *hash_data = digest_buf;
*hash_len = digest_len; *hash_len = digest_len;
@@ -169,7 +170,7 @@ int wc_SignatureVerify(
switch(sig_type) { switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC: case WC_SIGNATURE_TYPE_ECC:
{ {
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
int is_valid_sig = 0; int is_valid_sig = 0;
/* Perform verification of signature using provided ECC key */ /* Perform verification of signature using provided ECC key */
@@ -194,7 +195,7 @@ int wc_SignatureVerify(
break; break;
} }
/* Otherwise fall-through and perform normal RSA verify against updated /* Otherwise fall-through and perform normal RSA verify against updated
* hash + encoded ASN header */ * DER encoding + hash */
#endif #endif
case WC_SIGNATURE_TYPE_RSA: case WC_SIGNATURE_TYPE_RSA:
@@ -292,7 +293,7 @@ int wc_SignatureGenerate(
/* Create signature using hash as data */ /* Create signature using hash as data */
switch(sig_type) { switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC: case WC_SIGNATURE_TYPE_ECC:
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
/* Create signature using provided ECC key */ /* Create signature using provided ECC key */
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key); ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
#else #else
@@ -310,8 +311,8 @@ int wc_SignatureGenerate(
if (ret < 0) { if (ret < 0) {
break; break;
} }
/* Otherwise fall-through and perform normal RSA verify against updated /* Otherwise fall-through and perform normal RSA sign against updated
* hash + encoded ASN header */ * DER encoding + hash */
#endif #endif
case WC_SIGNATURE_TYPE_RSA: case WC_SIGNATURE_TYPE_RSA:

8
wolfcrypt/test/test.c
View File

@@ -6172,11 +6172,15 @@ int ecc_test(void)
WC_RNG rng; WC_RNG rng;
byte sharedA[1024]; byte sharedA[1024];
byte sharedB[1024]; byte sharedB[1024];
#if !defined(NO_SHA) && \
((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
byte sig[1024]; byte sig[1024];
int verify;
#endif
byte digest[20]; byte digest[20];
byte exportBuf[1024]; byte exportBuf[1024];
word32 x, y; word32 x, y;
int i, verify, ret; int i, ret;
ecc_key userA, userB, pubKey; ecc_key userA, userB, pubKey;
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
@@ -6266,6 +6270,7 @@ int ecc_test(void)
for (i = 0; i < (int)sizeof(digest); i++) for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = (byte)i; digest[i] = (byte)i;
#ifndef NO_ASN
x = sizeof(sig); x = sizeof(sig);
ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
@@ -6280,6 +6285,7 @@ int ecc_test(void)
if (verify != 1) if (verify != 1)
return -1016; return -1016;
#endif
x = sizeof(exportBuf); x = sizeof(exportBuf);
ret = wc_ecc_export_private_only(&userA, exportBuf, &x); ret = wc_ecc_export_private_only(&userA, exportBuf, &x);

20
wolfssl/wolfcrypt/ecc.h
View File

@@ -143,24 +143,34 @@ WOLFSSL_API
int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ecc_check_key(ecc_key* key); int wc_ecc_check_key(ecc_key* key);
#ifdef HAVE_ECC_DHE
WOLFSSL_API WOLFSSL_API
int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
word32* outlen); word32* outlen);
WOLFSSL_API WOLFSSL_API
int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen); byte* out, word32 *outlen);
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_ECC_SIGN
WOLFSSL_API WOLFSSL_API
int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
WC_RNG* rng, ecc_key* key); WC_RNG* rng, ecc_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
ecc_key* key, mp_int *r, mp_int *s); ecc_key* key, mp_int *r, mp_int *s);
#endif /* HAVE_ECC_SIGN */
#ifdef HAVE_ECC_VERIFY
WOLFSSL_API WOLFSSL_API
int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* stat, ecc_key* key); word32 hashlen, int* stat, ecc_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* stat, ecc_key* key); word32 hashlen, int* stat, ecc_key* key);
#endif /* HAVE_ECC_VERIFY */
WOLFSSL_API WOLFSSL_API
int wc_ecc_init(ecc_key* key); int wc_ecc_init(ecc_key* key);
WOLFSSL_API WOLFSSL_API
@@ -184,12 +194,16 @@ WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map); mp_int* modulus, int map);
#ifdef HAVE_ECC_KEY_EXPORT
/* ASN key helpers */ /* ASN key helpers */
WOLFSSL_API WOLFSSL_API
int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen); int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
WOLFSSL_API WOLFSSL_API
int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
/* extended functionality with compressed option */ /* extended functionality with compressed option */
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_IMPORT
WOLFSSL_API WOLFSSL_API
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
WOLFSSL_API WOLFSSL_API
@@ -200,16 +214,22 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
WOLFSSL_API WOLFSSL_API
int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
const char* d, const char* curveName); const char* d, const char* curveName);
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
WOLFSSL_API WOLFSSL_API
int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
WOLFSSL_API WOLFSSL_API
int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
byte* out, word32* outLen); byte* out, word32* outLen);
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_IMPORT
WOLFSSL_API WOLFSSL_API
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
ecc_point* point); ecc_point* point);
#endif /* HAVE_ECC_KEY_IMPORT */
/* size helper */ /* size helper */
WOLFSSL_API WOLFSSL_API

25
wolfssl/wolfcrypt/settings.h
View File

@@ -1004,6 +1004,31 @@ static char *fgets(char *buff, int sz, FILE *fp)
#endif #endif
#endif #endif
/* ECC Configs */
#ifdef HAVE_ECC
/* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
#ifndef NO_ECC_SIGN
#undef HAVE_ECC_SIGN
#define HAVE_ECC_SIGN
#endif
#ifndef NO_ECC_VERIFY
#undef HAVE_ECC_VERIFY
#define HAVE_ECC_VERIFY
#endif
#ifndef NO_ECC_DHE
#undef HAVE_ECC_DHE
#define HAVE_ECC_DHE
#endif
#ifndef NO_ECC_KEY_IMPORT
#undef HAVE_ECC_KEY_IMPORT
#define HAVE_ECC_KEY_IMPORT
#endif
#ifndef NO_ECC_KEY_EXPORT
#undef HAVE_ECC_KEY_EXPORT
#define HAVE_ECC_KEY_EXPORT
#endif
#endif /* HAVE_ECC */
/* if desktop type system and fastmath increase default max bits */ /* if desktop type system and fastmath increase default max bits */
#ifdef WOLFSSL_X86_64_BUILD #ifdef WOLFSSL_X86_64_BUILD
#ifdef USE_FAST_MATH #ifdef USE_FAST_MATH

2
wolfssl/wolfcrypt/signature.h
View File

@@ -34,7 +34,7 @@ enum wc_SignatureType {
WC_SIGNATURE_TYPE_NONE = 0, WC_SIGNATURE_TYPE_NONE = 0,
WC_SIGNATURE_TYPE_ECC = 1, WC_SIGNATURE_TYPE_ECC = 1,
WC_SIGNATURE_TYPE_RSA = 2, WC_SIGNATURE_TYPE_RSA = 2,
WC_SIGNATURE_TYPE_RSA_W_ENC = 3, /* Adds ASN algo header via wc_EncodeSignature */ WC_SIGNATURE_TYPE_RSA_W_ENC = 3, /* Adds DER header via wc_EncodeSignature */
}; };
WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type, WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,