From 2a5db9371c34958d040e120af9654f294e73abba Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 2 May 2012 15:11:20 -0700 Subject: [PATCH 1/2] BN help --- ctaocrypt/src/tfm.c | 83 +++++++++--------- cyassl/ctaocrypt/tfm.h | 10 ++- cyassl/openssl/rsa.h | 2 + src/ssl.c | 187 +++++++++++++++++++++++++++++++++++++++-- 4 files changed, 232 insertions(+), 50 deletions(-) diff --git a/ctaocrypt/src/tfm.c b/ctaocrypt/src/tfm.c index 2947fca68..b6e58ab49 100644 --- a/ctaocrypt/src/tfm.c +++ b/ctaocrypt/src/tfm.c @@ -1800,6 +1800,15 @@ void fp_reverse (unsigned char *s, int len) } +/* c = a - b */ +void fp_sub_d(fp_int *a, fp_digit b, fp_int *c) +{ + fp_int tmp; + fp_set(&tmp, b); + fp_sub(a, &tmp, c); +} + + /* CyaSSL callers from normal lib */ /* init a new mp_int */ @@ -1917,6 +1926,42 @@ int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c) } +int mp_sub_d(fp_int *a, fp_digit b, fp_int *c) +{ + fp_sub_d(a, b, c); + return MP_OKAY; +} + + +/* fast math conversion */ +int mp_copy(fp_int* a, fp_int* b) +{ + fp_copy(a, b); + return MP_OKAY; +} + + +/* fast math conversion */ +int mp_isodd(mp_int* a) +{ + return fp_isodd(a); +} + + +/* fast math conversion */ +int mp_iszero(mp_int* a) +{ + return fp_iszero(a); +} + + +/* fast math conversion */ +int mp_count_bits (mp_int* a) +{ + return fp_count_bits(a); +} + + #if defined(CYASSL_KEY_GEN) || defined (HAVE_ECC) /* c = a * a (mod b) */ @@ -1941,14 +1986,6 @@ int mp_montgomery_calc_normalization(mp_int *a, mp_int *b) return MP_OKAY; } -/* fast math conversion */ -int mp_copy(fp_int* a, fp_int* b) -{ - fp_copy(a, b); - return MP_OKAY; -} - - #endif /* CYASSL_KEYGEN || HAVE_ECC */ @@ -1956,7 +1993,6 @@ int mp_copy(fp_int* a, fp_int* b) void fp_gcd(fp_int *a, fp_int *b, fp_int *c); void fp_lcm(fp_int *a, fp_int *b, fp_int *c); -void fp_sub_d(fp_int *a, fp_digit b, fp_int *c); int fp_isprime(fp_int *a); int fp_cnt_lsb(fp_int *a); @@ -1982,13 +2018,6 @@ int mp_lcm(fp_int *a, fp_int *b, fp_int *c) } -int mp_sub_d(fp_int *a, fp_digit b, fp_int *c) -{ - fp_sub_d(a, b, c); - return MP_OKAY; -} - - int mp_prime_is_prime(mp_int* a, int t, int* result) { (void)t; @@ -1998,15 +2027,6 @@ int mp_prime_is_prime(mp_int* a, int t, int* result) -/* c = a - b */ -void fp_sub_d(fp_int *a, fp_digit b, fp_int *c) -{ - fp_int tmp; - fp_set(&tmp, b); - fp_sub(a, &tmp, c); -} - - static int s_is_power_of_two(fp_digit b, int *p) { int x; @@ -2408,12 +2428,6 @@ int mp_read_radix(mp_int *a, const char *str, int radix) return fp_read_radix(a, str, radix); } -/* fast math conversion */ -int mp_iszero(mp_int* a) -{ - return fp_iszero(a); -} - /* fast math conversion */ int mp_set(fp_int *a, fp_digit b) { @@ -2442,13 +2456,6 @@ int mp_montgomery_setup(fp_int *a, fp_digit *rho) return fp_montgomery_setup(a, rho); } -/* fast math conversion */ -int mp_isodd(mp_int* a) -{ - return fp_isodd(a); -} - - int mp_div_2(fp_int * a, fp_int * b) { fp_div_2(a, b); diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 34743cb2a..c492481d0 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -645,20 +645,23 @@ int mp_unsigned_bin_size(mp_int * a); int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); int mp_to_unsigned_bin (mp_int * a, unsigned char *b); +int mp_sub_d(fp_int *a, fp_digit b, fp_int *c); +int mp_copy(fp_int* a, fp_int* b); +int mp_isodd(mp_int* a); +int mp_iszero(mp_int* a); +int mp_count_bits(mp_int *a); + #ifdef HAVE_ECC int mp_read_radix(mp_int* a, const char* str, int radix); - int mp_iszero(mp_int* a); int mp_set(fp_int *a, fp_digit b); int mp_sqr(fp_int *A, fp_int *B); int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); int mp_montgomery_setup(fp_int *a, fp_digit *rho); - int mp_isodd(mp_int* a); int mp_div_2(fp_int * a, fp_int * b); int mp_init_copy(fp_int * a, fp_int * b); #endif #if defined(HAVE_ECC) || defined(CYASSL_KEY_GEN) - int mp_copy(fp_int* a, fp_int* b); int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); int mp_montgomery_calc_normalization(mp_int *a, mp_int *b); #endif @@ -667,7 +670,6 @@ int mp_to_unsigned_bin (mp_int * a, unsigned char *b); int mp_set_int(fp_int *a, fp_digit b); int mp_gcd(fp_int *a, fp_int *b, fp_int *c); int mp_lcm(fp_int *a, fp_int *b, fp_int *c); -int mp_sub_d(fp_int *a, fp_digit b, fp_int *c); int mp_prime_is_prime(mp_int* a, int t, int* result); #endif /* CYASSL_KEY_GEN */ diff --git a/cyassl/openssl/rsa.h b/cyassl/openssl/rsa.h index fb644d648..ee2750ae2 100644 --- a/cyassl/openssl/rsa.h +++ b/cyassl/openssl/rsa.h @@ -27,6 +27,8 @@ struct CYASSL_RSA { CYASSL_BIGNUM* dmq1; /* dQ */ CYASSL_BIGNUM* iqmp; /* u */ void* internal; /* our RSA */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ }; diff --git a/src/ssl.c b/src/ssl.c index e2a967fde..b66db6d95 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5404,7 +5404,10 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_num_bytes"); - return -1; + if (bn == NULL || bn->internal == NULL) + return 0; + + return mp_unsigned_bin_size((mp_int*)bn->internal); } @@ -5412,7 +5415,10 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_num_bits"); - return -1; + if (bn == NULL || bn->internal == NULL) + return 0; + + return mp_count_bits((mp_int*)bn->internal); } @@ -5420,7 +5426,10 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_is_zero"); - return -1; + if (bn == NULL || bn->internal == NULL) + return 0; + + return mp_iszero((mp_int*)bn->internal); } @@ -5428,7 +5437,13 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_is_one"); - return -1; + if (bn == NULL || bn->internal == NULL) + return 0; + + if (mp_cmp_d((mp_int*)bn->internal, 1) == 0); + return 1; + + return 0; } @@ -5436,7 +5451,10 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_is_odd"); - return -1; + if (bn == NULL || bn->internal == NULL) + return 0; + + return mp_isodd((mp_int*)bn->internal); } @@ -5444,7 +5462,10 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_cmp"); - return -1; + if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL) + return 0; + + return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); } @@ -5452,7 +5473,17 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_MSG("CyaSSL_BN_bn2bin"); - return -1; + if (bn == NULL || bn->internal == NULL) { + CYASSL_MSG("NULL bn error"); + return -1; + } + + if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) { + CYASSL_MSG("mp_to_unsigned_bin error"); + return -1; + } + + return mp_unsigned_bin_size((mp_int*)bn->internal); } @@ -5508,9 +5539,28 @@ int CyaSSL_set_compression(CYASSL* ssl) CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn) { + CYASSL_BIGNUM* ret; + CYASSL_MSG("CyaSSL_BN_dup"); - return NULL; + if (bn == NULL || bn->internal == NULL) { + CYASSL_MSG("bn NULL error"); + return NULL; + } + + ret = CyaSSL_BN_new(); + if (ret == NULL) { + CYASSL_MSG("bn new error"); + return NULL; + } + + if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) { + CYASSL_MSG("mp_copy error"); + CyaSSL_BN_free(ret); + return NULL; + } + + return ret; } @@ -5624,10 +5674,13 @@ int CyaSSL_set_compression(CYASSL* ssl) rsa->e = NULL; rsa->d = NULL; rsa->p = NULL; + rsa->q = NULL; rsa->dmp1 = NULL; rsa->dmq1 = NULL; rsa->iqmp = NULL; rsa->internal = NULL; + rsa->inSet = 0; + rsa->exSet = 0; } } @@ -5671,17 +5724,135 @@ int CyaSSL_set_compression(CYASSL* ssl) XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); rsa->internal = NULL; } + CyaSSL_BN_free(rsa->iqmp); + CyaSSL_BN_free(rsa->dmq1); + CyaSSL_BN_free(rsa->dmp1); + CyaSSL_BN_free(rsa->q); + CyaSSL_BN_free(rsa->p); + CyaSSL_BN_free(rsa->d); + CyaSSL_BN_free(rsa->e); + CyaSSL_BN_free(rsa->n); + InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */ + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); } } + static int SetIndividualRsaExternal(CYASSL_BIGNUM** bn, mp_int* mpi) + { + CYASSL_MSG("Entering SetIndividualRsaExternal"); + + if (mpi == NULL) { + CYASSL_MSG("mpi NULL error"); + return -1; + } + + if (*bn == NULL) { + *bn = CyaSSL_BN_new(); + if (*bn == NULL) { + CYASSL_MSG("SetIndividualRsaExternal alloc failed"); + return -1; + } + } + + if (mp_copy(mpi, (*bn)->internal) != MP_OKAY) { + CYASSL_MSG("mp_copy error"); + return -1; + } + + return 0; + } + + + + static int SetRsaExternal(CYASSL_RSA* rsa) + { + RsaKey* key; + CYASSL_MSG("Entering SetRsaExternal"); + + if (rsa == NULL || rsa->internal == NULL) { + CYASSL_MSG("rsa key NULL error"); + return -1; + } + + key = (RsaKey*)rsa->internal; + + if (SetIndividualRsaExternal(&rsa->n, &key->n) < 0) { + CYASSL_MSG("rsa n key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->e, &key->e) < 0) { + CYASSL_MSG("rsa e key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->d, &key->d) < 0) { + CYASSL_MSG("rsa d key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->p, &key->p) < 0) { + CYASSL_MSG("rsa p key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->q, &key->q) < 0) { + CYASSL_MSG("rsa q key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->dmp1, &key->dP) < 0) { + CYASSL_MSG("rsa dP key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->dmq1, &key->dQ) < 0) { + CYASSL_MSG("rsa dQ key error"); + return -1; + } + + if (SetIndividualRsaExternal(&rsa->iqmp, &key->u) < 0) { + CYASSL_MSG("rsa u key error"); + return -1; + } + + return 0; + } + + int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn, void* cb) { + RNG rng; + CYASSL_MSG("CyaSSL_RSA_generate_key_ex"); + (void)cb; + (void)bn; + + if (InitRng(&rng) < 0) { + CYASSL_MSG("RNG init failed"); + return -1; + } + +#ifdef CYASSL_KEY_GEN + if (MakeRsaKey(rsa->internal, bits, 65537, &rng) < 0) { + CYASSL_MSG("MakeRsaKey failed"); + return -1; + } +#else + CYASSL_MSG("No Key Gen built in"); return -1; +#endif + + if (SetRsaExternal(rsa) < 0) { + CYASSL_MSG("SetRsaExternal failed"); + return -1; + } + + return 1; /* success */ } From 225fba5c8d8094e8c1a1a7442756dcab3f413fe4 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 2 May 2012 16:10:25 -0700 Subject: [PATCH 2/2] v2.1.2 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 58d76707d..0c8e2c370 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.1.1],[http://www.yassl.com]) +AC_INIT([cyassl],[2.1.2],[http://www.yassl.com]) AC_CONFIG_AUX_DIR(config)