forked from wolfSSL/wolfssl
wolfcrypt smallstack refactors:
rsa.c: wc_CompareDiffPQ() dh.c: wc_DhGenerateParams() dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters() srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic() ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync() test.c: GenerateNextP() dh_generate_test() GenerateP()
This commit is contained in:
Daniel Pouzzner
@@ -2768,7 +2768,11 @@ int wc_DhCopyNamedKey(int name,
|
||||
/* modulus_size in bits */
|
||||
int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
{
|
||||
mp_int tmp, tmp2;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *tmp = NULL, *tmp2 = NULL;
|
||||
#else
|
||||
mp_int tmp[1], tmp2[2];
|
||||
#endif
|
||||
int groupSz = 0, bufSz = 0,
|
||||
primeCheckCount = 0,
|
||||
primeCheck = MP_NO,
|
||||
@@ -2812,20 +2816,28 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
if (ret == 0)
|
||||
ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (ret == 0) {
|
||||
if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) ||
|
||||
((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL))
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* force magnitude */
|
||||
buf[0] |= 0xC0;
|
||||
/* force even */
|
||||
buf[bufSz - 1] &= ~1;
|
||||
|
||||
if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
|
||||
if (mp_init_multi(tmp, tmp2, &dh->p, &dh->q, &dh->g, 0)
|
||||
!= MP_OKAY) {
|
||||
ret = MP_INIT_E;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
|
||||
if (mp_read_unsigned_bin(tmp2, buf, bufSz) != MP_OKAY)
|
||||
ret = MP_READ_E;
|
||||
}
|
||||
|
||||
@@ -2837,7 +2849,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
|
||||
/* p = random * q */
|
||||
if (ret == 0) {
|
||||
if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
|
||||
if (mp_mul(&dh->q, tmp2, &dh->p) != MP_OKAY)
|
||||
ret = MP_MUL_E;
|
||||
}
|
||||
|
||||
@@ -2849,7 +2861,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
|
||||
/* tmp = 2q */
|
||||
if (ret == 0) {
|
||||
if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
|
||||
if (mp_add(&dh->q, &dh->q, tmp) != MP_OKAY)
|
||||
ret = MP_ADD_E;
|
||||
}
|
||||
|
||||
@@ -2861,7 +2873,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
|
||||
if (primeCheck != MP_YES) {
|
||||
/* p += 2q */
|
||||
if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
|
||||
if (mp_add(tmp, &dh->p, &dh->p) != MP_OKAY)
|
||||
ret = MP_ADD_E;
|
||||
else
|
||||
primeCheckCount++;
|
||||
@@ -2873,7 +2885,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
* to have p = (q * tmp2) + 1 prime
|
||||
*/
|
||||
if ((ret == 0) && (primeCheckCount)) {
|
||||
if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
|
||||
if (mp_add_d(tmp2, 2 * primeCheckCount, tmp2) != MP_OKAY)
|
||||
ret = MP_ADD_E;
|
||||
}
|
||||
|
||||
@@ -2885,18 +2897,18 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
do {
|
||||
if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
|
||||
ret = MP_ADD_E;
|
||||
else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
|
||||
else if (mp_exptmod(&dh->g, tmp2, &dh->p, tmp) != MP_OKAY)
|
||||
ret = MP_EXPTMOD_E;
|
||||
} while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
|
||||
} while (ret == 0 && mp_cmp_d(tmp, 1) == MP_EQ);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* at this point tmp generates a group of order q mod p */
|
||||
#ifndef USE_FAST_MATH
|
||||
/* Exchanging is quick when the data pointer can be copied. */
|
||||
mp_exch(&tmp, &dh->g);
|
||||
mp_exch(tmp, &dh->g);
|
||||
#else
|
||||
mp_copy(&tmp, &dh->g);
|
||||
mp_copy(tmp, &dh->g);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -2913,8 +2925,20 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
}
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (tmp != NULL) {
|
||||
mp_clear(tmp);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
if (tmp2 != NULL) {
|
||||
mp_clear(tmp2);
|
||||
XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
#else
|
||||
mp_clear(tmp);
|
||||
mp_clear(tmp2);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -142,7 +142,11 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
{
|
||||
byte* cBuf;
|
||||
int qSz, pSz, cSz, err;
|
||||
mp_int tmpQ;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *tmpQ = NULL;
|
||||
#else
|
||||
mp_int tmpQ[1];
|
||||
#endif
|
||||
|
||||
if (rng == NULL || dsa == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -161,47 +165,40 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
if ((err = mp_init_multi(&dsa->x, &dsa->y, &tmpQ, NULL, NULL, NULL))
|
||||
!= MP_OKAY) {
|
||||
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return err;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)
|
||||
err = MEMORY_E;
|
||||
else
|
||||
err = MP_OKAY;
|
||||
|
||||
if (err == MP_OKAY)
|
||||
#endif
|
||||
err = mp_init_multi(&dsa->x, &dsa->y, tmpQ, NULL, NULL, NULL);
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
do {
|
||||
/* generate N+64 bits (c) from RBG into &dsa->x, making sure positive.
|
||||
* Hash_DRBG uses SHA-256 which matches maximum
|
||||
* requested_security_strength of (L,N) */
|
||||
err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
err = mp_read_unsigned_bin(&dsa->x, cBuf, cSz);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
} while (mp_cmp_d(&dsa->x, 1) != MP_GT);
|
||||
}
|
||||
|
||||
do {
|
||||
/* generate N+64 bits (c) from RBG into &dsa->x, making sure positive.
|
||||
* Hash_DRBG uses SHA-256 which matches maximum
|
||||
* requested_security_strength of (L,N) */
|
||||
err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->x);
|
||||
mp_clear(&dsa->y);
|
||||
mp_clear(&tmpQ);
|
||||
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return err;
|
||||
}
|
||||
|
||||
err = mp_read_unsigned_bin(&dsa->x, cBuf, cSz);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->x);
|
||||
mp_clear(&dsa->y);
|
||||
mp_clear(&tmpQ);
|
||||
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return err;
|
||||
}
|
||||
} while (mp_cmp_d(&dsa->x, 1) != MP_GT);
|
||||
|
||||
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
/* tmpQ = q - 1 */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(&dsa->q, &tmpQ);
|
||||
err = mp_copy(&dsa->q, tmpQ);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&tmpQ, 1, &tmpQ);
|
||||
err = mp_sub_d(tmpQ, 1, tmpQ);
|
||||
|
||||
/* x = c mod (q-1), &dsa->x holds c */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_mod(&dsa->x, &tmpQ, &dsa->x);
|
||||
err = mp_mod(&dsa->x, tmpQ, &dsa->x);
|
||||
|
||||
/* x = c mod (q-1) + 1 */
|
||||
if (err == MP_OKAY)
|
||||
@@ -218,7 +215,17 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
mp_clear(&dsa->x);
|
||||
mp_clear(&dsa->y);
|
||||
}
|
||||
mp_clear(&tmpQ);
|
||||
|
||||
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (tmpQ != NULL) {
|
||||
mp_clear(tmpQ);
|
||||
XFREE(tmpQ, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#else
|
||||
mp_clear(tmpQ);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
}
|
||||
@@ -227,7 +234,11 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
|
||||
/* modulus_size in bits */
|
||||
int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
|
||||
{
|
||||
mp_int tmp, tmp2;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *tmp = NULL, *tmp2 = NULL;
|
||||
#else
|
||||
mp_int tmp[1], tmp2[1];
|
||||
#endif
|
||||
int err, msize, qsize,
|
||||
loop_check_prime = 0,
|
||||
check_prime = MP_NO;
|
||||
@@ -278,158 +289,113 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
|
||||
/* force even */
|
||||
buf[msize - qsize - 1] &= ~1;
|
||||
|
||||
if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MP_INIT_E;
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) ||
|
||||
((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL))
|
||||
err = MEMORY_E;
|
||||
else
|
||||
err = MP_OKAY;
|
||||
|
||||
err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp2);
|
||||
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return err;
|
||||
}
|
||||
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (err == MP_OKAY)
|
||||
#endif
|
||||
err = mp_init_multi(tmp2, &dsa->p, &dsa->q, 0, 0, 0);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_unsigned_bin(tmp2, buf, msize - qsize);
|
||||
|
||||
/* make our prime q */
|
||||
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
|
||||
|
||||
/* p = random * q */
|
||||
err = mp_mul(&dsa->q, &tmp2, &dsa->p);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_mul(&dsa->q, tmp2, &dsa->p);
|
||||
|
||||
/* p = random * q + 1, so q is a prime divisor of p-1 */
|
||||
err = mp_add_d(&dsa->p, 1, &dsa->p);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_add_d(&dsa->p, 1, &dsa->p);
|
||||
|
||||
if (mp_init(&tmp) != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp2);
|
||||
return MP_INIT_E;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_init(tmp);
|
||||
|
||||
/* tmp = 2q */
|
||||
err = mp_add(&dsa->q, &dsa->q, &tmp);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_add(&dsa->q, &dsa->q, tmp);
|
||||
|
||||
/* loop until p is prime */
|
||||
while (check_prime == MP_NO) {
|
||||
err = mp_prime_is_prime_ex(&dsa->p, 8, &check_prime, rng);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
|
||||
if (check_prime != MP_YES) {
|
||||
/* p += 2q */
|
||||
err = mp_add(&tmp, &dsa->p, &dsa->p);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
if (err == MP_OKAY) {
|
||||
/* loop until p is prime */
|
||||
while (check_prime == MP_NO) {
|
||||
err = mp_prime_is_prime_ex(&dsa->p, 8, &check_prime, rng);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
if (check_prime != MP_YES) {
|
||||
/* p += 2q */
|
||||
err = mp_add(tmp, &dsa->p, &dsa->p);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
loop_check_prime++;
|
||||
}
|
||||
|
||||
loop_check_prime++;
|
||||
}
|
||||
}
|
||||
|
||||
/* tmp2 += (2*loop_check_prime)
|
||||
* to have p = (q * tmp2) + 1 prime
|
||||
*/
|
||||
if (loop_check_prime) {
|
||||
err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
if (err == MP_OKAY) {
|
||||
if (loop_check_prime)
|
||||
err = mp_add_d(tmp2, 2*loop_check_prime, tmp2);
|
||||
}
|
||||
|
||||
if (mp_init(&dsa->g) != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return MP_INIT_E;
|
||||
}
|
||||
if (err == MP_OKAY)
|
||||
err = mp_init(&dsa->g);
|
||||
|
||||
/* find a value g for which g^tmp2 != 1 */
|
||||
if (mp_set(&dsa->g, 1) != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return MP_INIT_E;
|
||||
if (err == MP_OKAY)
|
||||
err = mp_set(&dsa->g, 1);
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
do {
|
||||
err = mp_add_d(&dsa->g, 1, &dsa->g);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
err = mp_exptmod(&dsa->g, tmp2, &dsa->p, tmp);
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
} while (mp_cmp_d(tmp, 1) == MP_EQ);
|
||||
}
|
||||
|
||||
do {
|
||||
err = mp_add_d(&dsa->g, 1, &dsa->g);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&dsa->g);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
|
||||
err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&dsa->g);
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
return err;
|
||||
}
|
||||
|
||||
} while (mp_cmp_d(&tmp, 1) == MP_EQ);
|
||||
|
||||
/* at this point tmp generates a group of order q mod p */
|
||||
if (err == MP_OKAY) {
|
||||
#ifndef USE_FAST_MATH
|
||||
/* Exchanging is quick when the data pointer can be copied. */
|
||||
mp_exch(&tmp, &dsa->g);
|
||||
/* Exchanging is quick when the data pointer can be copied. */
|
||||
err = mp_exch(tmp, &dsa->g);
|
||||
#else
|
||||
mp_copy(&tmp, &dsa->g);
|
||||
err = mp_copy(tmp, &dsa->g);
|
||||
#endif
|
||||
}
|
||||
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
return MP_OKAY;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (tmp != NULL) {
|
||||
mp_clear(tmp);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
if (tmp2 != NULL) {
|
||||
mp_clear(tmp2);
|
||||
XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
#else
|
||||
mp_clear(tmp);
|
||||
mp_clear(tmp2);
|
||||
#endif
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(&dsa->q);
|
||||
mp_clear(&dsa->p);
|
||||
mp_clear(&dsa->g);
|
||||
}
|
||||
|
||||
return err;
|
||||
}
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
|
||||
@@ -3972,7 +3972,11 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
|
||||
#endif
|
||||
mp_int* k = &private_key->k;
|
||||
#ifdef HAVE_ECC_CDH
|
||||
mp_int k_lcl;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *k_lcl = NULL;
|
||||
#else
|
||||
mp_int k_lcl[1];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync");
|
||||
@@ -3983,15 +3987,19 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
|
||||
mp_digit cofactor = (mp_digit)private_key->dp->cofactor;
|
||||
/* only perform cofactor calc if not equal to 1 */
|
||||
if (cofactor != 1) {
|
||||
k = &k_lcl;
|
||||
if (mp_init(k) != MP_OKAY)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((k_lcl = (mp_int *)XMALLOC(sizeof(*k_lcl), private_key->heap, DYNAMIC_TYPE_ECC_BUFFER)) == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
k = k_lcl;
|
||||
if (mp_init(k) != MP_OKAY) {
|
||||
err = MEMORY_E;
|
||||
goto out;
|
||||
}
|
||||
/* multiply cofactor times private key "k" */
|
||||
err = mp_mul_d(&private_key->k, cofactor, k);
|
||||
if (err != MP_OKAY) {
|
||||
mp_clear(k);
|
||||
return err;
|
||||
}
|
||||
if (err != MP_OKAY)
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -4032,13 +4040,8 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
|
||||
result = &lcl_result;
|
||||
#endif
|
||||
err = wc_ecc_new_point_ex(&result, private_key->heap);
|
||||
if (err != MP_OKAY) {
|
||||
#ifdef HAVE_ECC_CDH
|
||||
if (k == &k_lcl)
|
||||
mp_clear(k);
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
if (err != MP_OKAY)
|
||||
goto out;
|
||||
|
||||
#ifdef ECC_TIMING_RESISTANT
|
||||
if (private_key->rng == NULL) {
|
||||
@@ -4081,10 +4084,17 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
|
||||
wc_ecc_del_point_ex(result, private_key->heap);
|
||||
}
|
||||
#endif
|
||||
|
||||
out:
|
||||
|
||||
#ifdef HAVE_ECC_CDH
|
||||
if (k == &k_lcl)
|
||||
if (k == k_lcl)
|
||||
mp_clear(k);
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (k_lcl != NULL)
|
||||
XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
WOLFSSL_LEAVE("wc_ecc_shared_secret_gen_sync", err);
|
||||
|
||||
@@ -10255,11 +10265,21 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
|
||||
{
|
||||
int err;
|
||||
unsigned x, y, bitlen, lut_gap;
|
||||
mp_int tmp;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *tmp = NULL;
|
||||
#else
|
||||
mp_int tmp[1];
|
||||
#endif
|
||||
int infinity;
|
||||
|
||||
if (mp_init(&tmp) != MP_OKAY)
|
||||
return GEN_MEM_ERR;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
err = mp_init(tmp);
|
||||
if (err != MP_OKAY)
|
||||
err = GEN_MEM_ERR;
|
||||
|
||||
/* sanity check to make sure lut_order table is of correct size,
|
||||
should compile out to a NOP if true */
|
||||
@@ -10348,20 +10368,20 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* now square it */
|
||||
err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp);
|
||||
err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, tmp);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* fix x */
|
||||
err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus,
|
||||
err = mp_mulmod(fp_cache[idx].LUT[x]->x, tmp, modulus,
|
||||
fp_cache[idx].LUT[x]->x);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* get 1/z^3 */
|
||||
err = mp_mulmod(&tmp, fp_cache[idx].LUT[x]->z, modulus, &tmp);
|
||||
err = mp_mulmod(tmp, fp_cache[idx].LUT[x]->z, modulus, tmp);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* fix y */
|
||||
err = mp_mulmod(fp_cache[idx].LUT[x]->y, &tmp, modulus,
|
||||
err = mp_mulmod(fp_cache[idx].LUT[x]->y, tmp, modulus,
|
||||
fp_cache[idx].LUT[x]->y);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
@@ -10369,7 +10389,10 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
|
||||
mp_clear(fp_cache[idx].LUT[x]->z);
|
||||
}
|
||||
|
||||
mp_clear(&tmp);
|
||||
mp_clear(tmp);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
fp_cache[idx].LUT_set = 1;
|
||||
@@ -10983,8 +11006,15 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
#if !defined(WOLFSSL_SP_MATH)
|
||||
int idx, err = MP_OKAY;
|
||||
mp_digit mp;
|
||||
mp_int mu;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *mu = NULL;
|
||||
#else
|
||||
mp_int mu[1];
|
||||
#endif
|
||||
int mpSetup = 0;
|
||||
#ifndef HAVE_THREAD_LS
|
||||
int got_ecc_fp_lock = 0;
|
||||
#endif
|
||||
|
||||
if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
@@ -10995,8 +11025,15 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
return ECC_OUT_OF_RANGE_E;
|
||||
}
|
||||
|
||||
if (mp_init(&mu) != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((mu = (mp_int *)XMALLOC(sizeof(*mu), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL)
|
||||
return MP_MEM;
|
||||
#endif
|
||||
|
||||
if (mp_init(mu) != MP_OKAY) {
|
||||
err = MP_INIT_E;
|
||||
goto out;
|
||||
}
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
|
||||
@@ -11004,8 +11041,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
initMutex = 1;
|
||||
}
|
||||
|
||||
if (wc_LockMutex(&ecc_fp_lock) != 0)
|
||||
return BAD_MUTEX_E;
|
||||
if (wc_LockMutex(&ecc_fp_lock) != 0) {
|
||||
err = BAD_MUTEX_E;
|
||||
goto out;
|
||||
}
|
||||
got_ecc_fp_lock = 1;
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
|
||||
/* find point */
|
||||
@@ -11034,12 +11074,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
if (err == MP_OKAY) {
|
||||
/* compute mu */
|
||||
mpSetup = 1;
|
||||
err = mp_montgomery_calc_normalization(&mu, modulus);
|
||||
err = mp_montgomery_calc_normalization(mu, modulus);
|
||||
}
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* build the LUT */
|
||||
err = build_lut(idx, a, modulus, mp, &mu);
|
||||
err = build_lut(idx, a, modulus, mp, mu);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11056,13 +11096,21 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
}
|
||||
|
||||
out:
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
wc_UnLockMutex(&ecc_fp_lock);
|
||||
if (got_ecc_fp_lock)
|
||||
wc_UnLockMutex(&ecc_fp_lock);
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
mp_clear(&mu);
|
||||
mp_clear(mu);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
#else
|
||||
|
||||
#else /* WOLFSSL_SP_MATH */
|
||||
|
||||
if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
@@ -11078,7 +11126,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
#endif
|
||||
return WC_KEY_SIZE_E;
|
||||
#endif
|
||||
#endif /* WOLFSSL_SP_MATH */
|
||||
}
|
||||
|
||||
/** ECC Fixed Point mulmod global
|
||||
@@ -11097,8 +11145,15 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
#if !defined(WOLFSSL_SP_MATH)
|
||||
int idx, err = MP_OKAY;
|
||||
mp_digit mp;
|
||||
mp_int mu;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *mu = NULL;
|
||||
#else
|
||||
mp_int mu[1];
|
||||
#endif
|
||||
int mpSetup = 0;
|
||||
#ifndef HAVE_THREAD_LS
|
||||
int got_ecc_fp_lock = 0;
|
||||
#endif
|
||||
|
||||
if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL ||
|
||||
order == NULL) {
|
||||
@@ -11110,8 +11165,15 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
return ECC_OUT_OF_RANGE_E;
|
||||
}
|
||||
|
||||
if (mp_init(&mu) != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((mu = (mp_int *)XMALLOC(sizeof(*mu), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL)
|
||||
return MP_MEM;
|
||||
#endif
|
||||
|
||||
if (mp_init(mu) != MP_OKAY) {
|
||||
err = MP_INIT_E;
|
||||
goto out;
|
||||
}
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
|
||||
@@ -11119,8 +11181,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
initMutex = 1;
|
||||
}
|
||||
|
||||
if (wc_LockMutex(&ecc_fp_lock) != 0)
|
||||
return BAD_MUTEX_E;
|
||||
if (wc_LockMutex(&ecc_fp_lock) != 0) {
|
||||
err = BAD_MUTEX_E;
|
||||
goto out;
|
||||
}
|
||||
got_ecc_fp_lock = 1;
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
|
||||
/* find point */
|
||||
@@ -11149,12 +11214,12 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
if (err == MP_OKAY) {
|
||||
/* compute mu */
|
||||
mpSetup = 1;
|
||||
err = mp_montgomery_calc_normalization(&mu, modulus);
|
||||
err = mp_montgomery_calc_normalization(mu, modulus);
|
||||
}
|
||||
|
||||
if (err == MP_OKAY)
|
||||
/* build the LUT */
|
||||
err = build_lut(idx, a, modulus, mp, &mu);
|
||||
err = build_lut(idx, a, modulus, mp, mu);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11171,13 +11236,21 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
}
|
||||
|
||||
out:
|
||||
|
||||
#ifndef HAVE_THREAD_LS
|
||||
wc_UnLockMutex(&ecc_fp_lock);
|
||||
if (got_ecc_fp_lock)
|
||||
wc_UnLockMutex(&ecc_fp_lock);
|
||||
#endif /* HAVE_THREAD_LS */
|
||||
mp_clear(&mu);
|
||||
mp_clear(mu);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
#else
|
||||
|
||||
#else /* WOLFSSL_SP_MATH */
|
||||
|
||||
(void)rng;
|
||||
|
||||
if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL ||
|
||||
@@ -11196,7 +11269,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
}
|
||||
#endif
|
||||
return WC_KEY_SIZE_E;
|
||||
#endif
|
||||
#endif /* WOLFSSL_SP_MATH */
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_SP_MATH)
|
||||
|
||||
@@ -537,15 +537,15 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
out:
|
||||
|
||||
if (Ai)
|
||||
if (Ai != NULL)
|
||||
XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (B)
|
||||
if (B != NULL)
|
||||
XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (B1)
|
||||
if (B1 != NULL)
|
||||
XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (i1)
|
||||
if (i1 != NULL)
|
||||
XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (res)
|
||||
if (res != NULL)
|
||||
XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
|
||||
@@ -3933,37 +3933,61 @@ int wc_RsaExportKey(RsaKey* key,
|
||||
/* Check that |p-q| > 2^((size/2)-100) */
|
||||
static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size)
|
||||
{
|
||||
mp_int c, d;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *c = NULL, *d = NULL;
|
||||
#else
|
||||
mp_int c[1], d[1];
|
||||
#endif
|
||||
int ret;
|
||||
|
||||
if (p == NULL || q == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ret = mp_init_multi(&c, &d, NULL, NULL, NULL, NULL);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (((c = (mp_int *)XMALLOC(sizeof(*c), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) ||
|
||||
((d = (mp_int *)XMALLOC(sizeof(*d), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL))
|
||||
ret = MEMORY_E;
|
||||
else
|
||||
ret = 0;
|
||||
|
||||
if (ret == 0)
|
||||
#endif
|
||||
ret = mp_init_multi(c, d, NULL, NULL, NULL, NULL);
|
||||
|
||||
/* c = 2^((size/2)-100) */
|
||||
if (ret == 0)
|
||||
ret = mp_2expt(&c, (size/2)-100);
|
||||
ret = mp_2expt(c, (size/2)-100);
|
||||
|
||||
/* d = |p-q| */
|
||||
if (ret == 0)
|
||||
ret = mp_sub(p, q, &d);
|
||||
ret = mp_sub(p, q, d);
|
||||
|
||||
#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
|
||||
defined(WOLFSSL_SP_INT_NEGATIVE))
|
||||
if (ret == 0)
|
||||
ret = mp_abs(&d, &d);
|
||||
ret = mp_abs(d, d);
|
||||
#endif
|
||||
|
||||
/* compare */
|
||||
if (ret == 0)
|
||||
ret = mp_cmp(&d, &c);
|
||||
ret = mp_cmp(d, c);
|
||||
|
||||
if (ret == MP_GT)
|
||||
ret = MP_OKAY;
|
||||
|
||||
mp_clear(&d);
|
||||
mp_clear(&c);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (d != NULL) {
|
||||
mp_clear(d);
|
||||
XFREE(d, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
if (c != NULL) {
|
||||
mp_clear(c);
|
||||
XFREE(c, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
#else
|
||||
mp_clear(d);
|
||||
mp_clear(c);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -4042,7 +4066,11 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
|
||||
int* isPrime, WC_RNG* rng)
|
||||
{
|
||||
int ret;
|
||||
mp_int tmp1, tmp2;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *tmp1 = NULL, *tmp2 = NULL;
|
||||
#else
|
||||
mp_int tmp1[1], tmp2[2];
|
||||
#endif
|
||||
mp_int* prime;
|
||||
|
||||
if (p == NULL || e == NULL || isPrime == NULL)
|
||||
@@ -4062,22 +4090,30 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
|
||||
else
|
||||
prime = p;
|
||||
|
||||
ret = mp_init_multi(&tmp1, &tmp2, NULL, NULL, NULL, NULL);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (((tmp1 = (mp_int *)XMALLOC(sizeof(*tmp1), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) ||
|
||||
((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) {
|
||||
ret = MEMORY_E;
|
||||
goto notOkay;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = mp_init_multi(tmp1, tmp2, NULL, NULL, NULL, NULL);
|
||||
if (ret != MP_OKAY) goto notOkay;
|
||||
|
||||
/* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1))
|
||||
* This is a comparison against lowerBound */
|
||||
ret = mp_read_unsigned_bin(&tmp1, lower_bound, nlen/16);
|
||||
ret = mp_read_unsigned_bin(tmp1, lower_bound, nlen/16);
|
||||
if (ret != MP_OKAY) goto notOkay;
|
||||
ret = mp_cmp(prime, &tmp1);
|
||||
ret = mp_cmp(prime, tmp1);
|
||||
if (ret == MP_LT) goto exit;
|
||||
|
||||
/* 4.5,5.6 - Check that GCD(p-1, e) == 1 */
|
||||
ret = mp_sub_d(prime, 1, &tmp1); /* tmp1 = prime-1 */
|
||||
ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */
|
||||
if (ret != MP_OKAY) goto notOkay;
|
||||
ret = mp_gcd(&tmp1, e, &tmp2); /* tmp2 = gcd(prime-1, e) */
|
||||
ret = mp_gcd(tmp1, e, tmp2); /* tmp2 = gcd(prime-1, e) */
|
||||
if (ret != MP_OKAY) goto notOkay;
|
||||
ret = mp_cmp_d(&tmp2, 1);
|
||||
ret = mp_cmp_d(tmp2, 1);
|
||||
if (ret != MP_EQ) goto exit; /* e divides p-1 */
|
||||
|
||||
/* 4.5.1,5.6.1 - Check primality of p with 8 rounds of M-R.
|
||||
@@ -4095,9 +4131,23 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
|
||||
|
||||
exit:
|
||||
ret = MP_OKAY;
|
||||
|
||||
notOkay:
|
||||
mp_clear(&tmp1);
|
||||
mp_clear(&tmp2);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (tmp1 != NULL) {
|
||||
mp_clear(tmp1);
|
||||
XFREE(tmp1, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
if (tmp2 != NULL) {
|
||||
mp_clear(tmp2);
|
||||
XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
}
|
||||
#else
|
||||
mp_clear(tmp1);
|
||||
mp_clear(tmp2);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4126,6 +4176,7 @@ int wc_CheckProbablePrime_ex(const byte* pRaw, word32 pRawSz,
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
if (((p = (mp_int *)XMALLOC(sizeof(*p), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL) ||
|
||||
((q = (mp_int *)XMALLOC(sizeof(*q), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL) ||
|
||||
((e = (mp_int *)XMALLOC(sizeof(*e), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL))
|
||||
@@ -4156,15 +4207,15 @@ int wc_CheckProbablePrime_ex(const byte* pRaw, word32 pRawSz,
|
||||
ret = (ret == MP_OKAY) ? 0 : PRIME_GEN_E;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (p) {
|
||||
if (p != NULL) {
|
||||
mp_clear(p);
|
||||
XFREE(p, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
}
|
||||
if (q) {
|
||||
if (q != NULL) {
|
||||
mp_clear(q);
|
||||
XFREE(q, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
}
|
||||
if (e) {
|
||||
if (e != NULL) {
|
||||
mp_clear(e);
|
||||
XFREE(e, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
}
|
||||
|
||||
@@ -472,7 +472,11 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
|
||||
|
||||
int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
|
||||
{
|
||||
mp_int v;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *v = NULL;
|
||||
#else
|
||||
mp_int v[1];
|
||||
#endif
|
||||
int r;
|
||||
|
||||
if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
|
||||
@@ -481,17 +485,24 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
|
||||
if (mp_iszero(&srp->auth) == MP_YES)
|
||||
return SRP_CALL_ORDER_E;
|
||||
|
||||
r = mp_init(&v);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((v = (mp_int *)XMALLOC(sizeof(*v), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
r = mp_init(v);
|
||||
if (r != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
|
||||
r = MP_INIT_E;
|
||||
/* v = g ^ x % N */
|
||||
r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
|
||||
if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
|
||||
if (!r) r = mp_to_unsigned_bin(&v, verifier);
|
||||
if (!r) *size = mp_unsigned_bin_size(&v);
|
||||
if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, v);
|
||||
if (!r) r = *size < (word32)mp_unsigned_bin_size(v) ? BUFFER_E : MP_OKAY;
|
||||
if (!r) r = mp_to_unsigned_bin(v, verifier);
|
||||
if (!r) *size = mp_unsigned_bin_size(v);
|
||||
|
||||
mp_clear(&v);
|
||||
mp_clear(v);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(v, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
@@ -506,7 +517,11 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
|
||||
|
||||
int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
|
||||
{
|
||||
mp_int p;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *p = NULL;
|
||||
#else
|
||||
mp_int p[1];
|
||||
#endif
|
||||
int r;
|
||||
|
||||
if (!srp || !priv || !size)
|
||||
@@ -515,14 +530,22 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
|
||||
if (mp_iszero(&srp->auth) == MP_YES)
|
||||
return SRP_CALL_ORDER_E;
|
||||
|
||||
r = mp_init(&p);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((p = (mp_int *)XMALLOC(sizeof(*p), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
r = mp_init(p);
|
||||
if (r != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
r = mp_read_unsigned_bin(&p, priv, size);
|
||||
if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
|
||||
r = MP_INIT_E;
|
||||
if (!r) r = mp_read_unsigned_bin(p, priv, size);
|
||||
if (!r) r = mp_mod(p, &srp->N, &srp->priv);
|
||||
if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0;
|
||||
|
||||
mp_clear(&p);
|
||||
mp_clear(p);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(p, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
@@ -542,7 +565,11 @@ static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size)
|
||||
|
||||
int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
|
||||
{
|
||||
mp_int pubkey;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *pubkey = NULL;
|
||||
#else
|
||||
mp_int pubkey[1];
|
||||
#endif
|
||||
word32 modulusSz;
|
||||
int r;
|
||||
|
||||
@@ -556,39 +583,66 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
|
||||
if (*size < modulusSz)
|
||||
return BUFFER_E;
|
||||
|
||||
r = mp_init(&pubkey);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((pubkey = (mp_int *)XMALLOC(sizeof(*pubkey), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
r = mp_init(pubkey);
|
||||
if (r != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
r = MP_INIT_E;
|
||||
|
||||
/* priv = random() */
|
||||
if (mp_iszero(&srp->priv) == MP_YES)
|
||||
r = wc_SrpGenPrivate(srp, pub, SRP_PRIVATE_KEY_MIN_BITS / 8);
|
||||
if (! r) r = wc_SrpGenPrivate(srp, pub, SRP_PRIVATE_KEY_MIN_BITS / 8);
|
||||
|
||||
/* client side: A = g ^ a % N */
|
||||
if (srp->side == SRP_CLIENT_SIDE) {
|
||||
if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
|
||||
if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey);
|
||||
|
||||
/* server side: B = (k * v + (g ^ b % N)) % N */
|
||||
} else {
|
||||
mp_int i, j;
|
||||
|
||||
if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
|
||||
if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
|
||||
if (!r) r = mp_iszero(&i) == MP_YES ? SRP_BAD_KEY_E : 0;
|
||||
if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
|
||||
if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
|
||||
if (!r) r = mp_add(&j, &pubkey, &i);
|
||||
if (!r) r = mp_mod(&i, &srp->N, &pubkey);
|
||||
|
||||
mp_clear(&i); mp_clear(&j);
|
||||
if (! r) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *i = NULL, *j = NULL;
|
||||
#else
|
||||
mp_int i[1], j[1];
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (((i = (mp_int *)XMALLOC(sizeof(*i), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
|
||||
((j = (mp_int *)XMALLOC(sizeof(*j), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL))
|
||||
r = MEMORY_E;
|
||||
#endif
|
||||
if (!r) r = mp_init_multi(i, j, 0, 0, 0, 0);
|
||||
if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type));
|
||||
if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0;
|
||||
if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey);
|
||||
if (!r) r = mp_mulmod(i, &srp->auth, &srp->N, j);
|
||||
if (!r) r = mp_add(j, pubkey, i);
|
||||
if (!r) r = mp_mod(i, &srp->N, pubkey);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (i != NULL) {
|
||||
mp_clear(i);
|
||||
XFREE(i, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
if (j != NULL) {
|
||||
mp_clear(j);
|
||||
XFREE(j, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#else
|
||||
mp_clear(i); mp_clear(j);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
/* extract public key to buffer */
|
||||
XMEMSET(pub, 0, modulusSz);
|
||||
if (!r) r = mp_to_unsigned_bin(&pubkey, pub);
|
||||
if (!r) *size = mp_unsigned_bin_size(&pubkey);
|
||||
mp_clear(&pubkey);
|
||||
if (!r) r = mp_to_unsigned_bin(pubkey, pub);
|
||||
if (!r) *size = mp_unsigned_bin_size(pubkey);
|
||||
|
||||
mp_clear(pubkey);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(pubkey, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -16165,7 +16165,7 @@ static int dh_generate_test(WC_RNG *rng)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DhKey *smallKey = (DhKey*)XMALLOC(sizeof(DhKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *smallKey = NULL;
|
||||
#else
|
||||
DhKey smallKey[1];
|
||||
#endif
|
||||
@@ -16183,16 +16183,17 @@ static int dh_generate_test(WC_RNG *rng)
|
||||
word32 privSz = sizeof(priv);
|
||||
word32 pubSz = sizeof(pub);
|
||||
#endif
|
||||
int smallKey_inited = 0;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (smallKey == NULL) {
|
||||
ERROR_OUT(-8010, exit_gen_test);
|
||||
}
|
||||
if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
return -8019;
|
||||
#endif
|
||||
|
||||
ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
|
||||
if (ret != 0)
|
||||
return -8010;
|
||||
ERROR_OUT(-8010, exit_gen_test);
|
||||
smallKey_inited = 1;
|
||||
|
||||
/* Parameter Validation testing. */
|
||||
ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
|
||||
@@ -16240,11 +16241,12 @@ static int dh_generate_test(WC_RNG *rng)
|
||||
#endif
|
||||
|
||||
exit_gen_test:
|
||||
wc_FreeDhKey(smallKey);
|
||||
if (smallKey_inited)
|
||||
wc_FreeDhKey(smallKey);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (smallKey != NULL) {
|
||||
if (smallKey != NULL)
|
||||
XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -37013,18 +37015,29 @@ static const unsigned char testOne[] = { 1 };
|
||||
static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
|
||||
{
|
||||
int ret;
|
||||
mp_int ki;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
ret = mp_init(&ki);
|
||||
if (ki == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
mp_int ki[1];
|
||||
#endif
|
||||
|
||||
ret = mp_init(ki);
|
||||
if (ret == 0)
|
||||
ret = mp_set(&ki, k);
|
||||
ret = mp_set(ki, k);
|
||||
if (ret == 0)
|
||||
ret = mp_sub_d(p1, 1, p2);
|
||||
if (ret == 0)
|
||||
ret = mp_mul(p2, &ki, p2);
|
||||
ret = mp_mul(p2, ki, p2);
|
||||
if (ret == 0)
|
||||
ret = mp_add_d(p2, 1, p2);
|
||||
mp_clear(&ki);
|
||||
mp_clear(ki);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -37034,39 +37047,62 @@ static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
|
||||
const pairs_t* ecPairs, int ecPairsSz,
|
||||
const int* k)
|
||||
{
|
||||
mp_int x,y;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *x = NULL, *y = NULL;
|
||||
#else
|
||||
mp_int x[1], y[1];
|
||||
#endif
|
||||
int ret, i;
|
||||
|
||||
ret = mp_init(&x);
|
||||
if (ret == 0) {
|
||||
ret = mp_init(&y);
|
||||
if (ret != 0) {
|
||||
mp_clear(&x);
|
||||
return MP_MEM;
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
|
||||
((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
|
||||
ret = MEMORY_E;
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
|
||||
if (ret != 0) {
|
||||
ret = MP_MEM;
|
||||
goto out;
|
||||
}
|
||||
for (i = 0; ret == 0 && i < ecPairsSz; i++) {
|
||||
ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz);
|
||||
ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz);
|
||||
/* p1 = 2^exp */
|
||||
if (ret == 0)
|
||||
ret = mp_2expt(&y, ecPairs[i].exp);
|
||||
ret = mp_2expt(y, ecPairs[i].exp);
|
||||
/* p1 = p1 * m */
|
||||
if (ret == 0)
|
||||
ret = mp_mul(&x, &y, &x);
|
||||
ret = mp_mul(x, y, x);
|
||||
/* p1 += */
|
||||
if (ret == 0)
|
||||
ret = mp_add(p1, &x, p1);
|
||||
mp_zero(&x);
|
||||
mp_zero(&y);
|
||||
ret = mp_add(p1, x, p1);
|
||||
mp_zero(x);
|
||||
mp_zero(y);
|
||||
}
|
||||
mp_clear(&x);
|
||||
mp_clear(&y);
|
||||
|
||||
if (ret == 0)
|
||||
ret = GenerateNextP(p1, p2, k[0]);
|
||||
if (ret == 0)
|
||||
ret = GenerateNextP(p1, p3, k[1]);
|
||||
|
||||
out:
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (x != NULL) {
|
||||
mp_clear(x);
|
||||
XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
if (y != NULL) {
|
||||
mp_clear(y);
|
||||
XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#else
|
||||
mp_clear(x);
|
||||
mp_clear(y);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user