From d880403207145b6d45001e71aedd8d2f8f7108a6 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 19 Oct 2021 17:18:10 +1000 Subject: [PATCH] SP int: handle even modulus with exponentiation Fix testing of mp_int to only call when implementation included. --- wolfcrypt/src/sp_int.c | 28 +++++++++++++++++----------- wolfcrypt/test/test.c | 27 +++++++++++++++++++-------- 2 files changed, 36 insertions(+), 19 deletions(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 5ce0660eb..37c3c3e93 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -8742,13 +8742,18 @@ int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r) } } #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY) - if ((!done) && (err == MP_OKAY) && (b->used == 1) && (b->dp[0] == 2)) { +#if defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_RSA_PUBLIC_ONLY) + if ((!done) && (err == MP_OKAY)) + err = sp_exptmod_nct(b, e, m, r); + } +#else +#if defined(WOLFSSL_SP_MATH_ALL) + if ((!done) && (err == MP_OKAY) && (b->used == 1) && (b->dp[0] == 2) && + mp_isodd(m)) { /* Use the generic base 2 implementation. */ err = _sp_exptmod_base_2(e, digits, m, r); } - else if ((!done) && (err == MP_OKAY) && (m->used > 1)) { + else if ((!done) && (err == MP_OKAY) && ((m->used > 1) && mp_isodd(m))) { #ifndef WC_NO_HARDEN err = _sp_exptmod_mont_ex(b, e, digits * SP_WORD_SIZE, m, r); #else @@ -8756,21 +8761,17 @@ int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r) #endif } else -#elif defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_RSA_PUBLIC_ONLY) - err = sp_exptmod_nct(b, e, m, r); -#endif -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) +#endif /* WOLFSSL_SP_MATH_ALL */ if ((!done) && (err == MP_OKAY)) { /* Otherwise use the generic implementation. */ err = _sp_exptmod_ex(b, e, digits * SP_WORD_SIZE, m, r); } -#endif +#endif /* WOLFSSL_RSA_VERIFY_ONLY || WOLFSSL_RSA_PUBLIC_ONLY */ #else if ((!done) && (err == MP_OKAY)) { err = MP_VAL; } -#endif +#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */ (void)mBits; (void)bBits; @@ -9202,6 +9203,11 @@ int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r) else if (m->used * 2 >= r->size) { err = MP_VAL; } +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + else if (mp_iseven(m)) { + err = _sp_exptmod_ex(b, e, e->used, m, r); + } +#endif else { err = _sp_exptmod_nct(b, e, m, r); } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ff14e02c8..2c1d104d6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -34041,8 +34041,10 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng) } #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */ -#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ - (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY))) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \ + (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY))) static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng) { int ret; @@ -34061,10 +34063,12 @@ static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng) return -12640; if (mp_radix_size(a, MP_RADIX_DEC, &size) != MP_OKAY) return -12641; - mp_toradix(a, str, MP_RADIX_DEC); + if (mp_toradix(a, str, MP_RADIX_DEC) != MP_OKAY) + return -12660; if ((int)XSTRLEN(str) != size - 1) return -12642; - mp_read_radix(r, str, MP_RADIX_DEC); + if (mp_read_radix(r, str, MP_RADIX_DEC) != MP_OKAY) + return -12661; if (mp_cmp(a, r) != MP_EQ) return -12643; } @@ -34493,7 +34497,8 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) if (ret != MP_VAL) return -12759; -#ifdef WOLFSSL_SP_MATH_ALL +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL); if (ret != MP_VAL) return -12760; @@ -35926,7 +35931,7 @@ static int mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng) } } -#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE) +#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE) /* Test negative value being moded. */ for (j = 0; j < 20; j++) { ret = randNum(a, 2, rng, NULL); @@ -36285,11 +36290,15 @@ static int mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng) mp_digit mp; static int exp[] = { 7, 8, 16, 27, 32, 64, 127, 128, 255, 256, +#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8 383, 384, 2033, 2048 +#endif }; static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b, 0x01, 0x9f, 0x13, 0xbd, +#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8 0x1f, 0x13d, 0x45, 0x615 +#endif }; int bits[] = { 256, 384, 2048, 3072 }; int i; @@ -36546,8 +36555,10 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if ((ret = mp_test_div_3(&a, &r1, &rng)) != 0) return ret; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ - (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY))) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \ + (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY))) if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0) return ret; #endif