feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3200 from douzzer/20200805

Browse Source 
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
This commit is contained in:
David Garske
2020-08-07 16:32:52 -07:00
committed by GitHub
parent 1724347f7a 0faff24a65
commit c0a664a8e5
13 changed files with 143 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@@ -19014,6 +19014,8 @@ const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) {
authStr = "SRP";
else if (XSTRNCMP(n1,"ECDSA",5) == 0)
authStr = "ECDSA";
else if (XSTRNCMP(n0,"ADH",3) == 0)
authStr = "None";
else
authStr = "unknown";

93
tests/api.c
View File

@@ -688,11 +688,11 @@ static void test_for_double_Free(void)
"HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
"8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
skipTest = 1;
#endif
@@ -16684,7 +16684,7 @@ static int test_wc_curve25519_export_key_raw_ex (void)
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-3.");
fflush( stdout );
@@ -16749,7 +16749,7 @@ static int test_wc_curve25519_export_key_raw_ex (void)
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-8.");
fflush( stdout );
@@ -17093,6 +17093,74 @@ static int test_wc_curve25519_shared_secret_ex (void)
#endif
return ret;
} /*END test_wc_curve25519_shared_secret_ex*/
/*
* Testing wc_curve25519_make_pub
*/
static int test_wc_curve25519_make_pub (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
printf(testingFmt, "wc_curve25519_make_pub()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof key.k.point - 1, key.k.point, (int)sizeof out, out);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, NULL);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof key.k.point, key.k.point);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof key.k.point, key.k.point);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
/* verify clamping test */
key.k.point[0] |= ~248;
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
key.k.point[0] &= 248;
}
/* repeat the expected-to-succeed test. */
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_make_pub */
/*
* Testing test_wc_curve25519_export_public_ex
*/
@@ -31021,8 +31089,8 @@ static void test_wolfSSL_sk_CIPHER_description(void)
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char buf[256];
char test_str[9] = "0000000\0";
const char badStr[] = "unknown\0";
char test_str[9] = "0000000";
const char badStr[] = "unknown";
const char certPath[] = "./certs/client-cert.pem";
XMEMSET(buf, 0, sizeof(buf));
@@ -35785,11 +35853,11 @@ static void test_wolfSSL_dtls_set_mtu(void)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
@@ -36611,6 +36679,7 @@ void ApiTest(void)
AssertIntEQ(test_wc_curve25519_size (), 0);
AssertIntEQ(test_wc_curve25519_make_key (), 0);
AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
AssertIntEQ(test_wc_curve25519_make_pub (), 0);
AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);

66
wolfcrypt/src/curve25519.c
View File

@@ -51,14 +51,48 @@ const curve25519_set_type curve25519_sets[] = {
}
};
static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9};
/* compute the public key from an existing private key, using bare vectors.
*
* return value is propagated from curve25519() (0 on success), or ECC_BAD_ARG_E,
* and the byte vectors are little endian.
*/
int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private) {
int ret;
if ((public_size != CURVE25519_KEYSIZE) ||
(private_size != CURVE25519_KEYSIZE)) {
return ECC_BAD_ARG_E;
}
if ((public == NULL) || (private == NULL))
return ECC_BAD_ARG_E;
/* check clamping */
if ((private[0] & ~248) ||
(private[CURVE25519_KEYSIZE-1] & 128)) {
return ECC_BAD_ARG_E;
}
#ifdef FREESCALE_LTC_ECC
{
const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint();
ECPoint wc_pub;
ret = nxp_ltc_curve25519(&wc_pub, private, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */
if (ret == 0)
XMEMCPY(public, wc_pub.point, CURVE25519_KEYSIZE);
}
#else
fe_init();
ret = curve25519(public, private, kCurve25519BasePoint);
#endif
return ret;
}
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
{
#ifdef FREESCALE_LTC_ECC
const ECPoint* basepoint = wc_curve25519_GetBasePoint();
#else
unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
#endif
int ret;
int ret;
if (key == NULL || rng == NULL)
return BAD_FUNC_ARG;
@@ -67,10 +101,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
if (keysize != CURVE25519_KEYSIZE)
return ECC_BAD_ARG_E;
#ifndef FREESCALE_LTC_ECC
fe_init();
#endif
/* random number for private key */
ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
if (ret != 0)
@@ -81,19 +111,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */
key->k.point[CURVE25519_KEYSIZE-1] |= 64;
/* compute public key */
#ifdef FREESCALE_LTC_ECC
ret = wc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */
#else
ret = curve25519(key->p.point, key->k.point, basepoint);
#endif
if (ret != 0) {
ForceZero(key->k.point, keysize);
ForceZero(key->p.point, keysize);
return ret;
}
return ret;
return wc_curve25519_make_pub((int)sizeof key->p.point, key->p.point, sizeof key->k.point, key->k.point);
}
#ifdef HAVE_CURVE25519_SHARED_SECRET
@@ -127,7 +145,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
return ECC_BAD_ARG_E;
#ifdef FREESCALE_LTC_ECC
ret = wc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */);
ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */);
#else
ret = curve25519(o, private_key->k.point, public_key->p.point);
#endif

2
wolfcrypt/src/fe_low_mem.c
View File

@@ -141,7 +141,7 @@ static void xc_diffadd(byte *x5, byte *z5,
}
#ifndef FREESCALE_LTC_ECC
int curve25519(byte *result, byte *e, byte *q)
int curve25519(byte *result, const byte *e, const byte *q)
{
/* Current point: P_m */
byte xm[F25519_SIZE];

2
wolfcrypt/src/fe_operations.c
View File

@@ -129,7 +129,7 @@ void fe_init(void)
#if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
!defined(FREESCALE_LTC_ECC)
int curve25519(byte* q, byte* n, byte* p)
int curve25519(byte* q, const byte* n, const byte* p)
{
#if 0
unsigned char e[32];

2
wolfcrypt/src/fe_x25519_128.i
View File

@@ -406,7 +406,7 @@ void fe_invert(fe r, const fe a)
* n The scalar as an array of bytes.
* a A field element as an array of bytes.
*/
int curve25519(byte* r, byte* n, byte* a)
int curve25519(byte* r, const byte* n, const byte* a)
{
fe x1, x2, z2, x3, z3;
fe t0, t1;

2
wolfcrypt/src/port/arm/armv8-32-curve25519.c
View File

@@ -2910,7 +2910,7 @@ void fe_invert(fe r, const fe a)
);
}
int curve25519(byte* r, byte* n, byte* a)
int curve25519(byte* r, const byte* n, const byte* a)
{
__asm__ __volatile__ (
"sub sp, sp, #0xbc\n\t"

2
wolfcrypt/src/port/arm/armv8-curve25519.c
View File

@@ -1007,7 +1007,7 @@ void fe_invert(fe r, const fe a)
);
}
int curve25519(byte* r, byte* n, byte* a)
int curve25519(byte* r, const byte* n, const byte* a)
{
__asm__ __volatile__ (
"stp x29, x30, [sp, #-192]!\n\t"

6
wolfcrypt/src/port/nxp/ksdk_port.c
View File

@@ -974,7 +974,7 @@ static const ECPoint ecBasePoint = {
0x1e, 0xe0, 0xb4, 0x86, 0xa0, 0xb8, 0xa1, 0x19, 0xae, 0x20},
};
const ECPoint *wc_curve25519_GetBasePoint(void)
const ECPoint *nxp_ltc_curve25519_GetBasePoint(void)
{
return &ecBasePoint;
}
@@ -985,7 +985,7 @@ static const uint8_t curve25519_aCurveParam[CURVE25519_KEYSIZE] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0x2a};
static const uint8_t curve_bCurveParam[CURVE25519_KEYSIZE] = {
static const uint8_t curve25519_bCurveParam[CURVE25519_KEYSIZE] = {
0x64, 0xc8, 0x10, 0x77, 0x9c, 0x5e, 0x0b, 0x26, 0xb4, 0x97, 0xd0,
0x5e, 0x42, 0x7b, 0x09, 0xed,
0x25, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4,
@@ -1122,7 +1122,7 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint)
/* if type is set, the input point p is in Montgomery curve coordinates,
so there is a map to Weierstrass curve */
/* q output point is always in Montgomery curve coordinates */
int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type)
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type)
{
status_t status;
ltc_pkha_ecc_point_t ltcPoint;

8
wolfcrypt/src/wc_pkcs11.c
View File

@@ -1061,8 +1061,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session,
ret = WC_HW_E;
if (ret == 0) {
modSz = tmpl[0].ulValueLen;
expSz = tmpl[1].ulValueLen;
modSz = (int)tmpl[0].ulValueLen;
expSz = (int)tmpl[1].ulValueLen;
mod = (unsigned char*)XMALLOC(modSz, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (mod == NULL)
@@ -1162,9 +1162,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
ret = Pkcs11GetRsaPublicKey(key, session, pubKey);
if (pubKey != NULL_PTR)
ret = session->func->C_DestroyObject(session->handle, pubKey);
ret = (int)session->func->C_DestroyObject(session->handle, pubKey);
if (ret != 0 && privKey != NULL_PTR)
ret = session->func->C_DestroyObject(session->handle, privKey);
ret = (int)session->func->C_DestroyObject(session->handle, privKey);
return ret;
}

3
wolfssl/wolfcrypt/curve25519.h
View File

@@ -86,6 +86,9 @@ enum {
EC25519_BIG_ENDIAN=1
};
WOLFSSL_API
int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private);
WOLFSSL_API
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);

2
wolfssl/wolfcrypt/fe_operations.h
View File

@@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context.
#if !defined(FREESCALE_LTC_ECC)
WOLFSSL_LOCAL void fe_init(void);
WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p);
WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p);
#endif
/* default to be faster but take more memory */

4
wolfssl/wolfcrypt/port/nxp/ksdk_port.h
View File

@@ -65,8 +65,8 @@ int ksdk_port_init(void);
int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
#ifdef HAVE_CURVE25519
int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
const ECPoint *wc_curve25519_GetBasePoint(void);
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);