diff --git a/src/internal.c b/src/internal.c index c03b74479..70ffc818e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19014,6 +19014,8 @@ const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) { authStr = "SRP"; else if (XSTRNCMP(n1,"ECDSA",5) == 0) authStr = "ECDSA"; + else if (XSTRNCMP(n0,"ADH",3) == 0) + authStr = "None"; else authStr = "unknown"; diff --git a/tests/api.c b/tests/api.c index 2297a2996..3795aed27 100644 --- a/tests/api.c +++ b/tests/api.c @@ -688,11 +688,11 @@ static void test_for_double_Free(void) "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-" "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384"; #ifndef NO_RSA - testCertFile = svrCertFile; - testKeyFile = svrKeyFile; + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) - testCertFile = eccCertFile; - testKeyFile = eccKeyFile; + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; #else skipTest = 1; #endif @@ -16684,7 +16684,7 @@ static int test_wc_curve25519_export_key_raw_ex (void) pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey, - NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){ + NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-3."); fflush( stdout ); @@ -16749,7 +16749,7 @@ static int test_wc_curve25519_export_key_raw_ex (void) pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, - NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ + NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-8."); fflush( stdout ); @@ -17093,6 +17093,74 @@ static int test_wc_curve25519_shared_secret_ex (void) #endif return ret; } /*END test_wc_curve25519_shared_secret_ex*/ +/* + * Testing wc_curve25519_make_pub + */ +static int test_wc_curve25519_make_pub (void) +{ + int ret = 0; +#if defined(HAVE_CURVE25519) + WC_RNG rng; + curve25519_key key; + byte out[CURVE25519_KEYSIZE]; + + printf(testingFmt, "wc_curve25519_make_pub()"); + + ret = wc_curve25519_init(&key); + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); + } + /*test bad cases*/ + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point - 1, key.k.point, (int)sizeof out, out); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, NULL); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof key.k.point, key.k.point); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof key.k.point, key.k.point); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + /* verify clamping test */ + key.k.point[0] |= ~248; + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + key.k.point[0] &= 248; + } + /* repeat the expected-to-succeed test. */ + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); + } + + printf(resultFmt, ret == 0 ? passed : failed); + wc_curve25519_free(&key); + wc_FreeRng(&rng); +#endif + return ret; +} /*END test_wc_curve25519_make_pub */ /* * Testing test_wc_curve25519_export_public_ex */ @@ -31021,8 +31089,8 @@ static void test_wolfSSL_sk_CIPHER_description(void) SSL_CTX *ctx = NULL; SSL *ssl = NULL; char buf[256]; - char test_str[9] = "0000000\0"; - const char badStr[] = "unknown\0"; + char test_str[9] = "0000000"; + const char badStr[] = "unknown"; const char certPath[] = "./certs/client-cert.pem"; XMEMSET(buf, 0, sizeof(buf)); @@ -35785,11 +35853,11 @@ static void test_wolfSSL_dtls_set_mtu(void) AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); #ifndef NO_RSA - testCertFile = svrCertFile; - testKeyFile = svrKeyFile; + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) - testCertFile = eccCertFile; - testKeyFile = eccKeyFile; + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, @@ -36611,6 +36679,7 @@ void ApiTest(void) AssertIntEQ(test_wc_curve25519_size (), 0); AssertIntEQ(test_wc_curve25519_make_key (), 0); AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0); + AssertIntEQ(test_wc_curve25519_make_pub (), 0); AssertIntEQ(test_wc_curve25519_export_public_ex (), 0); AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0); AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0); diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 39e1216a0..bc8ee90af 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -51,14 +51,48 @@ const curve25519_set_type curve25519_sets[] = { } }; +static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9}; + +/* compute the public key from an existing private key, using bare vectors. + * + * return value is propagated from curve25519() (0 on success), or ECC_BAD_ARG_E, + * and the byte vectors are little endian. + */ +int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private) { + int ret; + + if ((public_size != CURVE25519_KEYSIZE) || + (private_size != CURVE25519_KEYSIZE)) { + return ECC_BAD_ARG_E; + } + if ((public == NULL) || (private == NULL)) + return ECC_BAD_ARG_E; + + /* check clamping */ + if ((private[0] & ~248) || + (private[CURVE25519_KEYSIZE-1] & 128)) { + return ECC_BAD_ARG_E; + } + +#ifdef FREESCALE_LTC_ECC + { + const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); + ECPoint wc_pub; + ret = nxp_ltc_curve25519(&wc_pub, private, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ + if (ret == 0) + XMEMCPY(public, wc_pub.point, CURVE25519_KEYSIZE); + } +#else + fe_init(); + ret = curve25519(public, private, kCurve25519BasePoint); +#endif + + return ret; +} + int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { -#ifdef FREESCALE_LTC_ECC - const ECPoint* basepoint = wc_curve25519_GetBasePoint(); -#else - unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; -#endif - int ret; + int ret; if (key == NULL || rng == NULL) return BAD_FUNC_ARG; @@ -67,10 +101,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) if (keysize != CURVE25519_KEYSIZE) return ECC_BAD_ARG_E; -#ifndef FREESCALE_LTC_ECC - fe_init(); -#endif - /* random number for private key */ ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize); if (ret != 0) @@ -81,19 +111,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */ key->k.point[CURVE25519_KEYSIZE-1] |= 64; - /* compute public key */ - #ifdef FREESCALE_LTC_ECC - ret = wc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ - #else - ret = curve25519(key->p.point, key->k.point, basepoint); - #endif - if (ret != 0) { - ForceZero(key->k.point, keysize); - ForceZero(key->p.point, keysize); - return ret; - } - - return ret; + return wc_curve25519_make_pub((int)sizeof key->p.point, key->p.point, sizeof key->k.point, key->k.point); } #ifdef HAVE_CURVE25519_SHARED_SECRET @@ -127,7 +145,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, return ECC_BAD_ARG_E; #ifdef FREESCALE_LTC_ECC - ret = wc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */); + ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */); #else ret = curve25519(o, private_key->k.point, public_key->p.point); #endif diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 13c88cbb4..b42cdfdfd 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -141,7 +141,7 @@ static void xc_diffadd(byte *x5, byte *z5, } #ifndef FREESCALE_LTC_ECC -int curve25519(byte *result, byte *e, byte *q) +int curve25519(byte *result, const byte *e, const byte *q) { /* Current point: P_m */ byte xm[F25519_SIZE]; diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 1e1c92bf2..691b344e8 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -129,7 +129,7 @@ void fe_init(void) #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ !defined(FREESCALE_LTC_ECC) -int curve25519(byte* q, byte* n, byte* p) +int curve25519(byte* q, const byte* n, const byte* p) { #if 0 unsigned char e[32]; diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.i index 10e43d9cd..a20fcf79a 100644 --- a/wolfcrypt/src/fe_x25519_128.i +++ b/wolfcrypt/src/fe_x25519_128.i @@ -406,7 +406,7 @@ void fe_invert(fe r, const fe a) * n The scalar as an array of bytes. * a A field element as an array of bytes. */ -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { fe x1, x2, z2, x3, z3; fe t0, t1; diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.c b/wolfcrypt/src/port/arm/armv8-32-curve25519.c index 3cc843929..c2c73f3c3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.c @@ -2910,7 +2910,7 @@ void fe_invert(fe r, const fe a) ); } -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { __asm__ __volatile__ ( "sub sp, sp, #0xbc\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.c b/wolfcrypt/src/port/arm/armv8-curve25519.c index 97d30025f..a72ae8fbd 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-curve25519.c @@ -1007,7 +1007,7 @@ void fe_invert(fe r, const fe a) ); } -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { __asm__ __volatile__ ( "stp x29, x30, [sp, #-192]!\n\t" diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index a5cc737d7..7036f51e8 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -974,7 +974,7 @@ static const ECPoint ecBasePoint = { 0x1e, 0xe0, 0xb4, 0x86, 0xa0, 0xb8, 0xa1, 0x19, 0xae, 0x20}, }; -const ECPoint *wc_curve25519_GetBasePoint(void) +const ECPoint *nxp_ltc_curve25519_GetBasePoint(void) { return &ecBasePoint; } @@ -985,7 +985,7 @@ static const uint8_t curve25519_aCurveParam[CURVE25519_KEYSIZE] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2a}; -static const uint8_t curve_bCurveParam[CURVE25519_KEYSIZE] = { +static const uint8_t curve25519_bCurveParam[CURVE25519_KEYSIZE] = { 0x64, 0xc8, 0x10, 0x77, 0x9c, 0x5e, 0x0b, 0x26, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, @@ -1122,7 +1122,7 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint) /* if type is set, the input point p is in Montgomery curve coordinates, so there is a map to Weierstrass curve */ /* q output point is always in Montgomery curve coordinates */ -int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) +int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) { status_t status; ltc_pkha_ecc_point_t ltcPoint; diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index eb19558eb..f48e797c8 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -1061,8 +1061,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session, ret = WC_HW_E; if (ret == 0) { - modSz = tmpl[0].ulValueLen; - expSz = tmpl[1].ulValueLen; + modSz = (int)tmpl[0].ulValueLen; + expSz = (int)tmpl[1].ulValueLen; mod = (unsigned char*)XMALLOC(modSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (mod == NULL) @@ -1162,9 +1162,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info) ret = Pkcs11GetRsaPublicKey(key, session, pubKey); if (pubKey != NULL_PTR) - ret = session->func->C_DestroyObject(session->handle, pubKey); + ret = (int)session->func->C_DestroyObject(session->handle, pubKey); if (ret != 0 && privKey != NULL_PTR) - ret = session->func->C_DestroyObject(session->handle, privKey); + ret = (int)session->func->C_DestroyObject(session->handle, privKey); return ret; } diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 2b122e7a2..cd85de456 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -86,6 +86,9 @@ enum { EC25519_BIG_ENDIAN=1 }; +WOLFSSL_API +int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private); + WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index 336da81c6..5e01eb83b 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context. #if !defined(FREESCALE_LTC_ECC) WOLFSSL_LOCAL void fe_init(void); -WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); +WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); #endif /* default to be faster but take more memory */ diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h index 749a3eeb5..f73579c2a 100644 --- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -65,8 +65,8 @@ int ksdk_port_init(void); int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); #ifdef HAVE_CURVE25519 - int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); - const ECPoint *wc_curve25519_GetBasePoint(void); + int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);