From ffa2cdd2d18473ff0fdaee24b5e59908ccde3515 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 5 Aug 2020 16:28:17 -0500 Subject: [PATCH 01/11] add public function wc_curve25519() "compute the public key from an existing private key, using bare vectors."; rename existing _LOCAL functions wc_curve25519_GetBasePoint() and wc_curve25519() to nxp_ltc_curve25519_GetBasePoint() and nxp_ltc_curve25519() respectively; add const qualifiers opportunistically to existing _LOCAL function curve25519() --- wolfcrypt/src/curve25519.c | 41 +++++++++++++++++++++++--- wolfcrypt/src/fe_operations.c | 2 +- wolfcrypt/src/port/nxp/ksdk_port.c | 4 +-- wolfssl/wolfcrypt/curve25519.h | 3 ++ wolfssl/wolfcrypt/fe_operations.h | 2 +- wolfssl/wolfcrypt/port/nxp/ksdk_port.h | 4 +-- 6 files changed, 46 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 39e1216a0..8568a9894 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -51,12 +51,45 @@ const curve25519_set_type curve25519_sets[] = { } }; +/* compute the public key from an existing private key, using bare vectors. */ +int wc_curve25519(int public_size, byte* public, int private_size, const byte* private) { + int ret; + + if ((public_size != CURVE25519_KEYSIZE) || + (private_size != CURVE25519_KEYSIZE)) + return ECC_BAD_ARG_E; + if ((public == NULL) || (private == NULL)) + return ECC_BAD_ARG_E; + + /* check clamping */ + if ((private[0] & ~248) || + (private[CURVE25519_KEYSIZE-1] & 128)) + return ECC_BAD_ARG_E; + +#ifdef FREESCALE_LTC_ECC + { + const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); + ECPoint wc_pub; + ret = nxp_ltc_curve25519(&wc_pub, private, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ + if (ret == 0) + XMEMCPY(public, wc_pub.point, CURVE25519_KEY_SIZE); + } +#else + { + static const unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; + ret = curve25519(public, private, basepoint); + } +#endif + + return ret; +} + int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { #ifdef FREESCALE_LTC_ECC - const ECPoint* basepoint = wc_curve25519_GetBasePoint(); + const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); #else - unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; + static const unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; #endif int ret; @@ -83,7 +116,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) /* compute public key */ #ifdef FREESCALE_LTC_ECC - ret = wc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ + ret = nxp_ltc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ #else ret = curve25519(key->p.point, key->k.point, basepoint); #endif @@ -127,7 +160,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, return ECC_BAD_ARG_E; #ifdef FREESCALE_LTC_ECC - ret = wc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */); + ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */); #else ret = curve25519(o, private_key->k.point, public_key->p.point); #endif diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 1e1c92bf2..691b344e8 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -129,7 +129,7 @@ void fe_init(void) #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ !defined(FREESCALE_LTC_ECC) -int curve25519(byte* q, byte* n, byte* p) +int curve25519(byte* q, const byte* n, const byte* p) { #if 0 unsigned char e[32]; diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index a5cc737d7..fdbd95764 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -974,7 +974,7 @@ static const ECPoint ecBasePoint = { 0x1e, 0xe0, 0xb4, 0x86, 0xa0, 0xb8, 0xa1, 0x19, 0xae, 0x20}, }; -const ECPoint *wc_curve25519_GetBasePoint(void) +const ECPoint *nxp_ltc_curve25519_GetBasePoint(void) { return &ecBasePoint; } @@ -1122,7 +1122,7 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint) /* if type is set, the input point p is in Montgomery curve coordinates, so there is a map to Weierstrass curve */ /* q output point is always in Montgomery curve coordinates */ -int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) +int nxp_ltc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) { status_t status; ltc_pkha_ecc_point_t ltcPoint; diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 2b122e7a2..9ac83c539 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -86,6 +86,9 @@ enum { EC25519_BIG_ENDIAN=1 }; +WOLFSSL_API +int wc_curve25519(int public_size, byte* public, int private_size, const byte* private); + WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index 336da81c6..5e01eb83b 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context. #if !defined(FREESCALE_LTC_ECC) WOLFSSL_LOCAL void fe_init(void); -WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); +WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); #endif /* default to be faster but take more memory */ diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h index 749a3eeb5..9c52bedaf 100644 --- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -65,8 +65,8 @@ int ksdk_port_init(void); int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); #ifdef HAVE_CURVE25519 - int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); - const ECPoint *wc_curve25519_GetBasePoint(void); + int nxp_ltc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); From 18178e056d412085c180227703e30bb1e6357039 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 5 Aug 2020 21:12:50 -0500 Subject: [PATCH 02/11] add missing const qualifiers to arch variants of curve25519(), and to nxp_ltc_curve25519(). --- wolfcrypt/src/fe_low_mem.c | 2 +- wolfcrypt/src/fe_x25519_128.i | 2 +- wolfcrypt/src/port/arm/armv8-32-curve25519.c | 2 +- wolfcrypt/src/port/arm/armv8-curve25519.c | 2 +- wolfcrypt/src/port/nxp/ksdk_port.c | 2 +- wolfssl/wolfcrypt/port/nxp/ksdk_port.h | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 13c88cbb4..b42cdfdfd 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -141,7 +141,7 @@ static void xc_diffadd(byte *x5, byte *z5, } #ifndef FREESCALE_LTC_ECC -int curve25519(byte *result, byte *e, byte *q) +int curve25519(byte *result, const byte *e, const byte *q) { /* Current point: P_m */ byte xm[F25519_SIZE]; diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.i index 10e43d9cd..a20fcf79a 100644 --- a/wolfcrypt/src/fe_x25519_128.i +++ b/wolfcrypt/src/fe_x25519_128.i @@ -406,7 +406,7 @@ void fe_invert(fe r, const fe a) * n The scalar as an array of bytes. * a A field element as an array of bytes. */ -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { fe x1, x2, z2, x3, z3; fe t0, t1; diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.c b/wolfcrypt/src/port/arm/armv8-32-curve25519.c index 3cc843929..c2c73f3c3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.c @@ -2910,7 +2910,7 @@ void fe_invert(fe r, const fe a) ); } -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { __asm__ __volatile__ ( "sub sp, sp, #0xbc\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.c b/wolfcrypt/src/port/arm/armv8-curve25519.c index 97d30025f..a72ae8fbd 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-curve25519.c @@ -1007,7 +1007,7 @@ void fe_invert(fe r, const fe a) ); } -int curve25519(byte* r, byte* n, byte* a) +int curve25519(byte* r, const byte* n, const byte* a) { __asm__ __volatile__ ( "stp x29, x30, [sp, #-192]!\n\t" diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index fdbd95764..7b550f794 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -1122,7 +1122,7 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint) /* if type is set, the input point p is in Montgomery curve coordinates, so there is a map to Weierstrass curve */ /* q output point is always in Montgomery curve coordinates */ -int nxp_ltc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) +int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type) { status_t status; ltc_pkha_ecc_point_t ltcPoint; diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h index 9c52bedaf..f73579c2a 100644 --- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -65,7 +65,7 @@ int ksdk_port_init(void); int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); #ifdef HAVE_CURVE25519 - int nxp_ltc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); From 5cad0b10e593f23314abd7db3ad1b2fcc7c1e384 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 11:35:04 -0500 Subject: [PATCH 03/11] fix typo in wolfcrypt/src/port/nxp/ksdk_port.c ("curve_bCurveParam" vs correct curve25529_bCurveParam) introduced in aadec345ab894e9ca5304885964f36c64963661e. --- wolfcrypt/src/port/nxp/ksdk_port.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index 7b550f794..65fe69858 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -985,7 +985,7 @@ static const uint8_t curve25519_aCurveParam[CURVE25519_KEYSIZE] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2a}; -static const uint8_t curve_bCurveParam[CURVE25519_KEYSIZE] = { +static const uint8_t curve25529_bCurveParam[CURVE25519_KEYSIZE] = { 0x64, 0xc8, 0x10, 0x77, 0x9c, 0x5e, 0x0b, 0x26, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, From 7ae789dbb0e0f364645dbfd30941f5274e70af01 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 11:45:54 -0500 Subject: [PATCH 04/11] wolfcrypt/src/curve25519.c: fix typo in wc_curve25519() -- CURVE25519_KEYSIZE, not CURVE25519_KEY_SIZE; add static kCurve25519BasePoint at top level --- wolfcrypt/src/curve25519.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 8568a9894..6ed77ef93 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -51,13 +51,16 @@ const curve25519_set_type curve25519_sets[] = { } }; +static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9}; + /* compute the public key from an existing private key, using bare vectors. */ int wc_curve25519(int public_size, byte* public, int private_size, const byte* private) { int ret; if ((public_size != CURVE25519_KEYSIZE) || - (private_size != CURVE25519_KEYSIZE)) + (private_size != CURVE25519_KEYSIZE)) { return ECC_BAD_ARG_E; + } if ((public == NULL) || (private == NULL)) return ECC_BAD_ARG_E; @@ -72,13 +75,10 @@ int wc_curve25519(int public_size, byte* public, int private_size, const byte* p ECPoint wc_pub; ret = nxp_ltc_curve25519(&wc_pub, private, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ if (ret == 0) - XMEMCPY(public, wc_pub.point, CURVE25519_KEY_SIZE); + XMEMCPY(public, wc_pub.point, CURVE25519_KEYSIZE); } #else - { - static const unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; - ret = curve25519(public, private, basepoint); - } + ret = curve25519(public, private, kCurve25519BasePoint); #endif return ret; @@ -88,8 +88,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { #ifdef FREESCALE_LTC_ECC const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); -#else - static const unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; #endif int ret; @@ -118,7 +116,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) #ifdef FREESCALE_LTC_ECC ret = nxp_ltc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ #else - ret = curve25519(key->p.point, key->k.point, basepoint); + ret = curve25519(key->p.point, key->k.point, kCurve25519BasePoint); #endif if (ret != 0) { ForceZero(key->k.point, keysize); From b2e7c09b71872f703851287950b4ecc9249ad600 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 12:02:01 -0500 Subject: [PATCH 05/11] ksdk_port.c: third time's the charm? (typo, s/curve25529_bCurveParam/curve25519_bCurveParam) --- wolfcrypt/src/port/nxp/ksdk_port.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index 65fe69858..7036f51e8 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -985,7 +985,7 @@ static const uint8_t curve25519_aCurveParam[CURVE25519_KEYSIZE] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2a}; -static const uint8_t curve25529_bCurveParam[CURVE25519_KEYSIZE] = { +static const uint8_t curve25519_bCurveParam[CURVE25519_KEYSIZE] = { 0x64, 0xc8, 0x10, 0x77, 0x9c, 0x5e, 0x0b, 0x26, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, 0x97, 0xd0, 0x5e, 0x42, 0x7b, 0x09, 0xed, 0x25, 0xb4, From 52a2222c79d4fc96d5f65fb785ab64fb8f35f823 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 14:48:29 -0500 Subject: [PATCH 06/11] curve25519.c: call the new API routine wc_curve25519_make_pub(), not wc_curve25519(), for clarity and consistency (hat tip to Jacob). --- wolfcrypt/src/curve25519.c | 2 +- wolfssl/wolfcrypt/curve25519.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 6ed77ef93..968d60f94 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -54,7 +54,7 @@ const curve25519_set_type curve25519_sets[] = { static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9}; /* compute the public key from an existing private key, using bare vectors. */ -int wc_curve25519(int public_size, byte* public, int private_size, const byte* private) { +int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private) { int ret; if ((public_size != CURVE25519_KEYSIZE) || diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 9ac83c539..cd85de456 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -87,7 +87,7 @@ enum { }; WOLFSSL_API -int wc_curve25519(int public_size, byte* public, int private_size, const byte* private); +int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private); WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); From 758665e347961789ab3b6905a72f9952ef9ab854 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 17:49:55 -0500 Subject: [PATCH 07/11] Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske) --- src/internal.c | 2 ++ wolfcrypt/src/wc_pkcs11.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index e9a888bb1..2518621ae 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18999,6 +18999,8 @@ const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) { authStr = "SRP"; else if (XSTRNCMP(n1,"ECDSA",5) == 0) authStr = "ECDSA"; + else if (XSTRNCMP(n0,"ADH",3) == 0) + authStr = "None"; else authStr = "unknown"; diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index eb19558eb..f48e797c8 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -1061,8 +1061,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session, ret = WC_HW_E; if (ret == 0) { - modSz = tmpl[0].ulValueLen; - expSz = tmpl[1].ulValueLen; + modSz = (int)tmpl[0].ulValueLen; + expSz = (int)tmpl[1].ulValueLen; mod = (unsigned char*)XMALLOC(modSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (mod == NULL) @@ -1162,9 +1162,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info) ret = Pkcs11GetRsaPublicKey(key, session, pubKey); if (pubKey != NULL_PTR) - ret = session->func->C_DestroyObject(session->handle, pubKey); + ret = (int)session->func->C_DestroyObject(session->handle, pubKey); if (ret != 0 && privKey != NULL_PTR) - ret = session->func->C_DestroyObject(session->handle, privKey); + ret = (int)session->func->C_DestroyObject(session->handle, privKey); return ret; } From 0f59e632e1c1cb32951acf1b35e46dbbe06f527f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 17:52:48 -0500 Subject: [PATCH 08/11] tests/api.c: add test_wc_curve25519_make_pub(); fix some old stray tabs; remove weird extra string-terminating null in test_wolfSSL_sk_CIPHER_description(). --- tests/api.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 81 insertions(+), 12 deletions(-) diff --git a/tests/api.c b/tests/api.c index f9f9adc6f..f836ee194 100644 --- a/tests/api.c +++ b/tests/api.c @@ -690,11 +690,11 @@ static void test_for_double_Free(void) "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-" "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384"; #ifndef NO_RSA - testCertFile = svrCertFile; - testKeyFile = svrKeyFile; + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) - testCertFile = eccCertFile; - testKeyFile = eccKeyFile; + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; #else skipTest = 1; #endif @@ -16690,7 +16690,7 @@ static int test_wc_curve25519_export_key_raw_ex (void) pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey, - NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){ + NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-3."); fflush( stdout ); @@ -16755,7 +16755,7 @@ static int test_wc_curve25519_export_key_raw_ex (void) pubkSz = CURVE25519_KEYSIZE; if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, - NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ + NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){ printf(testingFmt,"failed at bad-arg-case-8."); fflush( stdout ); @@ -17099,6 +17099,74 @@ static int test_wc_curve25519_shared_secret_ex (void) #endif return ret; } /*END test_wc_curve25519_shared_secret_ex*/ +/* + * Testing wc_curve25519_make_pub + */ +static int test_wc_curve25519_make_pub (void) +{ + int ret = 0; +#if defined(HAVE_CURVE25519) + WC_RNG rng; + curve25519_key key; + byte out[CURVE25519_KEYSIZE]; + + printf(testingFmt, "wc_curve25519_make_pub()"); + + ret = wc_curve25519_init(&key); + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + } + /*test bad cases*/ + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point - 1, key.k.point, (int)sizeof out, out); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point, NULL, (int)sizeof out, out); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out - 1, out); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, NULL); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + } + if (ret == 0) { + /* verify clamping test */ + key.k.point[0] |= ~248; + ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + if (ret == ECC_BAD_ARG_E) { + ret = 0; + } + key.k.point[0] &= 248; + } + /* repeat the expected-to-succeed test. */ + if (ret == 0) { + ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + } + + printf(resultFmt, ret == 0 ? passed : failed); + wc_curve25519_free(&key); + wc_FreeRng(&rng); +#endif + return ret; +} /*END test_wc_curve25519_make_pub */ /* * Testing test_wc_curve25519_export_public_ex */ @@ -30385,8 +30453,8 @@ static void test_wolfSSL_sk_CIPHER_description(void) SSL_CTX *ctx = NULL; SSL *ssl = NULL; char buf[256]; - char test_str[9] = "0000000\0"; - const char badStr[] = "unknown\0"; + char test_str[9] = "0000000"; + const char badStr[] = "unknown"; const char certPath[] = "./certs/client-cert.pem"; XMEMSET(buf, 0, sizeof(buf)); @@ -35149,11 +35217,11 @@ static void test_wolfSSL_dtls_set_mtu(void) AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); #ifndef NO_RSA - testCertFile = svrCertFile; - testKeyFile = svrKeyFile; + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) - testCertFile = eccCertFile; - testKeyFile = eccKeyFile; + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, @@ -35974,6 +36042,7 @@ void ApiTest(void) AssertIntEQ(test_wc_curve25519_size (), 0); AssertIntEQ(test_wc_curve25519_make_key (), 0); AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0); + AssertIntEQ(test_wc_curve25519_make_pub (), 0); AssertIntEQ(test_wc_curve25519_export_public_ex (), 0); AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0); AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0); From c325001d0db5b3f444c0aefcbf45cdad28ecfc26 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 18:07:39 -0500 Subject: [PATCH 09/11] note argument endianness and return values in intro comment for wc_curve25519_make_pub(). --- wolfcrypt/src/curve25519.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 968d60f94..dc07147ae 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -53,7 +53,11 @@ const curve25519_set_type curve25519_sets[] = { static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9}; -/* compute the public key from an existing private key, using bare vectors. */ +/* compute the public key from an existing private key, using bare vectors. + * + * return value is propagated from curve25519() (0 on success), or ECC_BAD_ARG_E, + * and the byte vectors are little endian. + */ int wc_curve25519_make_pub(int public_size, byte* public, int private_size, const byte* private) { int ret; From f6acbd5f9794776a578f0ab030300a56e9a70204 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 6 Aug 2020 18:37:00 -0500 Subject: [PATCH 10/11] test_wc_curve25519_make_pub(): fix order of args to wc_curve25519_make_pub(). --- tests/api.c | 12 ++++++------ wolfcrypt/src/curve25519.c | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index f836ee194..ea27a99c0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17120,7 +17120,7 @@ static int test_wc_curve25519_make_pub (void) } } if (ret == 0) { - ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); } /*test bad cases*/ if (ret == 0) { @@ -17130,19 +17130,19 @@ static int test_wc_curve25519_make_pub (void) } } if (ret == 0) { - ret = wc_curve25519_make_pub((int)sizeof key.k.point, NULL, (int)sizeof out, out); + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, NULL); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { - ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out - 1, out); + ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof key.k.point, key.k.point); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { - ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, NULL); + ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof key.k.point, key.k.point); if (ret == ECC_BAD_ARG_E) { ret = 0; } @@ -17150,7 +17150,7 @@ static int test_wc_curve25519_make_pub (void) if (ret == 0) { /* verify clamping test */ key.k.point[0] |= ~248; - ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); if (ret == ECC_BAD_ARG_E) { ret = 0; } @@ -17158,7 +17158,7 @@ static int test_wc_curve25519_make_pub (void) } /* repeat the expected-to-succeed test. */ if (ret == 0) { - ret = wc_curve25519_make_pub((int)sizeof key.k.point, key.k.point, (int)sizeof out, out); + ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point); } printf(resultFmt, ret == 0 ? passed : failed); diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index dc07147ae..ffad7f9c1 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -70,8 +70,9 @@ int wc_curve25519_make_pub(int public_size, byte* public, int private_size, cons /* check clamping */ if ((private[0] & ~248) || - (private[CURVE25519_KEYSIZE-1] & 128)) + (private[CURVE25519_KEYSIZE-1] & 128)) { return ECC_BAD_ARG_E; + } #ifdef FREESCALE_LTC_ECC { From 0faff24a65d000c648da0eaf8062c90c35492e5c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 7 Aug 2020 13:02:35 -0500 Subject: [PATCH 11/11] refactor wc_curve25519_make_key() to use wc_curve25519_make_pub() to complete the pair. also, add call to fe_init() in the non-NXP codepath of wc_curve25519_make_pub() (note fe_init() is currently a no-op). --- wolfcrypt/src/curve25519.c | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index ffad7f9c1..bc8ee90af 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -83,6 +83,7 @@ int wc_curve25519_make_pub(int public_size, byte* public, int private_size, cons XMEMCPY(public, wc_pub.point, CURVE25519_KEYSIZE); } #else + fe_init(); ret = curve25519(public, private, kCurve25519BasePoint); #endif @@ -91,10 +92,7 @@ int wc_curve25519_make_pub(int public_size, byte* public, int private_size, cons int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { -#ifdef FREESCALE_LTC_ECC - const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); -#endif - int ret; + int ret; if (key == NULL || rng == NULL) return BAD_FUNC_ARG; @@ -103,10 +101,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) if (keysize != CURVE25519_KEYSIZE) return ECC_BAD_ARG_E; -#ifndef FREESCALE_LTC_ECC - fe_init(); -#endif - /* random number for private key */ ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize); if (ret != 0) @@ -117,19 +111,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */ key->k.point[CURVE25519_KEYSIZE-1] |= 64; - /* compute public key */ - #ifdef FREESCALE_LTC_ECC - ret = nxp_ltc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */ - #else - ret = curve25519(key->p.point, key->k.point, kCurve25519BasePoint); - #endif - if (ret != 0) { - ForceZero(key->k.point, keysize); - ForceZero(key->p.point, keysize); - return ret; - } - - return ret; + return wc_curve25519_make_pub((int)sizeof key->p.point, key->p.point, sizeof key->k.point, key->k.point); } #ifdef HAVE_CURVE25519_SHARED_SECRET