diff --git a/configure.ac b/configure.ac index d9b17709c..9cc58e412 100644 --- a/configure.ac +++ b/configure.ac @@ -1088,7 +1088,8 @@ fi # for using memory optimization setting on both curve25519 and ed25519 -ENABLED_CURVED25519_SMALL=no +ENABLED_CURVE25519_SMALL=no +ENABLED_ED25519_SMALL=no # CURVE25519 AC_ARG_ENABLE([curve25519], @@ -1105,8 +1106,8 @@ fi if test "$ENABLED_CURVE25519" = "small" then - AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" - ENABLED_CURVED25519_SMALL=yes + AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL" + ENABLED_CURVE25519_SMALL=yes ENABLED_CURVE25519=yes fi @@ -1118,7 +1119,7 @@ fi AM_CONDITIONAL([BUILD_CURVE25519], [test "x$ENABLED_CURVE25519" = "xyes"]) - +AM_CONDITIONAL([BUILD_CURVE25519_SMALL], [test "x$ENABLED_CURVE25519_SMALL" = "xyes"]) # ED25519 AC_ARG_ENABLE([ed25519], @@ -1135,8 +1136,8 @@ fi if test "$ENABLED_ED25519" = "small" then - AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" - ENABLED_CURVED25519_SMALL=yes + AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL" + ENABLED_ED25519_SMALL=yes ENABLED_ED25519=yes fi @@ -1152,7 +1153,7 @@ then fi AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"]) -AM_CONDITIONAL([BUILD_CURVED25519_SMALL], [test "x$ENABLED_CURVED25519_SMALL" = "xyes"]) +AM_CONDITIONAL([BUILD_ED25519_SMALL], [test "x$ENABLED_ED25519_SMALL" = "xyes"]) AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"]) AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"]) diff --git a/examples/client/client.c b/examples/client/client.c index eab3d10ce..f958d6ab8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1559,7 +1559,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("DisableExtendedMasterSecret failed"); } #endif -#ifdef HAVE_CURVE25519 +#if defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES) if (useX25519) { if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519) != SSL_SUCCESS) { @@ -1570,7 +1570,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to support secp256r1"); } } -#endif +#endif /* HAVE_CURVE25519 && HAVE_SUPPORTED_CURVES */ if (benchmark) { ((func_args*)args)->return_code = diff --git a/src/include.am b/src/include.am index 22bb8edfe..1140dd0e8 100644 --- a/src/include.am +++ b/src/include.am @@ -228,7 +228,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/ed25519.c endif if BUILD_FEMATH -if BUILD_CURVED25519_SMALL +if BUILD_CURVE25519_SMALL src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_low_mem.c else src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c @@ -236,10 +236,16 @@ endif endif if BUILD_GEMATH -if BUILD_CURVED25519_SMALL +if BUILD_ED25519_SMALL src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_low_mem.c +if !BUILD_CURVE25519_SMALL +src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_low_mem.c +endif else src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_operations.c +if BUILD_CURVE25519_SMALL +src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c +endif endif endif diff --git a/src/internal.c b/src/internal.c index 7de85c1c0..ac4136494 100755 --- a/src/internal.c +++ b/src/internal.c @@ -3429,6 +3429,7 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) return ret; } +#endif /* HAVE_ECC */ #ifdef HAVE_ED25519 /* Sign the data using EdDSA and key using X25519. @@ -3640,7 +3641,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key, return ret; } #endif /* HAVE_CURVE25519 */ -#endif /* HAVE_ECC */ + #endif /* !NO_CERTS */ #if !defined(NO_CERTS) || !defined(NO_PSK) @@ -17906,7 +17907,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) } break; #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) case ecdhe_psk_kea: /* sanity check that PSK client callback has been set */ if (ssl->options.client_psk_cb == NULL) { @@ -17963,7 +17964,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey); break; - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: if (ssl->peerNtruKeyPresent == 0) { @@ -17971,10 +17972,12 @@ int SendClientKeyExchange(WOLFSSL* ssl) } break; #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { + #ifdef HAVE_ECC ecc_key* peerKey; + #endif #ifdef HAVE_PK_CALLBACKS /* if callback then use it for shared secret */ @@ -18007,8 +18010,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) ssl->peerX25519Key); break; } - else #endif + #ifdef HAVE_ECC if (ssl->specs.static_ecdh) { /* TODO: EccDsa is really fixed Ecc change naming */ if (!ssl->peerEccDsaKey || @@ -18037,10 +18040,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) } ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey); + #endif break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ default: ret = BAD_KEA_TYPE_E; @@ -18206,7 +18210,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) case ecdhe_psk_kea: { word32 esSz = 0; @@ -18291,7 +18295,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { ssl->arrays->preMasterSz = ENCRYPT_LEN; @@ -18316,6 +18320,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif + #ifdef HAVE_ECC #ifdef HAVE_PK_CALLBACKS /* if callback then use it for shared secret */ if (ssl->ctx->EccSharedSecretCb != NULL) { @@ -18329,9 +18334,10 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (ret != 0) { ERROR_OUT(ECC_EXPORT_ERROR, exit_scke); } + #endif /* HAVE_ECC */ break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ default: ret = BAD_KEA_TYPE_E; @@ -18400,7 +18406,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) case ecdhe_psk_kea: { #ifdef HAVE_CURVE25519 @@ -18434,7 +18440,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ); break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -18459,10 +18465,12 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { + #ifdef HAVE_ECC ecc_key* peerKey; + #endif #ifdef HAVE_CURVE25519 if (ssl->peerX25519KeyPresent) { @@ -18481,6 +18489,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif + #ifdef HAVE_ECC peerKey = (ssl->specs.static_ecdh) ? ssl->peerEccDsaKey : ssl->peerEccKey; @@ -18496,10 +18505,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) NULL #endif ); + #endif break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ default: ret = BAD_KEA_TYPE_E; @@ -19968,7 +19978,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case ecdhe_psk_kea: /* Fall through to create temp ECC key */ #endif /* HAVE_ECC && !NO_PSK */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { #ifdef HAVE_CURVE25519 @@ -19993,6 +20003,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif + #ifdef HAVE_ECC /* need ephemeral key now, create it if missing */ if (ssl->eccTempKey == NULL) { /* alloc/init on demand */ @@ -20011,9 +20022,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->eccTempKeyPresent = 1; } } + #endif break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ default: /* Skip ServerKeyExchange */ goto exit_sske; @@ -23079,9 +23091,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { + #ifdef HAVE_ECC ecc_key* private_key = ssl->eccTempKey; /* handle static private key */ @@ -23109,6 +23122,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } } + #endif /* import peer ECC key */ if ((args->idx - args->begin) + OPAQUE8_LEN > size) { @@ -23162,6 +23176,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif + #ifdef HAVE_ECC #ifdef HAVE_PK_CALLBACKS /* if callback then use it for shared secret */ if (ssl->ctx->EccSharedSecretCb != NULL) { @@ -23197,13 +23212,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } ssl->peerEccKeyPresent = 1; + #endif /* HAVE_ECC */ if (ret != 0) { goto exit_dcke; } break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifndef NO_DH case diffie_hellman_kea: { @@ -23290,7 +23306,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) case ecdhe_psk_kea: { word16 clientSz; @@ -23406,7 +23422,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->peerEccKeyPresent = 1; break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ default: ret = BAD_KEA_TYPE_E; } /* switch (ssl->specs.kea) */ @@ -23457,7 +23473,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { void* private_key = ssl->eccTempKey; @@ -23480,6 +23496,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif + #ifdef HAVE_ECC if (ssl->specs.static_ecdh) { private_key = ssl->hsKey; } @@ -23497,9 +23514,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, NULL #endif ); + #endif break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifndef NO_DH case diffie_hellman_kea: { @@ -23526,7 +23544,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) case ecdhe_psk_kea: { #ifdef HAVE_CURVE25519 @@ -23562,7 +23580,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ default: ret = BAD_KEA_TYPE_E; } /* switch (ssl->specs.kea) */ diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 6740cc536..ae6bef770 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -53,7 +53,7 @@ const curve25519_set_type curve25519_sets[] = { int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { -#ifdef FREESCALE_LTC_ECC +#ifdef FREESCALE_LTC_ECC const ECPoint* basepoint = wc_curve25519_GetBasePoint(); #else unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; @@ -117,7 +117,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, if (private_key == NULL || public_key == NULL || out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) return BAD_FUNC_ARG; - + /* avoid implementation fingerprinting */ if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F) return ECC_BAD_ARG_E; @@ -249,8 +249,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen, XMEMCPY(key->p.point, in, inLen); key->dp = &curve25519_sets[0]; - - + /* LTC needs also Y coordinate - let's compute it */ #ifdef FREESCALE_LTC_ECC ltc_pkha_ecc_point_t ltcPoint; @@ -424,7 +423,7 @@ int wc_curve25519_init(curve25519_key* key) /* currently the format for curve25519 */ key->dp = &curve25519_sets[0]; - XMEMSET(key->k.point, 0, key->dp->size); + XMEMSET(key->k.point, 0, key->dp->size); XMEMSET(key->p.point, 0, key->dp->size); #ifdef FREESCALE_LTC_ECC XMEMSET(key->k.pointY, 0, key->dp->size); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 22ced3d1b..c0181cad3 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -112,7 +112,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, #else ge_p3 R; #endif - byte nonce[SHA512_DIGEST_SIZE]; + byte nonce[SHA512_DIGEST_SIZE]; byte hram[SHA512_DIGEST_SIZE]; byte az[ED25519_PRV_KEY_SIZE]; Sha512 sha; @@ -193,7 +193,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, #else sc_reduce(hram); sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); -#endif +#endif return ret; } @@ -234,7 +234,7 @@ int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg, return BAD_FUNC_ARG; /* uncompress A (public key), test if valid, and negate it */ -#ifndef FREESCALE_LTC_ECC +#ifndef FREESCALE_LTC_ECC if (ge_frombytes_negate_vartime(&A, key->p) != 0) return BAD_FUNC_ARG; #endif diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 0f0f1be44..ba45282af 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -28,8 +28,8 @@ #include -#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ -#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) +#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) /* use slower code that takes less memory */ #include @@ -49,7 +49,7 @@ void fprime_copy(byte *x, const byte *a) } -void fe_copy(fe x, const fe a) +void lm_copy(byte* x, const byte* a) { int i; for (i = 0; i < F25519_SIZE; i++) @@ -57,6 +57,7 @@ void fe_copy(fe x, const fe a) } +#ifdef CURVE25519_SMALL /* Double an X-coordinate */ static void xc_double(byte *x3, byte *z3, const byte *x1, const byte *z1) @@ -77,12 +78,12 @@ static void xc_double(byte *x3, byte *z3, fe_mul__distinct(z1sq, z1, z1); fe_mul__distinct(x1z1, x1, z1); - fe_sub(a, x1sq, z1sq); + lm_sub(a, x1sq, z1sq); fe_mul__distinct(x3, a, a); fe_mul_c(a, x1z1, 486662); - fe_add(a, x1sq, a); - fe_add(a, z1sq, a); + lm_add(a, x1sq, a); + lm_add(a, z1sq, a); fe_mul__distinct(x1sq, x1z1, a); fe_mul_c(z3, x1sq, 4); } @@ -113,19 +114,19 @@ static void xc_diffadd(byte *x5, byte *z5, byte a[F25519_SIZE]; byte b[F25519_SIZE]; - fe_add(a, x2, z2); - fe_sub(b, x3, z3); /* D */ + lm_add(a, x2, z2); + lm_sub(b, x3, z3); /* D */ fe_mul__distinct(da, a, b); - fe_sub(b, x2, z2); - fe_add(a, x3, z3); /* C */ + lm_sub(b, x2, z2); + lm_add(a, x3, z3); /* C */ fe_mul__distinct(cb, a, b); - fe_add(a, da, cb); + lm_add(a, da, cb); fe_mul__distinct(b, a, a); fe_mul__distinct(x5, z1, b); - fe_sub(a, da, cb); + lm_sub(a, da, cb); fe_mul__distinct(b, a, a); fe_mul__distinct(z5, x1, b); } @@ -144,7 +145,7 @@ int curve25519(byte *result, byte *e, byte *q) int i; /* Note: bit 254 is assumed to be 1 */ - fe_copy(xm, q); + lm_copy(xm, q); for (i = 253; i >= 0; i--) { const int bit = (e[i >> 3] >> (i & 7)) & 1; @@ -175,6 +176,8 @@ int curve25519(byte *result, byte *e, byte *q) return 0; } #endif /* !FREESCALE_LTC_ECC */ +#endif /* CURVE25519_SMALL */ + static void raw_add(byte *x, const byte *p) { @@ -346,7 +349,7 @@ void fe_select(byte *dst, } -void fe_add(fe r, const fe a, const fe b) +void lm_add(byte* r, const byte* a, const byte* b) { word16 c = 0; int i; @@ -370,7 +373,7 @@ void fe_add(fe r, const fe a, const fe b) } -void fe_sub(fe r, const fe a, const fe b) +void lm_sub(byte* r, const byte* a, const byte* b) { word32 c = 0; int i; @@ -395,7 +398,7 @@ void fe_sub(fe r, const fe a, const fe b) } -void fe_neg(fe r, const fe a) +void lm_neg(byte* r, const byte* a) { word32 c = 0; int i; @@ -450,12 +453,12 @@ void fe_mul__distinct(byte *r, const byte *a, const byte *b) } -void fe_mul(fe r, const fe a, const fe b) +void lm_mul(byte *r, const byte* a, const byte *b) { byte tmp[F25519_SIZE]; fe_mul__distinct(tmp, a, b); - fe_copy(r, tmp); + lm_copy(r, tmp); } @@ -533,12 +536,12 @@ void fe_inv__distinct(byte *r, const byte *x) } -void fe_invert(fe r, const fe x) +void lm_invert(byte *r, const byte *x) { byte tmp[F25519_SIZE]; fe_inv__distinct(tmp, x); - fe_copy(r, tmp); + lm_copy(r, tmp); } @@ -588,12 +591,12 @@ void fe_sqrt(byte *r, const byte *a) fe_mul__distinct(y, v, v); fe_mul__distinct(i, x, y); fe_load(y, 1); - fe_sub(i, i, y); + lm_sub(i, i, y); /* r = avi */ fe_mul__distinct(x, v, a); fe_mul__distinct(r, x, i); } -#endif /* HAVE_CURVE25519 or HAVE_ED25519 */ -#endif /* CURVED25519_SMALL */ +#endif /* CURVE25519_SMALL || ED25519_SMALL */ +#endif /* HAVE_CURVE25519 || HAVE_ED25519 */ diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 285f6c0cf..f6d77faa6 100755 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -28,8 +28,8 @@ #include -#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ -#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) +#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */ #include #include @@ -44,6 +44,8 @@ #ifdef HAVE___UINT128_T #include "fe_x25519_128.i" #else + +#ifdef HAVE_CURVE25519 /* fe means field element. Here the field is \Z/(2^255-19). @@ -71,7 +73,7 @@ uint64_t load_4(const unsigned char *in) result |= ((uint64_t) in[3]) << 24; return result; } - +#endif /* h = 1 @@ -110,7 +112,8 @@ void fe_0(fe h) h[9] = 0; } -#ifndef FREESCALE_LTC_ECC +#if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ + !defined(FREESCALE_LTC_ECC) int curve25519(byte* q, byte* n, byte* p) { #if 0 @@ -186,7 +189,8 @@ int curve25519(byte* q, byte* n, byte* p) return 0; } -#endif /* !FREESCALE_LTC_ECC */ +#endif /* HAVE_CURVE25519 && !CURVE25519_SMALL && !FREESCALE_LTC_ECC */ + /* h = f * f @@ -569,6 +573,7 @@ void fe_sub(fe h,const fe f,const fe g) } +#ifdef HAVE_CURVE25519 /* Ignores top bit of h. */ @@ -619,6 +624,7 @@ void fe_frombytes(fe h,const unsigned char *s) h[8] = (int32_t)h8; h[9] = (int32_t)h9; } +#endif void fe_invert(fe out,const fe z) @@ -1411,6 +1417,6 @@ void fe_cmov(fe f, const fe g, int b) f[9] = f9 ^ x9; } #endif -#endif /* HAVE ED25519 or CURVE25519 */ -#endif /* not defined CURVED25519_SMALL */ +#endif /* !CURVE25519_SMALL || !ED25519_SMALL */ +#endif /* HAVE_CURVE25519 || HAVE_ED25519 */ diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.i index d7297a260..1b939a671 100644 --- a/wolfcrypt/src/fe_x25519_128.i +++ b/wolfcrypt/src/fe_x25519_128.i @@ -389,6 +389,7 @@ void fe_invert(fe r, const fe a) fe_sq(t1, t1); for (i = 1; i < 5; ++i) fe_sq(t1, t1); fe_mul( r, t1, t0); } +#ifndef CURVE25519_SMALL /* Scalar multiply the field element a by n using Montgomery Ladder and places * result in r. * @@ -447,6 +448,7 @@ int curve25519(byte* r, byte* n, byte* a) return 0; } +#endif /* !CURVE25519_SMALL */ /* The field element value 0 as an array of bytes. */ static const unsigned char zero[32] = {0}; diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c index 9b6b26206..e66ba1d9e 100644 --- a/wolfcrypt/src/ge_low_mem.c +++ b/wolfcrypt/src/ge_low_mem.c @@ -28,8 +28,8 @@ #include -#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ -#if defined(HAVE_ED25519) +#ifdef HAVE_ED25519 +#ifdef ED25519_SMALL /* use slower code that takes less memory */ #include #include @@ -77,10 +77,10 @@ int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, byte pt[32]; int i; - fe_copy(tmp, xIn); + lm_copy(tmp, xIn); parity = (tmp[0] & 1) << 7; - fe_copy(pt, yIn); + lm_copy(pt, yIn); pt[31] |= parity; for(i = 0; i < 32; i++) { @@ -301,13 +301,13 @@ void ed25519_add(ge_p3 *r, byte h[F25519_SIZE]; /* A = (Y1-X1)(Y2-X2) */ - fe_sub(c, p1->Y, p1->X); - fe_sub(d, p2->Y, p2->X); + lm_sub(c, p1->Y, p1->X); + lm_sub(d, p2->Y, p2->X); fe_mul__distinct(a, c, d); /* B = (Y1+X1)(Y2+X2) */ - fe_add(c, p1->Y, p1->X); - fe_add(d, p2->Y, p2->X); + lm_add(c, p1->Y, p1->X); + lm_add(d, p2->Y, p2->X); fe_mul__distinct(b, c, d); /* C = T1 k T2 */ @@ -316,19 +316,19 @@ void ed25519_add(ge_p3 *r, /* D = Z1 2 Z2 */ fe_mul__distinct(d, p1->Z, p2->Z); - fe_add(d, d, d); + lm_add(d, d, d); /* E = B - A */ - fe_sub(e, b, a); + lm_sub(e, b, a); /* F = D - C */ - fe_sub(f, d, c); + lm_sub(f, d, c); /* G = D + C */ - fe_add(g, d, c); + lm_add(g, d, c); /* H = B + A */ - fe_add(h, b, a); + lm_add(h, b, a); /* X3 = E F */ fe_mul__distinct(r->X, e, f); @@ -379,24 +379,24 @@ void ed25519_double(ge_p3 *r, const ge_p3 *p) /* C = 2 Z1^2 */ fe_mul__distinct(c, p->Z, p->Z); - fe_add(c, c, c); + lm_add(c, c, c); /* D = a A (alter sign) */ /* E = (X1+Y1)^2-A-B */ - fe_add(f, p->X, p->Y); + lm_add(f, p->X, p->Y); fe_mul__distinct(e, f, f); - fe_sub(e, e, a); - fe_sub(e, e, b); + lm_sub(e, e, a); + lm_sub(e, e, b); /* G = D + B */ - fe_sub(g, b, a); + lm_sub(g, b, a); /* F = G - C */ - fe_sub(f, g, c); + lm_sub(f, g, c); /* H = D - B */ - fe_neg(h, b); - fe_sub(h, h, a); + lm_neg(h, b); + lm_sub(h, h, a); /* X3 = E F */ fe_mul__distinct(r->X, e, f); @@ -457,7 +457,7 @@ void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) fe_normalize(y); parity = (x[0] & 1) << 7; - fe_copy(s, y); + lm_copy(s, y); fe_normalize(s); s[31] |= parity; } @@ -479,7 +479,7 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h) fe_normalize(y); parity = (x[0] & 1) << 7; - fe_copy(s, y); + lm_copy(s, y); fe_normalize(s); s[31] |= parity; } @@ -502,17 +502,17 @@ int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s) /* unpack the key s */ parity = s[31] >> 7; - fe_copy(y, s); + lm_copy(y, s); y[31] &= 127; fe_mul__distinct(c, y, y); fe_mul__distinct(b, c, ed25519_d); - fe_add(a, b, f25519_one); + lm_add(a, b, f25519_one); fe_inv__distinct(b, a); - fe_sub(a, c, f25519_one); + lm_sub(a, c, f25519_one); fe_mul__distinct(c, a, b); fe_sqrt(a, c); - fe_neg(b, a); + lm_neg(b, a); fe_select(x, a, b, (a[0] ^ parity) & 1); /* test that x^2 is equal to c */ @@ -522,14 +522,14 @@ int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s) ret |= ConstantCompare(a, c, F25519_SIZE); /* project the key s onto p */ - fe_copy(p->X, x); - fe_copy(p->Y, y); + lm_copy(p->X, x); + lm_copy(p->Y, y); fe_load(p->Z, 1); fe_mul__distinct(p->T, x, y); /* negate, the point becomes (-X,Y,Z,-T) */ - fe_neg(p->X,p->X); - fe_neg(p->T,p->T); + lm_neg(p->X,p->X); + lm_neg(p->T,p->T); return ret; } @@ -552,13 +552,12 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h, /* SB + -H(R,A,M)A */ ed25519_add(&A, &p, &A); - fe_copy(R->X, A.X); - fe_copy(R->Y, A.Y); - fe_copy(R->Z, A.Z); + lm_copy(R->X, A.X); + lm_copy(R->Y, A.Y); + lm_copy(R->Z, A.Z); return ret; } +#endif /* ED25519_SMALL */ #endif /* HAVE_ED25519 */ -#endif /* CURVED25519_SMALL */ - diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index bf9b2eee4..3da367027 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -29,8 +29,8 @@ #include -#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ #ifdef HAVE_ED25519 +#ifndef ED25519_SMALL /* run when not defined to use small memory math */ #include #include @@ -45,7 +45,7 @@ /* ge means group element. -Here the group is the set of pairs (x,y) of field elements (see fe.h) +Here the group is the set of pairs (x,y) of field elements (see ge_operations.h) satisfying -x^2 + y^2 = 1 + d x^2y^2 where d = -121665/121666. @@ -691,7 +691,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz) { - fe x,y,z; + ge x,y,z; ge_p3 g; byte bArray[ED25519_KEY_SIZE]; word32 i; @@ -721,7 +721,7 @@ r = p + q */ void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) { - fe t0; + ge t0; fe_add(r->X,p->Y,p->X); fe_sub(r->Y,p->Y,p->X); fe_mul(r->Z,r->X,q->YplusX); @@ -3720,12 +3720,12 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, } #ifdef HAVE___UINT128_T -static const fe d = { +static const ge d = { 0x34dca135978a3, 0x1a8283b156ebd, 0x5e7a26001c029, 0x739c663a03cbb, 0x52036cee2b6ff }; #else -static const fe d = { +static const ge d = { -10913610,13857413,-15372611,6949391,114729, -8787816,-6275908,-3247719,-18696448,-12055116 } ; @@ -3733,12 +3733,12 @@ static const fe d = { #ifdef HAVE___UINT128_T -static const fe sqrtm1 = { +static const ge sqrtm1 = { 0x61b274a0ea0b0, 0x0d5a5fc8f189d, 0x7ef5e9cbd0c60, 0x78595a6804c9e, 0x2b8324804fc1d }; #else -static const fe sqrtm1 = { +static const ge sqrtm1 = { -32595792,-7943725,9377950,3500415,12389472, -272473,-25146209,-2005654,326686,11406482 } ; @@ -3747,11 +3747,11 @@ static const fe sqrtm1 = { int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s) { - fe u; - fe v; - fe v3; - fe vxx; - fe check; + ge u; + ge v; + ge v3; + ge vxx; + ge check; fe_frombytes(h->Y,s); fe_1(h->Z); @@ -3795,7 +3795,7 @@ r = p + q void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q) { - fe t0; + ge t0; fe_add(r->X,p->Y,p->X); fe_sub(r->Y,p->Y,p->X); fe_mul(r->Z,r->X,q->yplusx); @@ -3817,7 +3817,7 @@ r = p - q void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q) { - fe t0; + ge t0; fe_add(r->X,p->Y,p->X); fe_sub(r->Y,p->Y,p->X); fe_mul(r->Z,r->X,q->yminusx); @@ -3877,7 +3877,7 @@ r = 2 * p void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p) { - fe t0; + ge t0; fe_sq(r->X,p->X); fe_sq(r->Z,p->Y); fe_sq2(r->T,p->Z); @@ -3922,12 +3922,12 @@ r = p */ #ifdef HAVE___UINT128_T -static const fe d2 = { +static const ge d2 = { 0x69b9426b2f159, 0x35050762add7a, 0x3cf44c0038052, 0x6738cc7407977, 0x2406d9dc56dff }; #else -static const fe d2 = { +static const ge d2 = { -21827239,-5839606,-30745221,13898782,229458, 15978800,-12551817,-6495438,29715968,9444199 } ; @@ -3959,9 +3959,9 @@ extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p) /* ge p3 tobytes */ void ge_p3_tobytes(unsigned char *s,const ge_p3 *h) { - fe recip; - fe x; - fe y; + ge recip; + ge x; + ge y; fe_invert(recip,h->Z); fe_mul(x,h->X,recip); @@ -3987,7 +3987,7 @@ r = p - q void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) { - fe t0; + ge t0; fe_add(r->X,p->Y,p->X); fe_sub(r->Y,p->Y,p->X); fe_mul(r->Z,r->X,q->YminusX); @@ -4005,9 +4005,9 @@ void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) /* ge tobytes */ void ge_tobytes(unsigned char *s,const ge_p2 *h) { - fe recip; - fe x; - fe y; + ge recip; + ge x; + ge y; fe_invert(recip,h->Z); fe_mul(x,h->X,recip); @@ -4015,6 +4015,6 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h) fe_tobytes(s,y); s[31] ^= fe_isnegative(x) << 7; } -#endif /* HAVE_ED25519 */ -#endif /* not defined CURVED25519_SMALL */ +#endif /* !ED25519_SMALL */ +#endif /* HAVE_ED25519 */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c35b7b2e7..5b1708063 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1680,7 +1680,7 @@ struct WOLFSSL_CERT_MANAGER { #ifndef NO_RSA short minRsaKeySz; /* minimum allowed RSA key size */ #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) short minEccKeySz; /* minimum allowed ECC key size */ #endif }; @@ -2196,7 +2196,7 @@ struct WOLFSSL_CTX { #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) short minEccKeySz; /* minimum ECC key size */ #endif #ifdef OPENSSL_EXTRA @@ -2214,9 +2214,11 @@ struct WOLFSSL_CTX { #endif /* WOLFSSL_DTLS */ VerifyCallback verifyCallback; /* cert verification callback */ word32 timeout; /* session timeout */ +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + word32 ecdhCurveOID; /* curve Ecc_Sum */ +#endif #ifdef HAVE_ECC word16 eccTempKeySz; /* in octets 20 - 66 */ - word32 ecdhCurveOID; /* curve Ecc_Sum */ word32 pkCurveOID; /* curve Ecc_Sum */ #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -2803,7 +2805,7 @@ typedef struct Options { #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) short minEccKeySz; /* minimum ECC key size */ #endif @@ -3178,17 +3180,22 @@ struct WOLFSSL { byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; byte peerNtruKeyPresent; #endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + int eccVerifyRes; +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + word32 ecdhCurveOID; /* curve Ecc_Sum */ + ecc_key* eccTempKey; /* private ECDHE key */ + byte eccTempKeyPresent; + byte peerEccKeyPresent; +#endif #ifdef HAVE_ECC ecc_key* peerEccKey; /* peer's ECDHE key */ ecc_key* peerEccDsaKey; /* peer's ECDSA key */ - ecc_key* eccTempKey; /* private ECDHE key */ - int eccVerifyRes; word32 pkCurveOID; /* curve Ecc_Sum */ - word32 ecdhCurveOID; /* curve Ecc_Sum */ word16 eccTempKeySz; /* in octets 20 - 66 */ - byte peerEccKeyPresent; byte peerEccDsaKeyPresent; - byte eccTempKeyPresent; +#endif #ifdef HAVE_ED25519 ed25519_key* peerEd25519Key; byte peerEd25519KeyPresent; @@ -3197,7 +3204,6 @@ struct WOLFSSL { curve25519_key* peerX25519Key; byte peerX25519KeyPresent; #endif -#endif #ifdef HAVE_LIBZ z_stream c_stream; /* compression stream */ z_stream d_stream; /* decompression stream */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1b732fa55..7af6ea5ad 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -431,7 +431,7 @@ struct SignatureCtx { byte* out; byte* plain; #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) int verify; #endif union { @@ -565,7 +565,7 @@ struct DecodedCert { byte* extSubjKeyIdSrc; word32 extSubjKeyIdSz; #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) word32 pkCurveOID; /* Public Key's curve OID */ #endif /* HAVE_ECC */ byte* beforeDate; diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index 5bbe1b299..0cb616e4e 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -27,9 +27,10 @@ #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) -#ifndef CURVED25519_SMALL +#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) #include #endif + #include /* @@ -40,18 +41,31 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -#ifdef CURVED25519_SMALL - #define F25519_SIZE 32 - typedef byte fe[32]; -#elif defined(HAVE___UINT128_T) +#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) + #define F25519_SIZE 32 + + WOLFSSL_LOCAL void lm_copy(byte*, const byte*); + WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*); + WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*); + WOLFSSL_LOCAL void lm_neg(byte*,const byte*); + WOLFSSL_LOCAL void lm_invert(byte*, const byte*); + WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*); +#endif + + +#if !defined(FREESCALE_LTC_ECC) +WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); +#endif + +/* default to be faster but take more memory */ +#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) + +#if defined(HAVE___UINT128_T) typedef int64_t fe[5]; #else typedef int32_t fe[10]; #endif -#if! defined FREESCALE_LTC_ECC -WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); -#endif WOLFSSL_LOCAL void fe_copy(fe, const fe); WOLFSSL_LOCAL void fe_add(fe, const fe, const fe); WOLFSSL_LOCAL void fe_neg(fe,const fe); @@ -59,8 +73,6 @@ WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe); WOLFSSL_LOCAL void fe_invert(fe, const fe); WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe); -/* default to be faster but take more memory */ -#ifndef CURVED25519_SMALL /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10 work. */ @@ -78,14 +90,17 @@ WOLFSSL_LOCAL void fe_mul121666(fe,fe); WOLFSSL_LOCAL void fe_cmov(fe,const fe, int); WOLFSSL_LOCAL void fe_pow22523(fe,const fe); +#if defined(HAVE___UINT128_T) /* 64 type needed for SHA512 */ WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in); WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in); -#endif /* not defined CURVED25519_SMALL */ +#endif + +#endif /* !CURVE25519_SMALL || !ED25519_SMALL */ /* Use less memory and only 32bit types or less, but is slower Based on Daniel Beer's public domain work. */ -#ifdef CURVED25519_SMALL +#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) static const byte c25519_base_x[F25519_SIZE] = {9}; static const byte f25519_zero[F25519_SIZE] = {0}; static const byte f25519_one[F25519_SIZE] = {1}; @@ -131,7 +146,8 @@ WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus); WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b, const byte *modulus); WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a); -#endif /* CURVED25519_SMALL */ -#endif /* HAVE_CURVE25519 or HAVE_ED25519 */ -#endif /* WOLF_CRYPT_FE_OPERATIONS_H */ +#endif /* CURVE25519_SMALL || ED25519_SMALL */ +#endif /* HAVE_CURVE25519 || HAVE_ED25519 */ + +#endif /* WOLF_CRYPT_FE_OPERATIONS_H */ diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h index c079b36b8..b4f189960 100644 --- a/wolfssl/wolfcrypt/ge_operations.h +++ b/wolfssl/wolfcrypt/ge_operations.h @@ -29,9 +29,6 @@ #ifdef HAVE_ED25519 -#ifndef CURVED25519_SMALL - #include -#endif #include /* @@ -48,20 +45,28 @@ Representations: ge_precomp (Duif): (y+x,y-x,2dxy) */ +#ifdef ED25519_SMALL + typedef byte ge[F25519_SIZE]; +#elif defined(HAVE___UINT128_T) + typedef int64_t ge[5]; +#else + typedef int32_t ge[10]; +#endif typedef struct { - fe X; - fe Y; - fe Z; + ge X; + ge Y; + ge Z; } ge_p2; typedef struct { - fe X; - fe Y; - fe Z; - fe T; + ge X; + ge Y; + ge Z; + ge T; } ge_p3; + WOLFSSL_LOCAL int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz); WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); @@ -75,25 +80,26 @@ WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b, WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *); WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *); -#ifndef CURVED25519_SMALL + +#ifndef ED25519_SMALL typedef struct { - fe X; - fe Y; - fe Z; - fe T; + ge X; + ge Y; + ge Z; + ge T; } ge_p1p1; typedef struct { - fe yplusx; - fe yminusx; - fe xy2d; + ge yplusx; + ge yminusx; + ge xy2d; } ge_precomp; typedef struct { - fe YplusX; - fe YminusX; - fe Z; - fe T2d; + ge YplusX; + ge YminusX; + ge Z; + ge T2d; } ge_cached; WOLFSSL_LOCAL void ge_p2_0(ge_p2 *); @@ -110,7 +116,9 @@ WOLFSSL_LOCAL void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *); WOLFSSL_LOCAL void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *); WOLFSSL_LOCAL void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *); WOLFSSL_LOCAL void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *); -#endif /* no CURVED25519_SMALL */ -#endif /* HAVE_ED25519 */ -#endif /* WOLF_CRYPT_GE_OPERATIONS_H */ +#endif /* !ED25519_SMALL */ + +#endif /* HAVE_ED25519 */ + +#endif /* WOLF_CRYPT_GE_OPERATIONS_H */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5531462d5..8829fbdcc 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1574,6 +1574,12 @@ extern void uITRON4_free(void *p) ; #define SSL_CTRL_SET_TLSEXT_HOSTNAME #endif +/* both CURVE and ED small math should be enabled */ +#ifdef CURVED25519_SMALL + #define CURVE25519_SMALL + #define ED25519_SMALL +#endif + #ifdef __cplusplus } /* extern "C" */ #endif