From 231ebeea0eb9ddbdfcd0c69fdec432a5c364401f Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 6 Nov 2017 09:16:37 -0800 Subject: [PATCH] Add unit test for BN_bn2hex. Cleanup math radix constants. --- src/ssl.c | 60 ++++++++++++++----------------------- tests/api.c | 19 +++++++++++- wolfcrypt/src/ecc.c | 25 +++++++++------- wolfcrypt/src/integer.c | 12 ++++---- wolfcrypt/src/tfm.c | 6 ++-- wolfssl/wolfcrypt/integer.h | 14 ++++++--- wolfssl/wolfcrypt/tfm.h | 18 +++++++++-- 7 files changed, 89 insertions(+), 65 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 53678cb93..deba47772 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16574,7 +16574,7 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, { (void)flags; - ctx->param->check_time = t; + ctx->param->check_time = t; ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; } #endif @@ -18331,7 +18331,6 @@ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx) static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn) { - WOLFSSL_MSG("InitwolfSSL_BigNum"); if (bn) { bn->neg = 0; bn->internal = NULL; @@ -18873,18 +18872,18 @@ char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn) return NULL; } - if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) { + if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_DEC, &len) != MP_OKAY) { WOLFSSL_MSG("mp_radix_size failure"); return NULL; } buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC); if (buf == NULL) { - WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure"); + WOLFSSL_MSG("BN_bn2dec malloc buffer failure"); return NULL; } - if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) { + if (mp_todecimal((mp_int*)bn->internal, buf) != MP_OKAY) { XFREE(buf, NULL, DYNAMIC_TYPE_ECC); return NULL; } @@ -19042,36 +19041,41 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, } #endif /* #ifdef WOLFSSL_KEY_GEN */ -#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) { +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) int len = 0; char *buf; - WOLFSSL_MSG("wolfSSL_BN_bn2hex"); + WOLFSSL_ENTER("wolfSSL_BN_bn2hex"); if (bn == NULL || bn->internal == NULL) { WOLFSSL_MSG("bn NULL error"); return NULL; } - if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) { + if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_HEX, &len) != MP_OKAY) { WOLFSSL_MSG("mp_radix_size failure"); return NULL; } buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC); if (buf == NULL) { - WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure"); + WOLFSSL_MSG("BN_bn2hex malloc buffer failure"); return NULL; } - if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) { + if (mp_tohex((mp_int*)bn->internal, buf) != MP_OKAY) { XFREE(buf, NULL, DYNAMIC_TYPE_ECC); return NULL; } return buf; +#else + (void)bn; + WOLFSSL_MSG("wolfSSL_BN_bn2hex not compiled in"); + return (char*)""; +#endif } #ifndef NO_FILESYSTEM @@ -19080,9 +19084,10 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) */ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) { +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) char *buf; - WOLFSSL_MSG("wolfSSL_BN_print_fp"); + WOLFSSL_ENTER("wolfSSL_BN_print_fp"); if (fp == NULL || bn == NULL || bn->internal == NULL) { WOLFSSL_MSG("bn NULL error"); @@ -19099,36 +19104,17 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) XFREE(buf, NULL, DYNAMIC_TYPE_ECC); return WOLFSSL_SUCCESS; -} -#endif /* !defined(NO_FILESYSTEM) */ - -#else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ - -char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) -{ - (void)bn; - - WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY"); - - return (char*)""; -} - -#ifndef NO_FILESYSTEM -/* return code compliant with OpenSSL : - * 1 if success, 0 if error - */ -int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) -{ +#else (void)fp; (void)bn; - WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented"); + WOLFSSL_MSG("wolfSSL_BN_print_fp not compiled in"); return WOLFSSL_SUCCESS; +#endif } -#endif /* !defined(NO_FILESYSTEM) */ +#endif /* !NO_FILESYSTEM */ -#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) { @@ -22182,7 +22168,7 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, } if (mp_read_radix((mp_int*)order->internal, - ecc_sets[group->curve_idx].order, 16) != MP_OKAY) { + ecc_sets[group->curve_idx].order, MP_RADIX_HEX) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); mp_clear((mp_int*)order->internal); return WOLFSSL_FAILURE; @@ -22364,9 +22350,9 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, return WOLFSSL_FAILURE; } - ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16); + ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX); if (ret == MP_OKAY) { - ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16); + ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX); } /* r = q * m % prime */ diff --git a/tests/api.c b/tests/api.c index 07f438984..7960211c6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -756,7 +756,9 @@ static void test_wolfSSL_EC(void) EC_POINT *Gxy, *new_point; BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL; BIGNUM *X, *Y; - +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) + char* hexStr; +#endif const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0"; /* NISTP256R1 Gx/Gy */ const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; @@ -792,6 +794,21 @@ static void test_wolfSSL_EC(void) /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE); + /* check bx2hex */ +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) + hexStr = BN_bn2hex(k); + AssertStrEQ(hexStr, kTest); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = BN_bn2hex(Gx); + AssertStrEQ(hexStr, kGx); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = BN_bn2hex(Gy); + AssertStrEQ(hexStr, kGy); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); +#endif + /* cleanup */ BN_free(X); BN_free(Y); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index d55bce4f5..1f1850a93 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1099,7 +1099,7 @@ static int wc_ecc_curve_load_item(const char* src, mp_int** dst, if (err == MP_OKAY) { curve->load_mask |= mask; - err = mp_read_radix(*dst, src, 16); + err = mp_read_radix(*dst, src, MP_RADIX_HEX); #ifdef HAVE_WOLF_BIGINT if (err == MP_OKAY) @@ -2599,7 +2599,7 @@ static int wc_ecc_cmp_param(const char* curveParam, err = mp_read_unsigned_bin(&a, param, paramSz); if (err == MP_OKAY) - err = mp_read_radix(&b, curveParam, 16); + err = mp_read_radix(&b, curveParam, MP_RADIX_HEX); if (err == MP_OKAY) { if (mp_cmp(&a, &b) != MP_EQ) { @@ -4951,7 +4951,7 @@ int wc_ecc_check_key(ecc_key* key) if (err == MP_OKAY) err = mp_init(b); if (err == MP_OKAY) - err = mp_read_radix(b, key->dp->Bf, 16); + err = mp_read_radix(b, key->dp->Bf, MP_RADIX_HEX); #else b = curve->Bf; #endif @@ -5378,9 +5378,9 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen) if (err != MP_OKAY) return err; - err = mp_read_radix(&rtmp, r, 16); + err = mp_read_radix(&rtmp, r, MP_RADIX_HEX); if (err == MP_OKAY) - err = mp_read_radix(&stmp, s, 16); + err = mp_read_radix(&stmp, s, MP_RADIX_HEX); /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ if (err == MP_OKAY) @@ -5496,11 +5496,11 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, /* read Qx */ if (err == MP_OKAY) - err = mp_read_radix(key->pubkey.x, qx, 16); + err = mp_read_radix(key->pubkey.x, qx, MP_RADIX_HEX); /* read Qy */ if (err == MP_OKAY) - err = mp_read_radix(key->pubkey.y, qy, 16); + err = mp_read_radix(key->pubkey.y, qy, MP_RADIX_HEX); if (err == MP_OKAY) err = mp_set(key->pubkey.z, 1); @@ -5509,7 +5509,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, if (err == MP_OKAY) { if (d != NULL) { key->type = ECC_PRIVATEKEY; - err = mp_read_radix(&key->k, d, 16); + err = mp_read_radix(&key->k, d, MP_RADIX_HEX); } else { key->type = ECC_PUBLICKEY; } @@ -6440,7 +6440,8 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { + if ((err = mp_read_radix(&order, ecc_sets[x].order, + MP_RADIX_HEX)) != MP_OKAY) { goto done; } @@ -6591,7 +6592,8 @@ static int accel_fp_mul2add(int idx1, int idx2, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { + if ((err = mp_read_radix(&order, ecc_sets[x].order, + MP_RADIX_HEX)) != MP_OKAY) { goto done; } @@ -6622,7 +6624,8 @@ static int accel_fp_mul2add(int idx1, int idx2, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { + if ((err = mp_read_radix(&order, ecc_sets[x].order, + MP_RADIX_HEX)) != MP_OKAY) { goto done; } diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 1c66245f9..1dd73af3c 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4746,7 +4746,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix) mp_zero(a); /* make sure the radix is ok */ - if (radix < 2 || radix > 64) { + if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) { return MP_VAL; } @@ -4808,7 +4808,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix) #endif /* HAVE_ECC */ #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ - defined(WOLFSSL_DEBUG_MATH) + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) /* returns size of ASCII representation */ int mp_radix_size (mp_int *a, int radix, int *size) @@ -4820,13 +4820,13 @@ int mp_radix_size (mp_int *a, int radix, int *size) *size = 0; /* special case for binary */ - if (radix == 2) { + if (radix == MP_RADIX_BIN) { *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1; return MP_OKAY; } /* make sure the radix is in range */ - if (radix < 2 || radix > 64) { + if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) { return MP_VAL; } @@ -4875,7 +4875,7 @@ int mp_toradix (mp_int *a, char *str, int radix) char *_s = str; /* check range of the radix */ - if (radix < 2 || radix > 64) { + if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) { return MP_VAL; } @@ -4933,7 +4933,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose) printf("%s: ptr=%p, used=%d, sign=%d, size=%d, mpd=%d\n", desc, a, a->used, a->sign, size, (int)sizeof(mp_digit)); - mp_toradix(a, buffer, 16); + mp_tohex(a, buffer); printf(" %s\n ", buffer); if (verbose) { diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 159b8e6ca..204410299 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2600,7 +2600,7 @@ int mp_montgomery_calc_normalization(mp_int *a, mp_int *b) #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ - defined(WOLFSSL_DEBUG_MATH) + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) #ifdef WOLFSSL_KEY_GEN /* swap the elements of two integers, for cases where you can't simply swap the @@ -3252,7 +3252,7 @@ int mp_set(fp_int *a, fp_digit b) #endif #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ - defined(WOLFSSL_DEBUG_MATH) + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) /* returns size of ASCII representation */ int mp_radix_size (mp_int *a, int radix, int *size) @@ -3373,7 +3373,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose) printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n", desc, a, a->used, a->sign, size, (int)sizeof(fp_digit)); - mp_toradix(a, buffer, 16); + mp_tohex(a, buffer); printf(" %s\n ", buffer); if (verbose) { diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index f3f741074..cf8069bc7 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -248,10 +248,16 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); #define mp_mag_size(mp) mp_unsigned_bin_size(mp) #define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str)) -#define mp_tobinary(M, S) mp_toradix((M), (S), 2) -#define mp_tooctal(M, S) mp_toradix((M), (S), 8) -#define mp_todecimal(M, S) mp_toradix((M), (S), 10) -#define mp_tohex(M, S) mp_toradix((M), (S), 16) +#define MP_RADIX_BIN 2 +#define MP_RADIX_OCT 8 +#define MP_RADIX_DEC 10 +#define MP_RADIX_HEX 16 +#define MP_RADIX_MAX 64 + +#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN) +#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT) +#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC) +#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) #define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1) diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 27c884a25..376ea401c 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -632,10 +632,22 @@ typedef fp_int mp_int; #define MP_MASK FP_MASK /* Prototypes */ -#define mp_zero(a) fp_zero(a) +#define mp_zero(a) fp_zero(a) #define mp_isone(a) fp_isone(a) -#define mp_iseven(a) fp_iseven(a) -#define mp_isneg(a) fp_isneg(a) +#define mp_iseven(a) fp_iseven(a) +#define mp_isneg(a) fp_isneg(a) + +#define MP_RADIX_BIN 2 +#define MP_RADIX_OCT 8 +#define MP_RADIX_DEC 10 +#define MP_RADIX_HEX 16 +#define MP_RADIX_MAX 64 + +#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN) +#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT) +#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC) +#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) + MP_API int mp_init (mp_int * a); MP_API void mp_clear (mp_int * a); MP_API void mp_free (mp_int * a);