wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 10:19:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Curve448, X448, Ed448 implementations

Browse Source
This commit is contained in:
Sean Parkinson
2020-02-19 18:07:45 +10:00
parent c7a2510d97
commit 2c6eb7cb39
79 changed files with 24343 additions and 2390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

630
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

635
wolfcrypt/src/curve448.c Normal file
View File

@@ -0,0 +1,635 @@
/* curve448.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Implemented to: RFC 7748 */
/* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work.
* Reworked for curve448 by Sean Parkinson.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
/* Make a new curve448 private/public key.
*
* rng [in] Random number generator.
* keysize [in] Size of the key to generate.
* key [in] Curve448 key object.
* returns BAD_FUNC_ARG when rng or key are NULL,
* ECC_BAD_ARG_E when keysize is not CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key)
{
unsigned char basepoint[CURVE448_KEY_SIZE] = {5};
int ret = 0;
if ((key == NULL) || (rng == NULL)) {
ret = BAD_FUNC_ARG;
}
/* currently only a key size of 56 bytes is used */
if ((ret == 0) && (keysize != CURVE448_KEY_SIZE)) {
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
fe448_init();
/* random number for private key */
ret = wc_RNG_GenerateBlock(rng, key->k, keysize);
}
if (ret == 0) {
/* Clamp the private key */
key->k[0] &= 0xfc;
key->k[CURVE448_KEY_SIZE-1] |= 0x80;
/* compute public key */
ret = curve448(key->p, key->k, basepoint);
if (ret != 0) {
ForceZero(key->k, keysize);
ForceZero(key->p, keysize);
}
}
return ret;
}
#ifdef HAVE_CURVE448_SHARED_SECRET
/* Calculate the shared secret from the private key and peer's public key.
* Calculation over curve448.
* Secret encoded big-endian.
*
* private_key [in] Curve448 private key.
* public_key [in] Curve448 public key.
* out [in] Array to hold shared secret.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than
* CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_shared_secret(curve448_key* private_key,
curve448_key* public_key,
byte* out, word32* outLen)
{
return wc_curve448_shared_secret_ex(private_key, public_key, out, outLen,
EC448_BIG_ENDIAN);
}
/* Calculate the shared secret from the private key and peer's public key.
* Calculation over curve448.
*
* private_key [in] Curve448 private key.
* public_key [in] Curve448 public key.
* out [in] Array to hold shared secret.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* endian [in] Endianness to use when encoding number in array.
* returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than
* CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_shared_secret_ex(curve448_key* private_key,
curve448_key* public_key,
byte* out, word32* outLen, int endian)
{
unsigned char o[CURVE448_PUB_KEY_SIZE];
int ret = 0;
int i;
/* sanity check */
if ((private_key == NULL) || (public_key == NULL) || (out == NULL) ||
(outLen == NULL) || (*outLen < CURVE448_PUB_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
ret = curve448(o, private_key->k, public_key->p);
}
if (ret == 0) {
if (endian == EC448_BIG_ENDIAN) {
/* put shared secret key in Big Endian format */
for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) {
out[i] = o[CURVE448_PUB_KEY_SIZE - i -1];
}
}
else {
/* put shared secret key in Little Endian format */
XMEMCPY(out, o, CURVE448_PUB_KEY_SIZE);
}
*outLen = CURVE448_PUB_KEY_SIZE;
}
ForceZero(o, CURVE448_PUB_KEY_SIZE);
return ret;
}
#endif /* HAVE_CURVE448_SHARED_SECRET */
#ifdef HAVE_CURVE448_KEY_EXPORT
/* Export the curve448 public key.
* Public key encoded big-endian.
*
* key [in] Curve448 public key.
* out [in] Array to hold public key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen)
{
return wc_curve448_export_public_ex(key, out, outLen, EC448_BIG_ENDIAN);
}
/* Export the curve448 public key.
*
* key [in] Curve448 public key.
* out [in] Array to hold public key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* endian [in] Endianness to use when encoding number in array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_public_ex(curve448_key* key, byte* out, word32* outLen,
int endian)
{
int ret = 0;
int i;
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
ret = BAD_FUNC_ARG;
}
/* check and set outgoing key size */
if ((ret == 0) && (*outLen < CURVE448_PUB_KEY_SIZE)) {
*outLen = CURVE448_PUB_KEY_SIZE;
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
*outLen = CURVE448_PUB_KEY_SIZE;
if (endian == EC448_BIG_ENDIAN) {
/* read keys in Big Endian format */
for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) {
out[i] = key->p[CURVE448_PUB_KEY_SIZE - i - 1];
}
}
else {
XMEMCPY(out, key->p, CURVE448_PUB_KEY_SIZE);
}
}
return ret;
}
#endif /* HAVE_CURVE448_KEY_EXPORT */
#ifdef HAVE_CURVE448_KEY_IMPORT
/* Import a curve448 public key from a byte array.
* Public key encoded in big-endian.
*
* in [in] Array holding public key.
* inLen [in] Number of bytes of data in array.
* key [in] Curve448 public key.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_public(const byte* in, word32 inLen, curve448_key* key)
{
return wc_curve448_import_public_ex(in, inLen, key, EC448_BIG_ENDIAN);
}
/* Import a curve448 public key from a byte array.
*
* in [in] Array holding public key.
* inLen [in] Number of bytes of data in array.
* key [in] Curve448 public key.
* endian [in] Endianness of encoded number in byte array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_public_ex(const byte* in, word32 inLen,
curve448_key* key, int endian)
{
int ret = 0;
int i;
/* sanity check */
if ((key == NULL) || (in == NULL)) {
ret = BAD_FUNC_ARG;
}
/* check size of incoming keys */
if ((ret == 0) && (inLen != CURVE448_PUB_KEY_SIZE)) {
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
if (endian == EC448_BIG_ENDIAN) {
/* read keys in Big Endian format */
for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) {
key->p[i] = in[CURVE448_PUB_KEY_SIZE - i - 1];
}
}
else
XMEMCPY(key->p, in, inLen);
}
return ret;
}
/* Check the public key value (big or little endian)
*
* pub [in] Public key bytes.
* pubSz [in] Size of public key in bytes.
* endian [in] Public key bytes passed in as big-endian or little-endian.
* returns BAD_FUNC_ARGS when pub is NULL,
* ECC_BAD_ARG_E when key length is not 56 bytes, public key value is
* zero or one;
* BUFFER_E when size of public key is zero;
* 0 otherwise.
*/
int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian)
{
int ret = 0;
word32 i;
if (pub == NULL) {
ret = BAD_FUNC_ARG;
}
/* Check for empty key data */
if ((ret == 0) && (pubSz == 0)) {
ret = BUFFER_E;
}
/* Check key length */
if ((ret == 0) && (pubSz != CURVE448_PUB_KEY_SIZE)) {
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
if (endian == EC448_LITTLE_ENDIAN) {
/* Check for value of zero or one */
for (i = pubSz - 1; i > 0; i--) {
if (pub[i] != 0) {
break;
}
}
if ((i == 0) && (pub[0] == 0 || pub[0] == 1)) {
return ECC_BAD_ARG_E;
}
}
else {
/* Check for value of zero or one */
for (i = 0; i < pubSz-1; i++) {
if (pub[i] != 0) {
break;
}
}
if ((i == pubSz - 1) && (pub[i] == 0 || pub[i] == 1)) {
ret = ECC_BAD_ARG_E;
}
}
}
return ret;
}
#endif /* HAVE_CURVE448_KEY_IMPORT */
#ifdef HAVE_CURVE448_KEY_EXPORT
/* Export the curve448 private key raw form.
* Private key encoded big-endian.
*
* key [in] Curve448 private key.
* out [in] Array to hold private key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_private_raw(curve448_key* key, byte* out, word32* outLen)
{
return wc_curve448_export_private_raw_ex(key, out, outLen,
EC448_BIG_ENDIAN);
}
/* Export the curve448 private key raw form.
*
* key [in] Curve448 private key.
* out [in] Array to hold private key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* endian [in] Endianness to use when encoding number in array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
word32* outLen, int endian)
{
int ret = 0;
int i;
/* sanity check */
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
ret = BAD_FUNC_ARG;
}
/* check size of outgoing buffer */
if ((ret == 0) && (*outLen < CURVE448_KEY_SIZE)) {
*outLen = CURVE448_KEY_SIZE;
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
*outLen = CURVE448_KEY_SIZE;
if (endian == EC448_BIG_ENDIAN) {
/* put the key in Big Endian format */
for (i = 0; i < CURVE448_KEY_SIZE; i++) {
out[i] = key->k[CURVE448_KEY_SIZE - i - 1];
}
}
else {
XMEMCPY(out, key->k, CURVE448_KEY_SIZE);
}
}
return ret;
}
/* Export the curve448 private and public keys in raw form.
* Private and public key encoded big-endian.
*
* key [in] Curve448 private key.
* priv [in] Array to hold private key.
* privSz [in/out] On in, the number of bytes in private key array.
* On out, the number bytes put into private key array.
* pub [in] Array to hold public key.
* pubSz [in/out] On in, the number of bytes in public key array.
* On out, the number bytes put into public key array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is
* less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_key_raw(curve448_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz)
{
return wc_curve448_export_key_raw_ex(key, priv, privSz, pub, pubSz,
EC448_BIG_ENDIAN);
}
/* Export the curve448 private and public keys in raw form.
*
* key [in] Curve448 private key.
* priv [in] Array to hold private key.
* privSz [in/out] On in, the number of bytes in private key array.
* On out, the number bytes put into private key array.
* pub [in] Array to hold public key.
* pubSz [in/out] On in, the number of bytes in public key array.
* On out, the number bytes put into public key array.
* endian [in] Endianness to use when encoding number in array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is
* less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_export_key_raw_ex(curve448_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz, int endian)
{
int ret;
/* export private part */
ret = wc_curve448_export_private_raw_ex(key, priv, privSz, endian);
if (ret == 0) {
/* export public part */
ret = wc_curve448_export_public_ex(key, pub, pubSz, endian);
}
return ret;
}
#endif /* HAVE_CURVE448_KEY_EXPORT */
#ifdef HAVE_CURVE448_KEY_IMPORT
/* Import curve448 private and public keys from a byte arrays.
* Private and public keys encoded in big-endian.
*
* piv [in] Array holding private key.
* privSz [in] Number of bytes of data in private key array.
* pub [in] Array holding public key.
* pubSz [in] Number of bytes of data in public key array.
* key [in] Curve448 private/public key.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is
* less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_private_raw(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz,
curve448_key* key)
{
return wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, key,
EC448_BIG_ENDIAN);
}
/* Import curve448 private and public keys from a byte arrays.
*
* piv [in] Array holding private key.
* privSz [in] Number of bytes of data in private key array.
* pub [in] Array holding public key.
* pubSz [in] Number of bytes of data in public key array.
* key [in] Curve448 private/public key.
* endian [in] Endianness of encoded numbers in byte arrays.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is
* less than CURVE448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz,
curve448_key* key, int endian)
{
int ret;
/* import private part */
ret = wc_curve448_import_private_ex(priv, privSz, key, endian);
if (ret == 0) {
/* import public part */
return wc_curve448_import_public_ex(pub, pubSz, key, endian);
}
return ret;
}
/* Import curve448 private key from a byte array.
* Private key encoded in big-endian.
*
* piv [in] Array holding private key.
* privSz [in] Number of bytes of data in private key array.
* key [in] Curve448 private/public key.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_private(const byte* priv, word32 privSz,
curve448_key* key)
{
return wc_curve448_import_private_ex(priv, privSz, key, EC448_BIG_ENDIAN);
}
/* Import curve448 private key from a byte array.
*
* piv [in] Array holding private key.
* privSz [in] Number of bytes of data in private key array.
* key [in] Curve448 private/public key.
* endian [in] Endianness of encoded number in byte array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE,
* 0 otherwise.
*/
int wc_curve448_import_private_ex(const byte* priv, word32 privSz,
curve448_key* key, int endian)
{
int ret = 0;
int i;
/* sanity check */
if ((key == NULL) || (priv == NULL)) {
ret = BAD_FUNC_ARG;
}
/* check size of incoming keys */
if ((ret == 0) && ((int)privSz != CURVE448_KEY_SIZE)) {
ret = ECC_BAD_ARG_E;
}
if (ret == 0) {
if (endian == EC448_BIG_ENDIAN) {
/* read the key in Big Endian format */
for (i = 0; i < CURVE448_KEY_SIZE; i++) {
key->k[i] = priv[CURVE448_KEY_SIZE - i - 1];
}
}
else {
XMEMCPY(key->k, priv, CURVE448_KEY_SIZE);
}
/* Clamp the key */
key->k[0] &= 0xfc;
key->k[CURVE448_KEY_SIZE-1] |= 0x80;
}
return ret;
}
#endif /* HAVE_CURVE448_KEY_IMPORT */
/* Initialize the curve448 key.
*
* key [in] Curve448 key object.
* returns BAD_FUNC_ARG when key is NULL,
* 0 otherwise.
*/
int wc_curve448_init(curve448_key* key)
{
int ret = 0;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
XMEMSET(key, 0, sizeof(*key));
fe448_init();
}
return ret;
}
/* Clears the curve448 key data.
*
* key [in] Curve448 key object.
*/
void wc_curve448_free(curve448_key* key)
{
if (key != NULL) {
ForceZero(key->p, sizeof(key->p));
ForceZero(key->k, sizeof(key->k));
}
}
/* Get the curve448 key's size.
*
* key [in] Curve448 key object.
* returns 0 if key is NULL,
* CURVE448_KEY_SIZE otherwise.
*/
int wc_curve448_size(curve448_key* key)
{
int ret = 0;
if (key != NULL) {
ret = CURVE448_KEY_SIZE;
}
return ret;
}
#endif /* HAVE_CURVE448 */

917
wolfcrypt/src/ed448.c Normal file
View File

@@ -0,0 +1,917 @@
/* ed448.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Implemented to: RFC 8032 */
/* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work.
* Reworked for curve448 by Sean Parkinson.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
/* in case user set HAVE_ED448 there */
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if defined(HAVE_ED448_SIGN) || defined(HAVE_ED448_VERIFY)
/* Size of context bytes to use with hash when signing and verifying. */
#define ED448CTX_SIZE 8
/* Context to pass to hash when signing and verifying. */
static const byte ed448Ctx[ED448CTX_SIZE+1] = "SigEd448";
#endif
/* Derive the public key for the private key.
*
* key [in] Ed448 key object.
* pubKey [in] Byte array to hold te public key.
* pubKeySz [in] Size of the array in bytes.
* returns BAD_FUNC_ARG when key is NULL or pubKeySz is not equal to
* ED448_PUB_KEY_SIZE,
* other -ve value on hash failure,
* 0 otherwise.
*/
int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, word32 pubKeySz)
{
int ret = 0;
byte az[ED448_PRV_KEY_SIZE];
ge448_p2 A;
if ((key == NULL) || (pubKeySz != ED448_PUB_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
ret = wc_Shake256Hash(key->k, ED448_KEY_SIZE, az, sizeof(az));
}
if (ret == 0) {
/* apply clamp */
az[0] &= 0xfc;
az[55] |= 0x80;
az[56] = 0x00;
ge448_scalarmult_base(&A, az);
ge448_to_bytes(pubKey, &A);
}
return ret;
}
/* Make a new ed448 private/public key.
*
* rng [in] Random number generator.
* keysize [in] Size of the key to generate.
* key [in] Ed448 key object.
* returns BAD_FUNC_ARG when rng or key is NULL or keySz is not equal to
* ED448_KEY_SIZE,
* other -ve value on random number or hash failure,
* 0 otherwise.
*/
int wc_ed448_make_key(WC_RNG* rng, int keySz, ed448_key* key)
{
int ret = 0;
if ((rng == NULL) || (key == NULL)) {
ret = BAD_FUNC_ARG;
}
/* ed448 has 57 byte key sizes */
if ((ret == 0) && (keySz != ED448_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
ret = wc_RNG_GenerateBlock(rng, key->k, ED448_KEY_SIZE);
}
if (ret == 0) {
ret = wc_ed448_make_public(key, key->p, ED448_PUB_KEY_SIZE);
if (ret != 0) {
ForceZero(key->k, ED448_KEY_SIZE);
}
}
if (ret == 0) {
/* put public key after private key, on the same buffer */
XMEMMOVE(key->k + ED448_KEY_SIZE, key->p, ED448_PUB_KEY_SIZE);
key->pubKeySet = 1;
}
return ret;
}
#ifdef HAVE_ED448_SIGN
/* Sign the message using the ed448 private key.
*
* in [in] Message to sign.
* inLen [in] Length of the message in bytes.
* out [in] Buffer to write signature into.
* outLen [in/out] On in, size of buffer.
* On out, the length of the signature in bytes.
* key [in] Ed448 key to use when signing
* type [in] Type of signature to perform: Ed448 or Ed448ph
* context [in] Context of signing.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when outLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
static int ed448_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed448_key* key, byte type,
const byte* context, byte contextLen)
{
ge448_p2 R;
byte nonce[ED448_SIG_SIZE];
byte hram[ED448_SIG_SIZE];
byte az[ED448_PRV_KEY_SIZE];
wc_Shake sha;
int ret = 0;
/* sanity check on arguments */
if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL) ||
((context == NULL) && (contextLen != 0))) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (!key->pubKeySet)) {
ret = BAD_FUNC_ARG;
}
/* check and set up out length */
if ((ret == 0) && (*outLen < ED448_SIG_SIZE)) {
*outLen = ED448_SIG_SIZE;
ret = BUFFER_E;
}
if (ret == 0) {
*outLen = ED448_SIG_SIZE;
/* step 1: create nonce to use where nonce is r in
r = H(h_b, ... ,h_2b-1,M) */
ret = wc_Shake256Hash(key->k, ED448_KEY_SIZE, az, sizeof(az));
}
if (ret == 0) {
/* apply clamp */
az[0] &= 0xfc;
az[55] |= 0x80;
az[56] = 0x00;
ret = wc_InitShake256(&sha, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Shake256_Update(&sha, ed448Ctx, ED448CTX_SIZE);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &type, sizeof(type));
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, az + ED448_KEY_SIZE, ED448_KEY_SIZE);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, in, inLen);
}
if (ret == 0) {
ret = wc_Shake256_Final(&sha, nonce, sizeof(nonce));
}
wc_Shake256_Free(&sha);
}
if (ret == 0) {
sc448_reduce(nonce);
/* step 2: computing R = rB where rB is the scalar multiplication of
r and B */
ge448_scalarmult_base(&R,nonce);
ge448_to_bytes(out,&R);
/* step 3: hash R + public key + message getting H(R,A,M) then
creating S = (r + H(R,A,M)a) mod l */
ret = wc_InitShake256(&sha, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Shake256_Update(&sha, ed448Ctx, ED448CTX_SIZE);
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &type, sizeof(type));
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, out, ED448_SIG_SIZE/2);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, key->p, ED448_PUB_KEY_SIZE);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, in, inLen);
}
if (ret == 0) {
ret = wc_Shake256_Final(&sha, hram, sizeof(hram));
}
wc_Shake256_Free(&sha);
}
}
if (ret == 0) {
sc448_reduce(hram);
sc448_muladd(out + (ED448_SIG_SIZE/2), hram, az, nonce);
}
return ret;
}
/* Sign the message using the ed448 private key.
* Signature type is Ed448.
*
* in [in] Message to sign.
* inLen [in] Length of the message in bytes.
* out [in] Buffer to write signature into.
* outLen [in/out] On in, size of buffer.
* On out, the length of the signature in bytes.
* key [in] Ed448 key to use when signing
* context [in] Context of signing.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when outLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
ed448_key* key, const byte* context, byte contextLen)
{
return ed448_sign_msg(in, inLen, out, outLen, key, Ed448, context,
contextLen);
}
/* Sign the hash using the ed448 private key.
* Signature type is Ed448ph.
*
* hash [in] Hash of message to sign.
* hashLen [in] Length of hash of message in bytes.
* out [in] Buffer to write signature into.
* outLen [in/out] On in, size of buffer.
* On out, the length of the signature in bytes.
* key [in] Ed448 key to use when signing
* context [in] Context of signing.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when outLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
word32 *outLen, ed448_key* key,
const byte* context, byte contextLen)
{
return ed448_sign_msg(hash, hashLen, out, outLen, key, Ed448ph, context,
contextLen);
}
/* Sign the message using the ed448 private key.
* Signature type is Ed448ph.
*
* in [in] Message to sign.
* inLen [in] Length of the message to sign in bytes.
* out [in] Buffer to write signature into.
* outLen [in/out] On in, size of buffer.
* On out, the length of the signature in bytes.
* key [in] Ed448 key to use when signing
* context [in] Context of signing.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when outLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
ed448_key* key, const byte* context, byte contextLen)
{
int ret = 0;
byte hash[64];
ret = wc_Shake256Hash(in, inLen, hash, sizeof(hash));
if (ret == 0) {
ret = wc_ed448ph_sign_hash(hash, sizeof(hash), out, outLen, key,
context, contextLen);
}
return ret;
}
#endif /* HAVE_ED448_SIGN */
#ifdef HAVE_ED448_VERIFY
/* Verify the message using the ed448 public key.
*
* sig [in] Signature to verify.
* sigLen [in] Size of signature in bytes.
* msg [in] Message to verify.
* msgLen [in] Length of the message in bytes.
* key [in] Ed448 key to use to verify.
* type [in] Type of signature to verify: Ed448 or Ed448ph
* context [in] Context of verification.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when sigLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
static int ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed448_key* key,
byte type, const byte* context, byte contextLen)
{
byte rcheck[ED448_KEY_SIZE];
byte h[ED448_SIG_SIZE];
ge448_p2 A;
ge448_p2 R;
int ret = 0;
wc_Shake sha;
/* sanity check on arguments */
if ((sig == NULL) || (msg == NULL) || (res == NULL) || (key == NULL) ||
((context == NULL) && (contextLen != 0))) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* set verification failed by default */
*res = 0;
/* check on basics needed to verify signature */
if (sigLen < ED448_SIG_SIZE) {
ret = BAD_FUNC_ARG;
}
}
/* uncompress A (public key), test if valid, and negate it */
if ((ret == 0) && (ge448_from_bytes_negate_vartime(&A, key->p) != 0)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* find H(R,A,M) and store it as h */
ret = wc_InitShake256(&sha, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Shake256_Update(&sha, ed448Ctx, ED448CTX_SIZE);
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &type, sizeof(type));
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, sig, ED448_SIG_SIZE/2);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, key->p, ED448_PUB_KEY_SIZE);
}
if (ret == 0) {
ret = wc_Shake256_Update(&sha, msg, msgLen);
}
if (ret == 0) {
ret = wc_Shake256_Final(&sha, h, sizeof(h));
}
wc_Shake256_Free(&sha);
}
}
if (ret == 0) {
sc448_reduce(h);
/* Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
* SB - H(R,A,M)A saving decompression of R
*/
ret = ge448_double_scalarmult_vartime(&R, h, &A,
sig + (ED448_SIG_SIZE/2));
}
if (ret == 0) {
ge448_to_bytes(rcheck, &R);
/* comparison of R created to R in sig */
if (ConstantCompare(rcheck, sig, ED448_SIG_SIZE/2) != 0) {
ret = SIG_VERIFY_E;
}
else {
/* set the verification status */
*res = 1;
}
}
return ret;
}
/* Verify the message using the ed448 public key.
* Signature type is Ed448.
*
* sig [in] Signature to verify.
* sigLen [in] Size of signature in bytes.
* msg [in] Message to verify.
* msgLen [in] Length of the message in bytes.
* key [in] Ed448 key to use to verify.
* context [in] Context of verification.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when sigLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed448_key* key,
const byte* context, byte contextLen)
{
return ed448_verify_msg(sig, sigLen, msg, msgLen, res, key, Ed448,
context, contextLen);
}
/* Verify the hash using the ed448 public key.
* Signature type is Ed448ph.
*
* sig [in] Signature to verify.
* sigLen [in] Size of signature in bytes.
* hash [in] Hash of message to verify.
* hashLen [in] Length of the hash in bytes.
* key [in] Ed448 key to use to verify.
* context [in] Context of verification.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when sigLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
word32 hashLen, int* res, ed448_key* key,
const byte* context, byte contextLen)
{
return ed448_verify_msg(sig, sigLen, hash, hashLen, res, key, Ed448ph,
context, contextLen);
}
/* Verify the message using the ed448 public key.
* Signature type is Ed448ph.
*
* sig [in] Signature to verify.
* sigLen [in] Size of signature in bytes.
* msg [in] Message to verify.
* msgLen [in] Length of the message in bytes.
* key [in] Ed448 key to use to verify.
* context [in] Context of verification.
* contextLen [in] Length of context in bytes.
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* context is not NULL or public key not set,
* BUFFER_E when sigLen is less than ED448_SIG_SIZE,
* other -ve values when hash fails,
* 0 otherwise.
*/
int wc_ed448ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, ed448_key* key,
const byte* context, byte contextLen)
{
int ret = 0;
byte hash[64];
ret = wc_Shake256Hash(msg, msgLen, hash, sizeof(hash));
if (ret == 0) {
ret = wc_ed448ph_verify_hash(sig, sigLen, hash, sizeof(hash), res, key,
context, contextLen);
}
return ret;
}
#endif /* HAVE_ED448_VERIFY */
/* Initialize the ed448 private/public key.
*
* key [in] Ed448 key.
* returns BAD_FUNC_ARG when key is NULL
*/
int wc_ed448_init(ed448_key* key)
{
int ret = 0;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
else {
XMEMSET(key, 0, sizeof(ed448_key));
fe448_init();
}
return ret;
}
/* Clears the ed448 key data
*
* key [in] Ed448 key.
*/
void wc_ed448_free(ed448_key* key)
{
if (key != NULL) {
ForceZero(key, sizeof(ed448_key));
}
}
#ifdef HAVE_ED448_KEY_EXPORT
/* Export the ed448 public key.
*
* key [in] Ed448 public key.
* out [in] Array to hold public key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than ED448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;
/* sanity check on arguments */
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (*outLen < ED448_PUB_KEY_SIZE)) {
*outLen = ED448_PUB_KEY_SIZE;
ret = BUFFER_E;
}
if (ret == 0) {
*outLen = ED448_PUB_KEY_SIZE;
XMEMCPY(out, key->p, ED448_PUB_KEY_SIZE);
}
return ret;
}
#endif /* HAVE_ED448_KEY_EXPORT */
#ifdef HAVE_ED448_KEY_IMPORT
/* Import a compressed or uncompressed ed448 public key from a byte array.
* Public key encoded in big-endian.
*
* in [in] Array holding public key.
* inLen [in] Number of bytes of data in array.
* key [in] Ed448 public key.
* returns BAD_FUNC_ARG when a parameter is NULL or key format is not supported,
* 0 otherwise.
*/
int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key)
{
int ret = 0;
/* sanity check on arguments */
if ((in == NULL) || (key == NULL)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* compressed prefix according to draft
* https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06 */
if (in[0] == 0x40 && inLen > ED448_PUB_KEY_SIZE) {
/* key is stored in compressed format so just copy in */
XMEMCPY(key->p, (in + 1), ED448_PUB_KEY_SIZE);
key->pubKeySet = 1;
}
/* importing uncompressed public key */
else if (in[0] == 0x04 && inLen > 2*ED448_PUB_KEY_SIZE) {
/* pass in (x,y) and store compressed key */
ret = ge448_compress_key(key->p, in+1, in+1+ED448_PUB_KEY_SIZE);
if (ret == 0)
key->pubKeySet = 1;
}
else if (inLen == ED448_PUB_KEY_SIZE) {
/* if not specified compressed or uncompressed check key size
* if key size is equal to compressed key size copy in key */
XMEMCPY(key->p, in, ED448_PUB_KEY_SIZE);
key->pubKeySet = 1;
}
else {
/* bad public key format */
ret = BAD_FUNC_ARG;
}
}
return ret;
}
/* Import an ed448 private key from a byte array.
*
* priv [in] Array holding private key.
* privSz [in] Number of bytes of data in array.
* key [in] Ed448 private key.
* returns BAD_FUNC_ARG when a parameter is NULL or privSz is less than
* ED448_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_import_private_only(const byte* priv, word32 privSz,
ed448_key* key)
{
int ret = 0;
/* sanity check on arguments */
if ((priv == NULL) || (key == NULL)) {
ret = BAD_FUNC_ARG;
}
/* key size check */
if ((ret == 0) && (privSz < ED448_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
XMEMCPY(key->k, priv, ED448_KEY_SIZE);
}
return ret;
}
/* Import an ed448 private and public keys from a byte arrays.
*
* priv [in] Array holding private key.
* privSz [in] Number of bytes of data in private key array.
* pub [in] Array holding private key.
* pubSz [in] Number of bytes of data in public key array.
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when a parameter is NULL or privSz is less than
* ED448_KEY_SIZE or pubSz is less than ED448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ed448_key* key)
{
int ret = 0;
/* sanity check on arguments */
if ((priv == NULL) || (pub == NULL) || (key == NULL)) {
ret = BAD_FUNC_ARG;
}
/* key size check */
if ((ret == 0) && (privSz < ED448_KEY_SIZE || pubSz < ED448_PUB_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* import public key */
ret = wc_ed448_import_public(pub, pubSz, key);
}
if (ret == 0) {
/* make the private key (priv + pub) */
XMEMCPY(key->k, priv, ED448_KEY_SIZE);
XMEMCPY(key->k + ED448_KEY_SIZE, key->p, ED448_PUB_KEY_SIZE);
}
return ret;
}
#endif /* HAVE_ED448_KEY_IMPORT */
#ifdef HAVE_ED448_KEY_EXPORT
/* Export the ed448 private key.
*
* key [in] Ed448 private key.
* out [in] Array to hold private key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than ED448_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;
/* sanity checks on arguments */
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (*outLen < ED448_KEY_SIZE)) {
*outLen = ED448_KEY_SIZE;
ret = BUFFER_E;
}
if (ret == 0) {
*outLen = ED448_KEY_SIZE;
XMEMCPY(out, key->k, ED448_KEY_SIZE);
}
return ret;
}
/* Export the ed448 private and public key.
*
* key [in] Ed448 private/public key.
* out [in] Array to hold private and public key.
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* BUFFER_E when outLen is less than ED448_PRV_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;
/* sanity checks on arguments */
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (*outLen < ED448_PRV_KEY_SIZE)) {
*outLen = ED448_PRV_KEY_SIZE;
ret = BUFFER_E;
}
if (ret == 0) {
*outLen = ED448_PRV_KEY_SIZE;
XMEMCPY(out, key->k, ED448_PRV_KEY_SIZE);
}
return ret;
}
/* Export the ed448 private and public key.
*
* key [in] Ed448 private/public key.
* priv [in] Array to hold private key.
* privSz [in/out] On in, the number of bytes in private key array.
* pub [in] Array to hold public key.
* pubSz [in/out] On in, the number of bytes in public key array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* BUFFER_E when privSz is less than ED448_PRV_KEY_SIZE or pubSz is less
* than ED448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz)
{
int ret = 0;
/* export 'full' private part */
ret = wc_ed448_export_private(key, priv, privSz);
if (ret == 0) {
/* export public part */
ret = wc_ed448_export_public(key, pub, pubSz);
}
return ret;
}
#endif /* HAVE_ED448_KEY_EXPORT */
/* Check the public key of the ed448 key matches the private key.
*
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when key is NULL,
* PUBLIC_KEY_E when the public key is not set or doesn't match,
* other -ve value on hash failure,
* 0 otherwise.
*/
int wc_ed448_check_key(ed448_key* key)
{
int ret = 0;
unsigned char pubKey[ED448_PUB_KEY_SIZE];
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
if (!key->pubKeySet) {
ret = PUBLIC_KEY_E;
}
if (ret == 0) {
ret = wc_ed448_make_public(key, pubKey, sizeof(pubKey));
}
if ((ret == 0) && (XMEMCMP(pubKey, key->p, ED448_PUB_KEY_SIZE) != 0)) {
ret = PUBLIC_KEY_E;
}
return ret;
}
/* Returns the size of an ed448 private key.
*
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when key is NULL,
* ED448_KEY_SIZE otherwise.
*/
int wc_ed448_size(ed448_key* key)
{
int ret = ED448_KEY_SIZE;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
return ret;
}
/* Returns the size of an ed448 private plus public key.
*
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when key is NULL,
* ED448_PRV_KEY_SIZE otherwise.
*/
int wc_ed448_priv_size(ed448_key* key)
{
int ret = ED448_PRV_KEY_SIZE;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
return ret;
}
/* Returns the size of an ed448 public key.
*
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when key is NULL,
* ED448_PUB_KEY_SIZE otherwise.
*/
int wc_ed448_pub_size(ed448_key* key)
{
int ret = ED448_PUB_KEY_SIZE;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
return ret;
}
/* Returns the size of an ed448 signature.
*
* key [in] Ed448 private/public key.
* returns BAD_FUNC_ARG when key is NULL,
* ED448_SIG_SIZE otherwise.
*/
int wc_ed448_sig_size(ed448_key* key)
{
int ret = ED448_SIG_SIZE;
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
return ret;
}
#endif /* HAVE_ED448 */

2394
wolfcrypt/src/fe_448.c Normal file
View File

File diff suppressed because it is too large Load Diff

10780
wolfcrypt/src/ge_448.c Normal file
View File

File diff suppressed because it is too large Load Diff

39
wolfcrypt/src/hash.c
View File

@@ -1362,6 +1362,45 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return ret;
}
#endif /* !WOLFSSL_NOSHA3_512 */
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
word32 hashLen)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
wc_Shake* shake;
#else
wc_Shake shake[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
shake = (wc_Shake*)XMALLOC(sizeof(wc_Shake), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (shake == NULL)
return MEMORY_E;
#endif
if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) {
WOLFSSL_MSG("InitShake256 failed");
}
else {
if ((ret = wc_Shake256_Update(shake, data, len)) != 0) {
WOLFSSL_MSG("Shake256_Update failed");
}
else if ((ret = wc_Shake256_Final(shake, hash, hashLen)) != 0) {
WOLFSSL_MSG("Shake256_Final failed");
}
wc_Shake256_Free(shake);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(shake, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* WOLFSSL_SHAKE_256 && !WOLFSSL_NO_SHAKE256 */
#endif /* WOLFSSL_SHA3 */
#endif /* !NO_HASH_WRAPPER */

75
wolfcrypt/src/sha3.c
View File

@@ -636,11 +636,10 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
* len Number of bytes in output.
* returns 0 on success.
*/
static int Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte l)
static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l)
{
byte i;
byte *s8 = (byte *)sha3->s;
byte padChar = 0x06; /* NIST SHA-3 */
sha3->t[p * 8 - 1] = 0x00;
#ifdef WOLFSSL_HASH_FLAGS
@@ -759,7 +758,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
}
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = Sha3Final(sha3, hash, p, len);
ret = Sha3Final(sha3, 0x06, hash, p, len);
if (ret != 0)
return ret;
@@ -1140,4 +1139,74 @@ int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags)
}
#endif
#if defined(WOLFSSL_SHAKE256)
/* Initialize the state for a Shake256 hash operation.
*
* shake wc_Shake object holding state.
* heap Heap reference for dynamic memory allocation. (Used in async ops.)
* devId Device identifier for asynchronous operation.
* returns 0 on success.
*/
int wc_InitShake256(wc_Shake* shake, void* heap, int devId)
{
return wc_InitSha3(shake, heap, devId);
}
/* Update the SHAKE256 hash state with message data.
*
* shake wc_Shake object holding state.
* data Message data to be hashed.
* len Length of the message data.
* returns 0 on success.
*/
int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len)
{
return wc_Sha3Update(shake, data, len, WC_SHA3_256_COUNT);
}
/* Calculate the SHAKE256 hash based on all the message data seen.
* The state is initialized ready for a new message to hash.
*
* shake wc_Shake object holding state.
* hash Buffer to hold the hash result. Must be at least 64 bytes.
* returns 0 on success.
*/
int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
{
int ret;
if (shake == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
if (ret != 0)
return ret;
return InitSha3(shake); /* reset state */
}
/* Dispose of any dynamically allocated data from the SHAKE256 operation.
* (Required for async ops.)
*
* shake wc_Shake object holding state.
* returns 0 on success.
*/
void wc_Shake256_Free(wc_Shake* shake)
{
wc_Sha3Free(shake);
}
/* Copy the state of the SHA3-512 operation.
*
* src wc_Shake object holding state top copy.
* dst wc_Shake object to copy into.
* returns 0 on success.
*/
int wc_Shake256_Copy(wc_Shake* src, wc_Shake* dst)
{
return wc_Sha3Copy(src, dst);
}
#endif
#endif /* WOLFSSL_SHA3 */