Merge pull request #1960 from SparkiDev/sp_rsavfy

Allow a very small build based on SHA-256 and RSA verify
This commit is contained in:
toddouska
2018-12-12 14:49:42 -08:00
committed by GitHub
15 changed files with 4303 additions and 4042 deletions
+171 -7
View File
@@ -458,7 +458,7 @@ static const char* bench_result_words1[][4] = {
#endif
};
#if !defined(NO_RSA) ||defined(WOLFSSL_KEY_GEN) || defined(HAVE_NTRU) || \
#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_NTRU) || \
defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \
defined(HAVE_ED25519)
@@ -568,7 +568,7 @@ static const char* bench_desc_words[][9] = {
#endif
#endif
#if !defined(NO_RSA) || !defined(NO_DH) \
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) \
|| defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) \
|| defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
#define HAVE_LOCAL_RNG
@@ -578,7 +578,6 @@ static const char* bench_desc_words[][9] = {
#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || defined(HAVE_ECC) || \
defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DH) || \
!defined(NO_RSA) || defined(HAVE_SCRYPT)
#define BENCH_ASYM
#endif
@@ -776,7 +775,9 @@ static int rsa_sign_verify = 0;
/* Don't print out in CSV format by default */
static int csv_format = 0;
#ifdef BENCH_ASYM
static int csv_header_count = 0;
#endif
/* for compatibility */
#define BENCH_SIZE bench_size
@@ -3858,31 +3859,139 @@ void bench_rsaKeyGen_size(int doAsync, int keySz)
#define RSA_BUF_SIZE 384 /* for up to 3072 bit */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#elif defined(USE_CERT_BUFFERS_2048)
static unsigned char rsa_2048_sig[] = {
0x8c, 0x9e, 0x37, 0xbf, 0xc3, 0xa6, 0xba, 0x1c,
0x53, 0x22, 0x40, 0x4b, 0x8b, 0x0d, 0x3c, 0x0e,
0x2e, 0x8c, 0x31, 0x2c, 0x47, 0xbf, 0x03, 0x48,
0x18, 0x46, 0x73, 0x8d, 0xd7, 0xdd, 0x17, 0x64,
0x0d, 0x7f, 0xdc, 0x74, 0xed, 0x80, 0xc3, 0xe8,
0x9a, 0x18, 0x33, 0xd4, 0xe6, 0xc5, 0xe1, 0x54,
0x75, 0xd1, 0xbb, 0x40, 0xde, 0xa8, 0xb9, 0x1b,
0x14, 0xe8, 0xc1, 0x39, 0xeb, 0xa0, 0x69, 0x8a,
0xc6, 0x9b, 0xef, 0x53, 0xb5, 0x23, 0x2b, 0x78,
0x06, 0x43, 0x37, 0x11, 0x81, 0x84, 0x73, 0x33,
0x33, 0xfe, 0xf7, 0x5d, 0x2b, 0x84, 0xd6, 0x83,
0xd6, 0xdd, 0x55, 0x33, 0xef, 0xd1, 0xf7, 0x12,
0xb0, 0xc2, 0x0e, 0xb1, 0x78, 0xd4, 0xa8, 0xa3,
0x25, 0xeb, 0xed, 0x9a, 0xb3, 0xee, 0xc3, 0x7e,
0xce, 0x13, 0x18, 0x86, 0x31, 0xe1, 0xef, 0x01,
0x0f, 0x6e, 0x67, 0x24, 0x74, 0xbd, 0x0b, 0x7f,
0xa9, 0xca, 0x6f, 0xaa, 0x83, 0x28, 0x90, 0x40,
0xf1, 0xb5, 0x10, 0x0e, 0x26, 0x03, 0x05, 0x5d,
0x87, 0xb4, 0xe0, 0x4c, 0x98, 0xd8, 0xc6, 0x42,
0x89, 0x77, 0xeb, 0xb6, 0xd4, 0xe6, 0x26, 0xf3,
0x31, 0x25, 0xde, 0x28, 0x38, 0x58, 0xe8, 0x2c,
0xf4, 0x56, 0x7c, 0xb6, 0xfd, 0x99, 0xb0, 0xb0,
0xf4, 0x83, 0xb6, 0x74, 0xa9, 0x5b, 0x9f, 0xe8,
0xe9, 0xf1, 0xa1, 0x2a, 0xbd, 0xf6, 0x83, 0x28,
0x09, 0xda, 0xa6, 0xd6, 0xcd, 0x61, 0x60, 0xf7,
0x13, 0x4e, 0x46, 0x57, 0x38, 0x1e, 0x11, 0x92,
0x6b, 0x6b, 0xcf, 0xd3, 0xf4, 0x8b, 0x66, 0x03,
0x25, 0xa3, 0x7a, 0x2f, 0xce, 0xc1, 0x85, 0xa5,
0x48, 0x91, 0x8a, 0xb3, 0x4f, 0x5d, 0x98, 0xb1,
0x69, 0x58, 0x47, 0x69, 0x0c, 0x52, 0xdc, 0x42,
0x4c, 0xef, 0xe8, 0xd4, 0x4d, 0x6a, 0x33, 0x7d,
0x9e, 0xd2, 0x51, 0xe6, 0x41, 0xbf, 0x4f, 0xa2
};
#elif defined(USE_CERT_BUFFERS_3072)
static unsigned char rsa_3072_sig[] = {
0x1a, 0xd6, 0x0d, 0xfd, 0xe3, 0x41, 0x95, 0x76,
0x27, 0x16, 0x7d, 0xc7, 0x94, 0x16, 0xca, 0xa8,
0x26, 0x08, 0xbe, 0x78, 0x87, 0x72, 0x4c, 0xd9,
0xa7, 0xfc, 0x33, 0x77, 0x2d, 0x53, 0x07, 0xb5,
0x8c, 0xce, 0x48, 0x17, 0x9b, 0xff, 0x9f, 0x9b,
0x17, 0xc4, 0xbb, 0x72, 0xed, 0xdb, 0xa0, 0x34,
0x69, 0x5b, 0xc7, 0x4e, 0xbf, 0xec, 0x13, 0xc5,
0x98, 0x71, 0x9a, 0x4e, 0x18, 0x0e, 0xcb, 0xe7,
0xc6, 0xd5, 0x21, 0x31, 0x7c, 0x0d, 0xae, 0x14,
0x2b, 0x87, 0x4f, 0x77, 0x95, 0x2e, 0x26, 0xe2,
0x83, 0xfe, 0x49, 0x1e, 0x87, 0x19, 0x4a, 0x63,
0x73, 0x75, 0xf1, 0xf5, 0x71, 0xd2, 0xce, 0xd4,
0x39, 0x2b, 0xd9, 0xe0, 0x76, 0x70, 0xc8, 0xf8,
0xed, 0xdf, 0x90, 0x57, 0x17, 0xb9, 0x16, 0xf6,
0xe9, 0x49, 0x48, 0xce, 0x5a, 0x8b, 0xe4, 0x84,
0x7c, 0xf3, 0x31, 0x68, 0x97, 0x45, 0x68, 0x38,
0x50, 0x3a, 0x70, 0xbd, 0xb3, 0xd3, 0xd2, 0xe0,
0x56, 0x5b, 0xc2, 0x0c, 0x2c, 0x10, 0x70, 0x7b,
0xd4, 0x99, 0xf9, 0x38, 0x31, 0xb1, 0x86, 0xa0,
0x07, 0xf1, 0xf6, 0x53, 0xb0, 0x44, 0x82, 0x40,
0xd2, 0xab, 0x0e, 0x71, 0x5d, 0xe1, 0xea, 0x3a,
0x77, 0xc9, 0xef, 0xfe, 0x54, 0x65, 0xa3, 0x49,
0xfd, 0xa5, 0x33, 0xaa, 0x16, 0x1a, 0x38, 0xe7,
0xaa, 0xb7, 0x13, 0xb2, 0x3b, 0xc7, 0x00, 0x87,
0x12, 0xfe, 0xfd, 0xf4, 0x55, 0x6d, 0x1d, 0x4a,
0x0e, 0xad, 0xd0, 0x4c, 0x55, 0x91, 0x60, 0xd9,
0xef, 0x74, 0x69, 0x22, 0x8c, 0x51, 0x65, 0xc2,
0x04, 0xac, 0xd3, 0x8d, 0xf7, 0x35, 0x29, 0x13,
0x6d, 0x61, 0x7c, 0x39, 0x2f, 0x41, 0x4c, 0xdf,
0x38, 0xfd, 0x1a, 0x7d, 0x42, 0xa7, 0x6f, 0x3f,
0x3d, 0x9b, 0xd1, 0x97, 0xab, 0xc0, 0xa7, 0x28,
0x1c, 0xc0, 0x02, 0x26, 0xeb, 0xce, 0xf9, 0xe1,
0x34, 0x45, 0xaf, 0xbf, 0x8d, 0xb8, 0xe0, 0xff,
0xd9, 0x6f, 0x77, 0xf3, 0xf7, 0xed, 0x6a, 0xbb,
0x03, 0x52, 0xfb, 0x38, 0xfc, 0xea, 0x9f, 0xc9,
0x98, 0xed, 0x21, 0x45, 0xaf, 0x43, 0x2b, 0x64,
0x96, 0x82, 0x30, 0xe9, 0xb4, 0x36, 0x89, 0x77,
0x07, 0x4a, 0xc6, 0x1f, 0x38, 0x7a, 0xee, 0xb6,
0x86, 0xf6, 0x2f, 0x03, 0xec, 0xa2, 0xe5, 0x48,
0xe5, 0x5a, 0xf5, 0x1c, 0xd2, 0xd9, 0xd8, 0x2d,
0x9d, 0x06, 0x07, 0xc9, 0x8b, 0x5d, 0xe0, 0x0f,
0x5e, 0x0c, 0x53, 0x27, 0xff, 0x23, 0xee, 0xca,
0x5e, 0x4d, 0xf1, 0x95, 0x77, 0x78, 0x1f, 0xf2,
0x44, 0x5b, 0x7d, 0x01, 0x49, 0x61, 0x6f, 0x6d,
0xbf, 0xf5, 0x19, 0x06, 0x39, 0xe9, 0xe9, 0x29,
0xde, 0x47, 0x5e, 0x2e, 0x1f, 0x68, 0xf4, 0x32,
0x5e, 0xe9, 0xd0, 0xa7, 0xb4, 0x2a, 0x45, 0xdf,
0x15, 0x7d, 0x0d, 0x5b, 0xef, 0xc6, 0x23, 0xac
};
#else
#error Not Supported Yet!
#endif
static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
int rsaKeySz)
{
int ret = 0, i, times, count = 0, pending = 0;
word32 idx = 0;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
const char* messageStr = "Everyone gets Friday off.";
const int len = (int)XSTRLEN((char*)messageStr);
#endif
double start = 0.0f;
const char**desc = bench_desc_words[lng_index];
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
DECLARE_VAR_INIT(message, byte, len, messageStr, HEAP_HINT);
#endif
#ifdef USE_CERT_BUFFERS_1024
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
#ifndef WOLFSSL_RSA_VERIFY_INLINE
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
#else
byte* out[BENCH_MAX_PENDING];
#endif
#elif defined(USE_CERT_BUFFERS_2048)
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
#ifndef WOLFSSL_RSA_VERIFY_INLINE
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
#else
byte* out[BENCH_MAX_PENDING];
#endif
#elif defined(USE_CERT_BUFFERS_3072)
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
#ifndef WOLFSSL_RSA_VERIFY_INLINE
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
#else
byte* out[BENCH_MAX_PENDING];
#endif
#else
#error "need a cert buffer size"
#endif /* USE_CERT_BUFFERS */
if (!rsa_sign_verify) {
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* begin public RSA */
bench_stats_start(&count, &start);
do {
@@ -3908,7 +4017,9 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
exit_rsa_pub:
bench_stats_asym_finish("RSA", rsaKeySz, desc[0], doAsync, count,
start, ret);
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
if (ret < 0) {
goto exit;
}
@@ -3941,8 +4052,10 @@ exit_rsa_pub:
exit:
bench_stats_asym_finish("RSA", rsaKeySz, desc[1], doAsync, count,
start, ret);
#endif
}
else {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* begin RSA sign */
bench_stats_start(&count, &start);
do {
@@ -3972,6 +4085,7 @@ exit_rsa_sign:
if (ret < 0) {
goto exit;
}
#endif
/* capture resulting encrypt length */
idx = rsaKeySz/8;
@@ -3986,8 +4100,26 @@ exit_rsa_sign:
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]),
1, &times, ntimes, &pending)) {
#ifndef WOLFSSL_RSA_VERIFY_INLINE
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
rsaKeySz/8, &rsaKey[i]);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
idx = sizeof(rsa_2048_sig);
out[i] = NULL;
ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i],
&rsaKey[i]);
if (ret > 0)
ret = 0;
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(enc[i], rsa_3072_sig, sizeof(rsa_3072_sig));
idx = sizeof(rsa_3072_sig);
out[i] = NULL;
ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i],
&rsaKey[i]);
if (ret > 0)
ret = 0;
#endif
if (!bench_async_handle(&ret,
BENCH_ASYNC_GET_DEV(&rsaKey[i]),
1, &times, &pending)) {
@@ -4051,6 +4183,7 @@ void bench_rsa(int doAsync)
goto exit_bench_rsa;
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* decode the private key */
idx = 0;
if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i],
@@ -4058,6 +4191,35 @@ void bench_rsa(int doAsync)
printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
goto exit_bench_rsa;
}
#else
#ifdef USE_CERT_BUFFERS_2048
ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 256);
if (ret != 0) {
printf("Setting modulus failed! %d\n", ret);
goto exit_bench_rsa;
}
ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
if (ret != 0) {
printf("Setting public exponent failed! %d\n", ret);
goto exit_bench_rsa;
}
#elif defined(USE_CERT_BUFFERS_3072)
ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 384);
if (ret != 0) {
printf("Setting modulus failed! %d\n", ret);
goto exit_bench_rsa;
}
ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
if (ret != 0) {
printf("Setting public exponent failed! %d\n", ret);
goto exit_bench_rsa;
}
#else
#error Not supported yet!
#endif
(void)idx;
(void)bytes;
#endif
}
bench_rsa_helper(doAsync, rsaKey, rsaKeySz);
@@ -5258,10 +5420,12 @@ int main(int argc, char** argv)
else if (string_matches(argv[1], "-rsa_sign"))
rsa_sign_verify = 1;
#endif
#ifdef BENCH_ASYM
else if (string_matches(argv[1], "-csv")) {
csv_format = 1;
csv_header_count = 1;
}
#endif
else if (argv[1][0] == '-') {
optMatched = 0;
#ifndef WOLFSSL_BENCHMARK_ALL
+14 -4
View File
@@ -127,7 +127,7 @@ STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
}
#ifdef WORD64_AVAILABLE
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
@@ -169,9 +169,9 @@ STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
}
#endif /* WORD64_AVAILABLE */
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
#ifndef WOLFSSL_NO_XOR_OPS
STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
{
word32 i;
@@ -193,8 +193,9 @@ STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
for (i = 0; i < count; i++) b[i] ^= m[i];
}
}
#endif
#ifndef WOLFSSL_NO_FORCE_ZERO
/* Make sure compiler doesn't skip */
STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
{
@@ -217,8 +218,10 @@ STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
while (len--) *z++ = 0;
}
#endif
#ifndef WOLFSSL_NO_CONST_CMP
/* check all length bytes for equality, return 0 on success */
STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
{
@@ -231,6 +234,7 @@ STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
return compareSum;
}
#endif
#ifndef WOLFSSL_HAVE_MIN
@@ -255,6 +259,7 @@ STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
}
#endif /* !WOLFSSL_HAVE_MAX */
#ifndef WOLFSSL_NO_INT_ENCODE
/* converts a 32 bit integer to 24 bit */
STATIC WC_INLINE void c32to24(word32 in, word24 out)
{
@@ -278,7 +283,9 @@ STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
c[2] = (wc_u32 >> 8) & 0xff;
c[3] = wc_u32 & 0xff;
}
#endif
#ifndef WOLFSSL_NO_INT_DECODE
/* convert a 24 bit integer into a 32 bit one */
STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
{
@@ -309,8 +316,10 @@ STATIC WC_INLINE word32 btoi(byte b)
{
return (word32)(b - 0x30);
}
#endif
#ifndef WOLFSSL_NO_CT_OPS
/* Constant time - mask set when a > b. */
STATIC WC_INLINE byte ctMaskGT(int a, int b)
{
@@ -365,6 +374,7 @@ STATIC WC_INLINE byte ctSetLTE(int a, int b)
{
return ((word32)a - b - 1) >> 31;
}
#endif
#undef STATIC
+92 -5
View File
@@ -96,6 +96,7 @@ int wc_FreeRsaKey(RsaKey* key)
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng)
{
@@ -104,8 +105,10 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
}
return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
}
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
RsaKey* key)
{
@@ -134,6 +137,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
}
return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
}
#endif
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
@@ -164,6 +168,7 @@ int wc_RsaEncryptSize(RsaKey* key)
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
word32* bSz)
{
@@ -171,6 +176,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
/* not specified as fips so not needing _fips */
return RsaFlattenPublicKey(key, a, aSz, b, bSz);
}
#endif
#ifdef WOLFSSL_KEY_GEN
@@ -215,19 +221,25 @@ enum {
static void wc_RsaCleanup(RsaKey* key)
{
#ifndef WOLFSSL_RSA_VERIFY_INLINE
if (key && key->data) {
/* make sure any allocated memory is free'd */
if (key->dataIsAlloc) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
if (key->type == RSA_PRIVATE_DECRYPT ||
key->type == RSA_PRIVATE_ENCRYPT) {
ForceZero(key->data, key->dataLen);
}
#endif
XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
key->dataIsAlloc = 0;
}
key->data = NULL;
key->dataLen = 0;
}
#else
(void)key;
#endif
}
int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
@@ -243,9 +255,11 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->type = RSA_TYPE_UNKNOWN;
key->state = RSA_STATE_NONE;
key->heap = heap;
key->data = NULL;
key->dataLen = 0;
#ifndef WOLFSSL_RSA_VERIFY_INLINE
key->dataIsAlloc = 0;
key->data = NULL;
#endif
key->dataLen = 0;
#ifdef WC_RSA_BLINDING
key->rng = NULL;
#endif
@@ -270,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
#endif /* WC_ASYNC_ENABLE_RSA */
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
if (ret != MP_OKAY)
return ret;
@@ -284,6 +299,16 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
mp_clear(&key->e);
return ret;
}
#else
ret = mp_init(&key->n);
if (ret != MP_OKAY)
return ret;
ret = mp_init(&key->e);
if (ret != MP_OKAY) {
mp_clear(&key->n);
return ret;
}
#endif
#ifdef WOLFSSL_XILINX_CRYPT
key->pubExp = 0;
@@ -411,6 +436,7 @@ int wc_FreeRsaKey(RsaKey* key)
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA);
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
if (key->type == RSA_PRIVATE) {
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
mp_forcezero(&key->u);
@@ -430,6 +456,7 @@ int wc_FreeRsaKey(RsaKey* key)
mp_clear(&key->q);
mp_clear(&key->p);
mp_clear(&key->d);
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
/* public part */
mp_clear(&key->e);
@@ -443,7 +470,7 @@ int wc_FreeRsaKey(RsaKey* key)
return ret;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Check the pair-wise consistency of the RSA key.
* From NIST SP 800-56B, section 6.4.1.1.
* Verify that k = (k^e)^d, for some k: 1 < k < n-1. */
@@ -532,6 +559,7 @@ int wc_CheckRsaKey(RsaKey* key)
return ret;
}
#endif
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
@@ -944,6 +972,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
}
else {
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* pad with non-zero random bytes */
word32 padLen, i;
int ret;
@@ -963,6 +992,9 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
for (i = 1; i < padLen; i++) {
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
}
#else
return RSA_WRONG_TYPE_E;
#endif
}
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
@@ -972,6 +1004,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
}
#endif /* !WC_NO_RNG */
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* helper function to direct which padding is used */
static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
@@ -1133,6 +1166,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
return pkcsBlockLen - idx;
}
#endif /* WC_NO_RSA_OAEP */
#endif
#ifdef WC_RSA_PSS
/* 0x00 .. 0x00 0x01 | Salt | Gen Hash | 0xbc
@@ -1219,7 +1253,9 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
{
int ret;
word32 i;
#ifndef WOLFSSL_RSA_VERIFY_ONLY
byte invalid = 0;
#endif
if (output == NULL || pkcsBlockLen == 0) {
return BAD_FUNC_ARG;
@@ -1244,6 +1280,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
*output = (byte *)(pkcsBlock + i);
ret = pkcsBlockLen - i;
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
else {
word32 j;
byte pastSep = 0;
@@ -1267,6 +1304,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
*output = (byte *)(pkcsBlock + i);
ret = ((int)~invalid) & (pkcsBlockLen - i);
}
#endif
return ret;
}
@@ -1491,6 +1529,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->n) == 2048) {
switch(type) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WC_RSA_BLINDING
@@ -1505,6 +1544,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
NULL, NULL, NULL, &key->n, out, outLen);
#endif
#endif
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
return sp_RsaPublic_2048(in, inLen, &key->e, &key->n, out, outLen);
@@ -1514,6 +1554,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->n) == 3072) {
switch(type) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WC_RSA_BLINDING
@@ -1528,6 +1569,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
NULL, NULL, NULL, &key->n, out, outLen);
#endif
#endif
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
return sp_RsaPublic_3072(in, inLen, &key->e, &key->n, out, outLen);
@@ -1537,6 +1579,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
#endif /* WOLFSSL_HAVE_SP_RSA */
#ifdef WOLFSSL_SP_MATH
(void)rng;
return WC_KEY_SIZE_E;
#else
(void)rng;
@@ -1575,6 +1618,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
if (ret == 0) {
switch(type) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
{
@@ -1678,6 +1722,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
break;
}
#endif
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef WOLFSSL_XILINX_CRYPT
@@ -1751,6 +1796,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
switch(type) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef HAVE_CAVIUM
@@ -1775,6 +1821,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
#endif
break;
#endif
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
@@ -2008,6 +2055,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* Internal Wrappers */
/* Gives the option of choosing padding type
in : input to be encrypted
@@ -2129,6 +2177,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
return ret;
}
#endif
/* Gives the option of choosing padding type
in : input to be decrypted
@@ -2170,12 +2219,14 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
/* Async operations that include padding */
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
pad_type != WC_RSA_PSS_PAD) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
if (rsa_type == RSA_PRIVATE_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_DECRYPT_RES;
key->data = NULL;
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen,
key);
#endif
}
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
@@ -2186,6 +2237,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
}
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
/* verify the tmp ptr is NULL, otherwise indicates bad state */
if (key->data != NULL) {
ret = BAD_STATE_E;
@@ -2206,13 +2258,19 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
else {
key->data = out;
}
#endif
key->state = RSA_STATE_DECRYPT_EXPTMOD;
FALL_THROUGH;
case RSA_STATE_DECRYPT_EXPTMOD:
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
ret = wc_RsaFunction(key->data, inLen, key->data, &key->dataLen,
rsa_type, key, rng);
#else
ret = wc_RsaFunction(out, inLen, out, &key->dataLen, rsa_type, key,
rng);
#endif
if (ret >= 0 || ret == WC_PENDING_E) {
key->state = RSA_STATE_DECRYPT_UNPAD;
@@ -2226,16 +2284,25 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
case RSA_STATE_DECRYPT_UNPAD:
{
byte* pad = NULL;
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type,
hash, mgf, label, labelSz, saltLen,
mp_count_bits(&key->n), key->heap);
#else
ret = wc_RsaUnPad_ex(out, key->dataLen, &pad, pad_value, pad_type, hash,
mgf, label, labelSz, saltLen,
mp_count_bits(&key->n), key->heap);
#endif
if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen)
ret = RSA_BUFFER_E;
else if (ret >= 0 && pad != NULL) {
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
signed char c;
#endif
/* only copy output if not inline */
if (outPtr == NULL) {
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
word32 i, j;
int start = (int)((size_t)pad - (size_t)key->data);
@@ -2246,12 +2313,20 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
/* 0 - no add, -1 add */
i += -c;
}
#else
XMEMCPY(out, pad, ret);
#endif
}
else
*outPtr = pad;
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = ctMaskSelInt(ctMaskLTE(ret, outLen), ret, RSA_BUFFER_E);
ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E);
#else
if (outLen < (word32)ret)
ret = RSA_BUFFER_E;
#endif
}
key->state = RSA_STATE_DECRYPT_RES;
@@ -2296,6 +2371,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* Public RSA Functions */
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, WC_RNG* rng)
@@ -2316,8 +2392,10 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
RSA_BLOCK_TYPE_2, type, hash, mgf, label, labelSz, 0, rng);
}
#endif /* WC_NO_RSA_OAEP */
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
{
WC_RNG* rng = NULL;
@@ -2373,6 +2451,7 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out,
labelSz, 0, rng);
}
#endif /* WC_NO_RSA_OAEP || WC_RSA_NO_PADDING */
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
@@ -2386,6 +2465,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng);
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key)
{
@@ -2403,6 +2483,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng);
}
#endif
#ifdef WC_RSA_PSS
/* Verify the message signed with RSA-PSS.
@@ -2667,6 +2748,7 @@ int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen,
#endif
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, WC_RNG* rng)
{
@@ -2720,7 +2802,9 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen,
hash, mgf, NULL, 0, saltLen, rng);
}
#endif
#endif
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(WOLFSSL_SP_MATH)
int wc_RsaEncryptSize(RsaKey* key)
{
int ret;
@@ -2739,8 +2823,9 @@ int wc_RsaEncryptSize(RsaKey* key)
return ret;
}
#endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
/* flatten RsaKey structure into individual elements (e, n) */
int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
word32* nSz)
@@ -2769,11 +2854,12 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
return 0;
}
#endif
#endif /* HAVE_FIPS */
#ifndef WOLFSSL_RSA_VERIFY_ONLY
static int RsaGetValue(mp_int* in, byte* out, word32* outSz)
{
word32 sz;
@@ -2818,6 +2904,7 @@ int wc_RsaExportKey(RsaKey* key,
return ret;
}
#endif
#ifdef WOLFSSL_KEY_GEN
+4 -3
View File
@@ -356,7 +356,7 @@ int wc_SignatureGenerateHash(
case WC_SIGNATURE_TYPE_RSA_W_ENC:
case WC_SIGNATURE_TYPE_RSA:
#ifndef NO_RSA
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* Create signature using provided RSA key */
do {
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -420,7 +420,7 @@ int wc_SignatureGenerate(
}
hash_enc_len = hash_len = ret;
#ifndef NO_RSA
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
/* For RSA with ASN.1 encoding include room */
hash_enc_len += MAX_DER_DIGEST_ASN_SZ;
@@ -440,7 +440,8 @@ int wc_SignatureGenerate(
if (ret == 0) {
/* Handle RSA with DER encoding */
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
#if defined(NO_RSA) || defined(NO_ASN)
#if defined(NO_RSA) || defined(NO_ASN) || \
defined(WOLFSSL_RSA_PUBLIC_ONLY)
ret = SIG_TYPE_E;
#else
ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len,
+1448 -1432
View File
File diff suppressed because it is too large Load Diff
+818 -814
View File
File diff suppressed because it is too large Load Diff
+165 -161
View File
@@ -2303,7 +2303,8 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
#ifdef WOLFSSL_SP_SMALL
/* AND m into each word of a and store in r.
*
@@ -2738,7 +2739,7 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* Caclulate the bottom digit of -1/a mod 2^n.
*
@@ -2759,7 +2760,84 @@ static void sp_2048_mont_setup(sp_digit* a, sp_digit* rho)
*rho = -x;
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
/* Mul a by digit b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A single precision digit.
*/
SP_NOINLINE static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
__asm__ __volatile__ (
"mov r6, #1\n\t"
"lsl r6, r6, #8\n\t"
"add r6, %[a]\n\t"
"mov r8, %[r]\n\t"
"mov r9, r6\n\t"
"mov r3, #0\n\t"
"mov r4, #0\n\t"
"1:\n\t"
"mov %[r], #0\n\t"
"mov r5, #0\n\t"
"# A[] * B\n\t"
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
"ldr r6, [%[a]]\n\t"
"umull r6, r7, r6, %[b]\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#else
"ldr r6, [%[a]]\n\t"
"lsl r6, r6, #16\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r7, r6\n\t"
"add r3, r7\n\t"
"adc r4, %[r]\n\t"
"adc r5, %[r]\n\t"
"lsr r7, %[b], #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
"ldr r6, [%[a]]\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, %[b], #16\n\t"
"mul r7, r6\n\t"
"add r4, r7\n\t"
"adc r5, %[r]\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#endif
"# A[] * B - Done\n\t"
"mov %[r], r8\n\t"
"str r3, [%[r]]\n\t"
"mov r3, r4\n\t"
"mov r4, r5\n\t"
"add %[r], #4\n\t"
"add %[a], #4\n\t"
"mov r8, %[r]\n\t"
"cmp %[a], r9\n\t"
"blt 1b\n\t"
"str r3, [%[r]]\n\t"
: [r] "+r" (r), [a] "+r" (a)
: [b] "r" (b)
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
);
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* r = 2^n mod m where n is the number of bits to reduce by.
* Given m must be 2048 bits, just need to subtract.
*
@@ -3598,7 +3676,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, sp_digit* a, sp_digit* e,
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
#ifdef WOLFSSL_HAVE_SP_DH
/* r = 2^n mod m where n is the number of bits to reduce by.
@@ -3843,82 +3921,6 @@ static void sp_2048_mont_sqr_64(sp_digit* r, sp_digit* a, sp_digit* m,
sp_2048_mont_reduce_64(r, m, mp);
}
/* Mul a by digit b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A single precision digit.
*/
SP_NOINLINE static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
__asm__ __volatile__ (
"mov r6, #1\n\t"
"lsl r6, r6, #8\n\t"
"add r6, %[a]\n\t"
"mov r8, %[r]\n\t"
"mov r9, r6\n\t"
"mov r3, #0\n\t"
"mov r4, #0\n\t"
"1:\n\t"
"mov %[r], #0\n\t"
"mov r5, #0\n\t"
"# A[] * B\n\t"
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
"ldr r6, [%[a]]\n\t"
"umull r6, r7, r6, %[b]\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#else
"ldr r6, [%[a]]\n\t"
"lsl r6, r6, #16\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r7, r6\n\t"
"add r3, r7\n\t"
"adc r4, %[r]\n\t"
"adc r5, %[r]\n\t"
"lsr r7, %[b], #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
"ldr r6, [%[a]]\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, %[b], #16\n\t"
"mul r7, r6\n\t"
"add r4, r7\n\t"
"adc r5, %[r]\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#endif
"# A[] * B - Done\n\t"
"mov %[r], r8\n\t"
"str r3, [%[r]]\n\t"
"mov r3, r4\n\t"
"mov r4, r5\n\t"
"add %[r], #4\n\t"
"add %[a], #4\n\t"
"mov r8, %[r]\n\t"
"cmp %[a], r9\n\t"
"blt 1b\n\t"
"str r3, [%[r]]\n\t"
: [r] "+r" (r), [a] "+r" (a)
: [b] "r" (b)
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
);
}
/* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
*
* d1 The high order half of the number to divide.
@@ -7679,7 +7681,8 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
#ifdef WOLFSSL_SP_SMALL
/* AND m into each word of a and store in r.
*
@@ -8084,7 +8087,7 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* Caclulate the bottom digit of -1/a mod 2^n.
*
@@ -8105,7 +8108,85 @@ static void sp_3072_mont_setup(sp_digit* a, sp_digit* rho)
*rho = -x;
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
/* Mul a by digit b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A single precision digit.
*/
SP_NOINLINE static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
__asm__ __volatile__ (
"mov r6, #1\n\t"
"lsl r6, r6, #8\n\t"
"add r6, #128\n\t"
"add r6, %[a]\n\t"
"mov r8, %[r]\n\t"
"mov r9, r6\n\t"
"mov r3, #0\n\t"
"mov r4, #0\n\t"
"1:\n\t"
"mov %[r], #0\n\t"
"mov r5, #0\n\t"
"# A[] * B\n\t"
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
"ldr r6, [%[a]]\n\t"
"umull r6, r7, r6, %[b]\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#else
"ldr r6, [%[a]]\n\t"
"lsl r6, r6, #16\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r7, r6\n\t"
"add r3, r7\n\t"
"adc r4, %[r]\n\t"
"adc r5, %[r]\n\t"
"lsr r7, %[b], #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
"ldr r6, [%[a]]\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, %[b], #16\n\t"
"mul r7, r6\n\t"
"add r4, r7\n\t"
"adc r5, %[r]\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#endif
"# A[] * B - Done\n\t"
"mov %[r], r8\n\t"
"str r3, [%[r]]\n\t"
"mov r3, r4\n\t"
"mov r4, r5\n\t"
"add %[r], #4\n\t"
"add %[a], #4\n\t"
"mov r8, %[r]\n\t"
"cmp %[a], r9\n\t"
"blt 1b\n\t"
"str r3, [%[r]]\n\t"
: [r] "+r" (r), [a] "+r" (a)
: [b] "r" (b)
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
);
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
*
@@ -9201,7 +9282,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, sp_digit* a, sp_digit* e,
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
#ifdef WOLFSSL_HAVE_SP_DH
/* r = 2^n mod m where n is the number of bits to reduce by.
@@ -9450,83 +9531,6 @@ static void sp_3072_mont_sqr_96(sp_digit* r, sp_digit* a, sp_digit* m,
sp_3072_mont_reduce_96(r, m, mp);
}
/* Mul a by digit b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A single precision digit.
*/
SP_NOINLINE static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
__asm__ __volatile__ (
"mov r6, #1\n\t"
"lsl r6, r6, #8\n\t"
"add r6, #128\n\t"
"add r6, %[a]\n\t"
"mov r8, %[r]\n\t"
"mov r9, r6\n\t"
"mov r3, #0\n\t"
"mov r4, #0\n\t"
"1:\n\t"
"mov %[r], #0\n\t"
"mov r5, #0\n\t"
"# A[] * B\n\t"
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
"ldr r6, [%[a]]\n\t"
"umull r6, r7, r6, %[b]\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#else
"ldr r6, [%[a]]\n\t"
"lsl r6, r6, #16\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r7, r6\n\t"
"add r3, r7\n\t"
"adc r4, %[r]\n\t"
"adc r5, %[r]\n\t"
"lsr r7, %[b], #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
"ldr r6, [%[a]]\n\t"
"lsr r6, r6, #16\n\t"
"lsr r7, %[b], #16\n\t"
"mul r7, r6\n\t"
"add r4, r7\n\t"
"adc r5, %[r]\n\t"
"lsl r7, %[b], #16\n\t"
"lsr r7, r7, #16\n\t"
"mul r6, r7\n\t"
"lsr r7, r6, #16\n\t"
"lsl r6, r6, #16\n\t"
"add r3, r6\n\t"
"adc r4, r7\n\t"
"adc r5, %[r]\n\t"
#endif
"# A[] * B - Done\n\t"
"mov %[r], r8\n\t"
"str r3, [%[r]]\n\t"
"mov r3, r4\n\t"
"mov r4, r5\n\t"
"add %[r], #4\n\t"
"add %[a], #4\n\t"
"mov r8, %[r]\n\t"
"cmp %[a], r9\n\t"
"blt 1b\n\t"
"str r3, [%[r]]\n\t"
: [r] "+r" (r), [a] "+r" (a)
: [b] "r" (b)
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
);
}
/* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
*
* d1 The high order half of the number to divide.
+1067 -1299
View File
File diff suppressed because it is too large Load Diff
+155 -123
View File
@@ -50,7 +50,7 @@
#ifndef WOLFSSL_SP_ASM
#if SP_WORD_SIZE == 64
#if defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)
#if (defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* Mask for address to obfuscate which of the two address will be used. */
static const size_t addr_mask[2] = { 0, (size_t)-1 };
#endif
@@ -701,7 +701,8 @@ SP_NOINLINE static void sp_2048_sqr_36(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
*
@@ -806,7 +807,7 @@ SP_NOINLINE static void sp_2048_sqr_18(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* Caclulate the bottom digit of -1/a mod 2^n.
*
@@ -829,7 +830,62 @@ static void sp_2048_mont_setup(sp_digit* a, sp_digit* rho)
*rho = (1L << 57) - x;
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
/* Multiply a by scalar b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A scalar.
*/
SP_NOINLINE static void sp_2048_mul_d_36(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
#ifdef WOLFSSL_SP_SMALL
int128_t tb = b;
int128_t t = 0;
int i;
for (i = 0; i < 36; i++) {
t += tb * a[i];
r[i] = t & 0x1ffffffffffffffl;
t >>= 57;
}
r[36] = (sp_digit)t;
#else
int128_t tb = b;
int128_t t[8];
int i;
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
for (i = 0; i < 32; i += 8) {
t[1] = tb * a[i+1];
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[i+2];
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[i+3];
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[i+4];
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[i+5];
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
t[6] = tb * a[i+6];
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
t[7] = tb * a[i+7];
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
t[0] = tb * a[i+8];
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
}
t[1] = tb * a[33];
r[33] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[34];
r[34] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[35];
r[35] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
r[36] = (sp_digit)(t[3] >> 57);
#endif /* WOLFSSL_SP_SMALL */
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* r = 2^n mod m where n is the number of bits to reduce by.
* Given m must be 2048 bits, just need to subtract.
*
@@ -1631,7 +1687,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
#endif
}
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* r = 2^n mod m where n is the number of bits to reduce by.
* Given m must be 2048 bits, just need to subtract.
@@ -1897,6 +1953,7 @@ static void sp_2048_mont_reduce_36(sp_digit* a, sp_digit* m, sp_digit mp)
int i;
sp_digit mu;
#ifdef WOLFSSL_SP_DH
if (mp != 1) {
for (i=0; i<35; i++) {
mu = (a[i] * mp) & 0x1ffffffffffffffl;
@@ -1919,6 +1976,17 @@ static void sp_2048_mont_reduce_36(sp_digit* a, sp_digit* m, sp_digit mp)
a[i+1] += a[i] >> 57;
a[i] &= 0x1ffffffffffffffl;
}
#else
for (i=0; i<35; i++) {
mu = (a[i] * mp) & 0x1ffffffffffffffl;
sp_2048_mul_add_36(a+i, m, mu);
a[i+1] += a[i] >> 57;
}
mu = (a[i] * mp) & 0x1fffffffffffffl;
sp_2048_mul_add_36(a+i, m, mu);
a[i+1] += a[i] >> 57;
a[i] &= 0x1ffffffffffffffl;
#endif
sp_2048_mont_shift_36(a, a);
sp_2048_cond_sub_36(a, a, m, 0 - ((a[35] >> 53) > 0));
@@ -1955,60 +2023,6 @@ static void sp_2048_mont_sqr_36(sp_digit* r, sp_digit* a, sp_digit* m,
sp_2048_mont_reduce_36(r, m, mp);
}
/* Multiply a by scalar b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A scalar.
*/
SP_NOINLINE static void sp_2048_mul_d_36(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
#ifdef WOLFSSL_SP_SMALL
int128_t tb = b;
int128_t t = 0;
int i;
for (i = 0; i < 36; i++) {
t += tb * a[i];
r[i] = t & 0x1ffffffffffffffl;
t >>= 57;
}
r[36] = (sp_digit)t;
#else
int128_t tb = b;
int128_t t[8];
int i;
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
for (i = 0; i < 32; i += 8) {
t[1] = tb * a[i+1];
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[i+2];
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[i+3];
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[i+4];
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[i+5];
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
t[6] = tb * a[i+6];
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
t[7] = tb * a[i+7];
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
t[0] = tb * a[i+8];
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
}
t[1] = tb * a[33];
r[33] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[34];
r[34] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[35];
r[35] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
r[36] = (sp_digit)(t[3] >> 57);
#endif /* WOLFSSL_SP_SMALL */
}
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
@@ -2483,7 +2497,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
#endif /* SP_RSA_PRIVATE_EXP_D || WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM)
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
@@ -2716,6 +2730,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
#endif /* WOLFSSL_SP_SMALL */
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@@ -2950,6 +2965,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#ifdef WOLFSSL_HAVE_SP_DH
/* Convert an array of sp_digit to an mp_int.
@@ -4011,7 +4027,8 @@ SP_NOINLINE static void sp_3072_sqr_54(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
#ifdef WOLFSSL_SP_SMALL
/* Add b to a into r. (r = a + b)
*
@@ -4225,7 +4242,7 @@ SP_NOINLINE static void sp_3072_sqr_27(sp_digit* r, const sp_digit* a)
}
#endif /* WOLFSSL_SP_SMALL */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* Caclulate the bottom digit of -1/a mod 2^n.
*
@@ -4248,7 +4265,66 @@ static void sp_3072_mont_setup(sp_digit* a, sp_digit* rho)
*rho = (1L << 57) - x;
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
/* Multiply a by scalar b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A scalar.
*/
SP_NOINLINE static void sp_3072_mul_d_54(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
#ifdef WOLFSSL_SP_SMALL
int128_t tb = b;
int128_t t = 0;
int i;
for (i = 0; i < 54; i++) {
t += tb * a[i];
r[i] = t & 0x1ffffffffffffffl;
t >>= 57;
}
r[54] = (sp_digit)t;
#else
int128_t tb = b;
int128_t t[8];
int i;
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
for (i = 0; i < 48; i += 8) {
t[1] = tb * a[i+1];
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[i+2];
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[i+3];
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[i+4];
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[i+5];
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
t[6] = tb * a[i+6];
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
t[7] = tb * a[i+7];
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
t[0] = tb * a[i+8];
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
}
t[1] = tb * a[49];
r[49] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[50];
r[50] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[51];
r[51] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[52];
r[52] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[53];
r[53] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
r[54] = (sp_digit)(t[5] >> 57);
#endif /* WOLFSSL_SP_SMALL */
}
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* r = 2^n mod m where n is the number of bits to reduce by.
* Given m must be 3072 bits, just need to subtract.
*
@@ -5035,7 +5111,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
#endif
}
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
/* r = 2^n mod m where n is the number of bits to reduce by.
* Given m must be 3072 bits, just need to subtract.
@@ -5308,6 +5384,7 @@ static void sp_3072_mont_reduce_54(sp_digit* a, sp_digit* m, sp_digit mp)
int i;
sp_digit mu;
#ifdef WOLFSSL_SP_DH
if (mp != 1) {
for (i=0; i<53; i++) {
mu = (a[i] * mp) & 0x1ffffffffffffffl;
@@ -5330,6 +5407,17 @@ static void sp_3072_mont_reduce_54(sp_digit* a, sp_digit* m, sp_digit mp)
a[i+1] += a[i] >> 57;
a[i] &= 0x1ffffffffffffffl;
}
#else
for (i=0; i<53; i++) {
mu = (a[i] * mp) & 0x1ffffffffffffffl;
sp_3072_mul_add_54(a+i, m, mu);
a[i+1] += a[i] >> 57;
}
mu = (a[i] * mp) & 0x7ffffffffffffl;
sp_3072_mul_add_54(a+i, m, mu);
a[i+1] += a[i] >> 57;
a[i] &= 0x1ffffffffffffffl;
#endif
sp_3072_mont_shift_54(a, a);
sp_3072_cond_sub_54(a, a, m, 0 - ((a[53] >> 51) > 0));
@@ -5366,64 +5454,6 @@ static void sp_3072_mont_sqr_54(sp_digit* r, sp_digit* a, sp_digit* m,
sp_3072_mont_reduce_54(r, m, mp);
}
/* Multiply a by scalar b into r. (r = a * b)
*
* r A single precision integer.
* a A single precision integer.
* b A scalar.
*/
SP_NOINLINE static void sp_3072_mul_d_54(sp_digit* r, const sp_digit* a,
const sp_digit b)
{
#ifdef WOLFSSL_SP_SMALL
int128_t tb = b;
int128_t t = 0;
int i;
for (i = 0; i < 54; i++) {
t += tb * a[i];
r[i] = t & 0x1ffffffffffffffl;
t >>= 57;
}
r[54] = (sp_digit)t;
#else
int128_t tb = b;
int128_t t[8];
int i;
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
for (i = 0; i < 48; i += 8) {
t[1] = tb * a[i+1];
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[i+2];
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[i+3];
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[i+4];
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[i+5];
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
t[6] = tb * a[i+6];
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
t[7] = tb * a[i+7];
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
t[0] = tb * a[i+8];
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
}
t[1] = tb * a[49];
r[49] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
t[2] = tb * a[50];
r[50] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
t[3] = tb * a[51];
r[51] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
t[4] = tb * a[52];
r[52] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
t[5] = tb * a[53];
r[53] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
r[54] = (sp_digit)(t[5] >> 57);
#endif /* WOLFSSL_SP_SMALL */
}
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
@@ -5863,7 +5893,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
#endif /* SP_RSA_PRIVATE_EXP_D || WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM)
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
@@ -6097,6 +6127,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
#endif /* WOLFSSL_SP_SMALL */
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@@ -6331,6 +6362,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#ifdef WOLFSSL_HAVE_SP_DH
/* Convert an array of sp_digit to an mp_int.
+17 -2
View File
@@ -52,6 +52,7 @@ int sp_init(sp_int* a)
return MP_OKAY;
}
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Initialize up to six big numbers to be zero.
*
* a SP integer.
@@ -92,6 +93,7 @@ int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, sp_int* e,
return MP_OKAY;
}
#endif
/* Clear the data from the big number and set to zero.
*
@@ -158,6 +160,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
return MP_OKAY;
}
#ifdef HAVE_ECC
/* Convert a number as string in big-endian format to a big number.
* Only supports base-16 (hexadecimal).
* Negative values not supported.
@@ -210,6 +213,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
return MP_OKAY;
}
#endif
/* Compare two big numbers.
*
@@ -284,6 +288,7 @@ int sp_leading_bit(sp_int* a)
return bit;
}
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Convert the big number to an array of bytes in big-endian format.
* The array must be large enough for encoded number - use mp_unsigned_bin_size
* to calculate the number of bytes required.
@@ -307,6 +312,7 @@ int sp_to_unsigned_bin(sp_int* a, byte* out)
return MP_OKAY;
}
#endif
/* Convert the big number to an array of bytes in big-endian format.
* The array must be large enough for encoded number - use mp_unsigned_bin_size
@@ -333,6 +339,8 @@ int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz)
return MP_OKAY;
}
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Ensure the data in the big number is zeroed.
*
* a SP integer.
@@ -357,6 +365,7 @@ int sp_copy(sp_int* a, sp_int* b)
}
return MP_OKAY;
}
#endif
/* Set the big number to be the value of the digit.
*
@@ -371,6 +380,7 @@ int sp_set(sp_int* a, sp_int_digit d)
return MP_OKAY;
}
#if !defined(NO_DH) || defined(HAVE_ECC)
/* Checks whether the value of the big number is zero.
*
* a SP integer.
@@ -380,7 +390,9 @@ int sp_iszero(sp_int* a)
{
return a->used == 0;
}
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Recalculate the number of digits used.
*
* a SP integer.
@@ -436,6 +448,7 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
return MP_OKAY;
}
#endif
/* Compare a one digit number with a big number.
*
@@ -464,6 +477,7 @@ int sp_cmp_d(sp_int *a, sp_int_digit d)
return MP_EQ;
}
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Left shift the number by number of bits.
* Bits may be larger than the word size.
*
@@ -561,8 +575,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
return MP_OKAY;
}
#endif
#if defined(USE_FAST_MATH) || !defined(NO_BIG_INT)
/* Clear all data in the big number and sets value to zero.
*
* a SP integer.
@@ -604,6 +618,7 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
return MP_OKAY;
}
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
/* Left shift the big number by a number of digits.
* WIll chop off digits overflowing maximum size.
*
@@ -622,7 +637,6 @@ int sp_lshd(sp_int* a, int s)
return MP_OKAY;
}
#endif
#ifndef NO_PWDBASED
/* Add two large numbers into result: r = a + b
@@ -659,6 +673,7 @@ int sp_add(sp_int* a, sp_int* b, sp_int* r)
return MP_OKAY;
}
#endif /* NO_PWDBASED */
#endif
#ifndef NO_RSA
+4 -4
View File
@@ -2399,10 +2399,10 @@ void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
/* Use Duff's device to unroll the loop. */
int idx = (c - 1) & ~3;
switch (c % 4) {
case 0: do { pd[idx+0] = *b++;
case 3: pd[idx+1] = *b++;
case 2: pd[idx+2] = *b++;
case 1: pd[idx+3] = *b++;
case 0: do { pd[idx+0] = *b++; // fallthrough
case 3: pd[idx+1] = *b++; // fallthrough
case 2: pd[idx+2] = *b++; // fallthrough
case 1: pd[idx+3] = *b++; // fallthrough
idx -= 4;
} while ((c -= 4) > 0);
}
+78 -5
View File
@@ -9015,6 +9015,7 @@ int certext_test(void)
}
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
#ifndef NO_ASN
static int rsa_flatten_test(RsaKey* key)
{
int ret;
@@ -9106,8 +9107,9 @@ static int rsa_flatten_test(RsaKey* key)
return 0;
}
#endif /* NO_ASN */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN)
static int rsa_export_key_test(RsaKey* key)
{
int ret;
@@ -9179,7 +9181,7 @@ static int rsa_export_key_test(RsaKey* key)
return 0;
}
#endif /* !HAVE_FIPS */
#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
#ifndef NO_SIG_WRAPPER
static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
@@ -9438,7 +9440,7 @@ static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
}
#endif
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
static int rsa_decode_test(RsaKey* keyPub)
{
int ret;
@@ -10812,7 +10814,7 @@ int rsa_test(void)
XMEMSET(&caKey, 0, sizeof(caKey));
#endif
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
ret = rsa_decode_test(&key);
if (ret != 0)
return ret;
@@ -10862,11 +10864,27 @@ int rsa_test(void)
if (ret != 0) {
ERROR_OUT(-7003, exit_rsa);
}
#ifndef NO_ASN
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
if (ret != 0) {
ERROR_OUT(-7004, exit_rsa);
}
#elif defined(WOLFSSL_RSA_VERIFY_ONLY)
#ifdef USE_CERT_BUFFERS_2048
ret = mp_read_unsigned_bin(&key.n, &tmp[12], 256);
if (ret != 0) {
ERROR_OUT(-7004, exit_rsa);
}
ret = mp_set_int(&key.e, WC_RSA_EXPONENT);
if (ret != 0) {
ERROR_OUT(-7004, exit_rsa);
}
#else
#error Not supported yet!
#endif
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
@@ -10875,6 +10893,7 @@ int rsa_test(void)
if (ret != 0) {
ERROR_OUT(-7005, exit_rsa);
}
#endif
#ifndef NO_SIG_WRAPPER
ret = rsa_sig_test(&key, sizeof(RsaKey), wc_RsaEncryptSize(&key), &rng);
@@ -10888,6 +10907,7 @@ int rsa_test(void)
goto exit_rsa;
#endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@@ -10956,6 +10976,49 @@ int rsa_test(void)
if (ret < 0) {
ERROR_OUT(-7013, exit_rsa);
}
#else
(void)outSz;
(void)inLen;
(void)res;
{
byte signature_2048[] = {
0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
};
ret = sizeof(signature_2048);
XMEMCPY(out, signature_2048, ret);
}
#endif
idx = (word32)ret;
XMEMSET(plain, 0, plainSz);
@@ -10964,7 +11027,15 @@ int rsa_test(void)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
#ifndef WOLFSSL_RSA_VERIFY_INLINE
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
#else
byte* dec = NULL;
ret = wc_RsaSSL_VerifyInline(out, idx, &dec, &key);
if (ret > 0) {
XMEMCPY(plain, dec, ret);
}
#endif
}
} while (ret == WC_PENDING_E);
if (ret < 0) {
@@ -11245,15 +11316,17 @@ int rsa_test(void)
#endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
#endif /* WC_NO_RSA_OAEP */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN)
ret = rsa_export_key_test(&key);
if (ret != 0)
return ret;
#endif
#ifndef NO_ASN
ret = rsa_flatten_test(&key);
if (ret != 0)
return ret;
#endif
#if defined(WOLFSSL_MDK_ARM)
#define sizeof(s) XSTRLEN((char *)(s))