mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 22:00:49 +02:00
Merge pull request #1960 from SparkiDev/sp_rsavfy
Allow a very small build based on SHA-256 and RSA verify
This commit is contained in:
@@ -458,7 +458,7 @@ static const char* bench_result_words1[][4] = {
|
||||
#endif
|
||||
};
|
||||
|
||||
#if !defined(NO_RSA) ||defined(WOLFSSL_KEY_GEN) || defined(HAVE_NTRU) || \
|
||||
#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_NTRU) || \
|
||||
defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \
|
||||
defined(HAVE_ED25519)
|
||||
@@ -568,7 +568,7 @@ static const char* bench_desc_words[][9] = {
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) || !defined(NO_DH) \
|
||||
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) \
|
||||
|| defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) \
|
||||
|| defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
|
||||
#define HAVE_LOCAL_RNG
|
||||
@@ -578,7 +578,6 @@ static const char* bench_desc_words[][9] = {
|
||||
#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DH) || \
|
||||
!defined(NO_RSA) || defined(HAVE_SCRYPT)
|
||||
|
||||
#define BENCH_ASYM
|
||||
#endif
|
||||
|
||||
@@ -776,7 +775,9 @@ static int rsa_sign_verify = 0;
|
||||
|
||||
/* Don't print out in CSV format by default */
|
||||
static int csv_format = 0;
|
||||
#ifdef BENCH_ASYM
|
||||
static int csv_header_count = 0;
|
||||
#endif
|
||||
|
||||
/* for compatibility */
|
||||
#define BENCH_SIZE bench_size
|
||||
@@ -3858,31 +3859,139 @@ void bench_rsaKeyGen_size(int doAsync, int keySz)
|
||||
|
||||
#define RSA_BUF_SIZE 384 /* for up to 3072 bit */
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
static unsigned char rsa_2048_sig[] = {
|
||||
0x8c, 0x9e, 0x37, 0xbf, 0xc3, 0xa6, 0xba, 0x1c,
|
||||
0x53, 0x22, 0x40, 0x4b, 0x8b, 0x0d, 0x3c, 0x0e,
|
||||
0x2e, 0x8c, 0x31, 0x2c, 0x47, 0xbf, 0x03, 0x48,
|
||||
0x18, 0x46, 0x73, 0x8d, 0xd7, 0xdd, 0x17, 0x64,
|
||||
0x0d, 0x7f, 0xdc, 0x74, 0xed, 0x80, 0xc3, 0xe8,
|
||||
0x9a, 0x18, 0x33, 0xd4, 0xe6, 0xc5, 0xe1, 0x54,
|
||||
0x75, 0xd1, 0xbb, 0x40, 0xde, 0xa8, 0xb9, 0x1b,
|
||||
0x14, 0xe8, 0xc1, 0x39, 0xeb, 0xa0, 0x69, 0x8a,
|
||||
0xc6, 0x9b, 0xef, 0x53, 0xb5, 0x23, 0x2b, 0x78,
|
||||
0x06, 0x43, 0x37, 0x11, 0x81, 0x84, 0x73, 0x33,
|
||||
0x33, 0xfe, 0xf7, 0x5d, 0x2b, 0x84, 0xd6, 0x83,
|
||||
0xd6, 0xdd, 0x55, 0x33, 0xef, 0xd1, 0xf7, 0x12,
|
||||
0xb0, 0xc2, 0x0e, 0xb1, 0x78, 0xd4, 0xa8, 0xa3,
|
||||
0x25, 0xeb, 0xed, 0x9a, 0xb3, 0xee, 0xc3, 0x7e,
|
||||
0xce, 0x13, 0x18, 0x86, 0x31, 0xe1, 0xef, 0x01,
|
||||
0x0f, 0x6e, 0x67, 0x24, 0x74, 0xbd, 0x0b, 0x7f,
|
||||
0xa9, 0xca, 0x6f, 0xaa, 0x83, 0x28, 0x90, 0x40,
|
||||
0xf1, 0xb5, 0x10, 0x0e, 0x26, 0x03, 0x05, 0x5d,
|
||||
0x87, 0xb4, 0xe0, 0x4c, 0x98, 0xd8, 0xc6, 0x42,
|
||||
0x89, 0x77, 0xeb, 0xb6, 0xd4, 0xe6, 0x26, 0xf3,
|
||||
0x31, 0x25, 0xde, 0x28, 0x38, 0x58, 0xe8, 0x2c,
|
||||
0xf4, 0x56, 0x7c, 0xb6, 0xfd, 0x99, 0xb0, 0xb0,
|
||||
0xf4, 0x83, 0xb6, 0x74, 0xa9, 0x5b, 0x9f, 0xe8,
|
||||
0xe9, 0xf1, 0xa1, 0x2a, 0xbd, 0xf6, 0x83, 0x28,
|
||||
0x09, 0xda, 0xa6, 0xd6, 0xcd, 0x61, 0x60, 0xf7,
|
||||
0x13, 0x4e, 0x46, 0x57, 0x38, 0x1e, 0x11, 0x92,
|
||||
0x6b, 0x6b, 0xcf, 0xd3, 0xf4, 0x8b, 0x66, 0x03,
|
||||
0x25, 0xa3, 0x7a, 0x2f, 0xce, 0xc1, 0x85, 0xa5,
|
||||
0x48, 0x91, 0x8a, 0xb3, 0x4f, 0x5d, 0x98, 0xb1,
|
||||
0x69, 0x58, 0x47, 0x69, 0x0c, 0x52, 0xdc, 0x42,
|
||||
0x4c, 0xef, 0xe8, 0xd4, 0x4d, 0x6a, 0x33, 0x7d,
|
||||
0x9e, 0xd2, 0x51, 0xe6, 0x41, 0xbf, 0x4f, 0xa2
|
||||
};
|
||||
#elif defined(USE_CERT_BUFFERS_3072)
|
||||
static unsigned char rsa_3072_sig[] = {
|
||||
0x1a, 0xd6, 0x0d, 0xfd, 0xe3, 0x41, 0x95, 0x76,
|
||||
0x27, 0x16, 0x7d, 0xc7, 0x94, 0x16, 0xca, 0xa8,
|
||||
0x26, 0x08, 0xbe, 0x78, 0x87, 0x72, 0x4c, 0xd9,
|
||||
0xa7, 0xfc, 0x33, 0x77, 0x2d, 0x53, 0x07, 0xb5,
|
||||
0x8c, 0xce, 0x48, 0x17, 0x9b, 0xff, 0x9f, 0x9b,
|
||||
0x17, 0xc4, 0xbb, 0x72, 0xed, 0xdb, 0xa0, 0x34,
|
||||
0x69, 0x5b, 0xc7, 0x4e, 0xbf, 0xec, 0x13, 0xc5,
|
||||
0x98, 0x71, 0x9a, 0x4e, 0x18, 0x0e, 0xcb, 0xe7,
|
||||
0xc6, 0xd5, 0x21, 0x31, 0x7c, 0x0d, 0xae, 0x14,
|
||||
0x2b, 0x87, 0x4f, 0x77, 0x95, 0x2e, 0x26, 0xe2,
|
||||
0x83, 0xfe, 0x49, 0x1e, 0x87, 0x19, 0x4a, 0x63,
|
||||
0x73, 0x75, 0xf1, 0xf5, 0x71, 0xd2, 0xce, 0xd4,
|
||||
0x39, 0x2b, 0xd9, 0xe0, 0x76, 0x70, 0xc8, 0xf8,
|
||||
0xed, 0xdf, 0x90, 0x57, 0x17, 0xb9, 0x16, 0xf6,
|
||||
0xe9, 0x49, 0x48, 0xce, 0x5a, 0x8b, 0xe4, 0x84,
|
||||
0x7c, 0xf3, 0x31, 0x68, 0x97, 0x45, 0x68, 0x38,
|
||||
0x50, 0x3a, 0x70, 0xbd, 0xb3, 0xd3, 0xd2, 0xe0,
|
||||
0x56, 0x5b, 0xc2, 0x0c, 0x2c, 0x10, 0x70, 0x7b,
|
||||
0xd4, 0x99, 0xf9, 0x38, 0x31, 0xb1, 0x86, 0xa0,
|
||||
0x07, 0xf1, 0xf6, 0x53, 0xb0, 0x44, 0x82, 0x40,
|
||||
0xd2, 0xab, 0x0e, 0x71, 0x5d, 0xe1, 0xea, 0x3a,
|
||||
0x77, 0xc9, 0xef, 0xfe, 0x54, 0x65, 0xa3, 0x49,
|
||||
0xfd, 0xa5, 0x33, 0xaa, 0x16, 0x1a, 0x38, 0xe7,
|
||||
0xaa, 0xb7, 0x13, 0xb2, 0x3b, 0xc7, 0x00, 0x87,
|
||||
0x12, 0xfe, 0xfd, 0xf4, 0x55, 0x6d, 0x1d, 0x4a,
|
||||
0x0e, 0xad, 0xd0, 0x4c, 0x55, 0x91, 0x60, 0xd9,
|
||||
0xef, 0x74, 0x69, 0x22, 0x8c, 0x51, 0x65, 0xc2,
|
||||
0x04, 0xac, 0xd3, 0x8d, 0xf7, 0x35, 0x29, 0x13,
|
||||
0x6d, 0x61, 0x7c, 0x39, 0x2f, 0x41, 0x4c, 0xdf,
|
||||
0x38, 0xfd, 0x1a, 0x7d, 0x42, 0xa7, 0x6f, 0x3f,
|
||||
0x3d, 0x9b, 0xd1, 0x97, 0xab, 0xc0, 0xa7, 0x28,
|
||||
0x1c, 0xc0, 0x02, 0x26, 0xeb, 0xce, 0xf9, 0xe1,
|
||||
0x34, 0x45, 0xaf, 0xbf, 0x8d, 0xb8, 0xe0, 0xff,
|
||||
0xd9, 0x6f, 0x77, 0xf3, 0xf7, 0xed, 0x6a, 0xbb,
|
||||
0x03, 0x52, 0xfb, 0x38, 0xfc, 0xea, 0x9f, 0xc9,
|
||||
0x98, 0xed, 0x21, 0x45, 0xaf, 0x43, 0x2b, 0x64,
|
||||
0x96, 0x82, 0x30, 0xe9, 0xb4, 0x36, 0x89, 0x77,
|
||||
0x07, 0x4a, 0xc6, 0x1f, 0x38, 0x7a, 0xee, 0xb6,
|
||||
0x86, 0xf6, 0x2f, 0x03, 0xec, 0xa2, 0xe5, 0x48,
|
||||
0xe5, 0x5a, 0xf5, 0x1c, 0xd2, 0xd9, 0xd8, 0x2d,
|
||||
0x9d, 0x06, 0x07, 0xc9, 0x8b, 0x5d, 0xe0, 0x0f,
|
||||
0x5e, 0x0c, 0x53, 0x27, 0xff, 0x23, 0xee, 0xca,
|
||||
0x5e, 0x4d, 0xf1, 0x95, 0x77, 0x78, 0x1f, 0xf2,
|
||||
0x44, 0x5b, 0x7d, 0x01, 0x49, 0x61, 0x6f, 0x6d,
|
||||
0xbf, 0xf5, 0x19, 0x06, 0x39, 0xe9, 0xe9, 0x29,
|
||||
0xde, 0x47, 0x5e, 0x2e, 0x1f, 0x68, 0xf4, 0x32,
|
||||
0x5e, 0xe9, 0xd0, 0xa7, 0xb4, 0x2a, 0x45, 0xdf,
|
||||
0x15, 0x7d, 0x0d, 0x5b, 0xef, 0xc6, 0x23, 0xac
|
||||
};
|
||||
#else
|
||||
#error Not Supported Yet!
|
||||
#endif
|
||||
|
||||
static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
|
||||
int rsaKeySz)
|
||||
{
|
||||
int ret = 0, i, times, count = 0, pending = 0;
|
||||
word32 idx = 0;
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
const char* messageStr = "Everyone gets Friday off.";
|
||||
const int len = (int)XSTRLEN((char*)messageStr);
|
||||
#endif
|
||||
double start = 0.0f;
|
||||
const char**desc = bench_desc_words[lng_index];
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
DECLARE_VAR_INIT(message, byte, len, messageStr, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 128, HEAP_HINT);
|
||||
#else
|
||||
byte* out[BENCH_MAX_PENDING];
|
||||
#endif
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 256, HEAP_HINT);
|
||||
#else
|
||||
byte* out[BENCH_MAX_PENDING];
|
||||
#endif
|
||||
#elif defined(USE_CERT_BUFFERS_3072)
|
||||
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
|
||||
DECLARE_ARRAY(enc, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
DECLARE_ARRAY(out, byte, BENCH_MAX_PENDING, 384, HEAP_HINT);
|
||||
#else
|
||||
byte* out[BENCH_MAX_PENDING];
|
||||
#endif
|
||||
#else
|
||||
#error "need a cert buffer size"
|
||||
#endif /* USE_CERT_BUFFERS */
|
||||
|
||||
if (!rsa_sign_verify) {
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* begin public RSA */
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
@@ -3908,7 +4017,9 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
|
||||
exit_rsa_pub:
|
||||
bench_stats_asym_finish("RSA", rsaKeySz, desc[0], doAsync, count,
|
||||
start, ret);
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
if (ret < 0) {
|
||||
goto exit;
|
||||
}
|
||||
@@ -3941,8 +4052,10 @@ exit_rsa_pub:
|
||||
exit:
|
||||
bench_stats_asym_finish("RSA", rsaKeySz, desc[1], doAsync, count,
|
||||
start, ret);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
/* begin RSA sign */
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
@@ -3972,6 +4085,7 @@ exit_rsa_sign:
|
||||
if (ret < 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* capture resulting encrypt length */
|
||||
idx = rsaKeySz/8;
|
||||
@@ -3986,8 +4100,26 @@ exit_rsa_sign:
|
||||
for (i = 0; i < BENCH_MAX_PENDING; i++) {
|
||||
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]),
|
||||
1, ×, ntimes, &pending)) {
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
|
||||
rsaKeySz/8, &rsaKey[i]);
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
|
||||
idx = sizeof(rsa_2048_sig);
|
||||
out[i] = NULL;
|
||||
ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i],
|
||||
&rsaKey[i]);
|
||||
if (ret > 0)
|
||||
ret = 0;
|
||||
#elif defined(USE_CERT_BUFFERS_3072)
|
||||
XMEMCPY(enc[i], rsa_3072_sig, sizeof(rsa_3072_sig));
|
||||
idx = sizeof(rsa_3072_sig);
|
||||
out[i] = NULL;
|
||||
ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i],
|
||||
&rsaKey[i]);
|
||||
if (ret > 0)
|
||||
ret = 0;
|
||||
#endif
|
||||
if (!bench_async_handle(&ret,
|
||||
BENCH_ASYNC_GET_DEV(&rsaKey[i]),
|
||||
1, ×, &pending)) {
|
||||
@@ -4051,6 +4183,7 @@ void bench_rsa(int doAsync)
|
||||
goto exit_bench_rsa;
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
/* decode the private key */
|
||||
idx = 0;
|
||||
if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i],
|
||||
@@ -4058,6 +4191,35 @@ void bench_rsa(int doAsync)
|
||||
printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
|
||||
goto exit_bench_rsa;
|
||||
}
|
||||
#else
|
||||
#ifdef USE_CERT_BUFFERS_2048
|
||||
ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 256);
|
||||
if (ret != 0) {
|
||||
printf("Setting modulus failed! %d\n", ret);
|
||||
goto exit_bench_rsa;
|
||||
}
|
||||
ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
|
||||
if (ret != 0) {
|
||||
printf("Setting public exponent failed! %d\n", ret);
|
||||
goto exit_bench_rsa;
|
||||
}
|
||||
#elif defined(USE_CERT_BUFFERS_3072)
|
||||
ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 384);
|
||||
if (ret != 0) {
|
||||
printf("Setting modulus failed! %d\n", ret);
|
||||
goto exit_bench_rsa;
|
||||
}
|
||||
ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
|
||||
if (ret != 0) {
|
||||
printf("Setting public exponent failed! %d\n", ret);
|
||||
goto exit_bench_rsa;
|
||||
}
|
||||
#else
|
||||
#error Not supported yet!
|
||||
#endif
|
||||
(void)idx;
|
||||
(void)bytes;
|
||||
#endif
|
||||
}
|
||||
|
||||
bench_rsa_helper(doAsync, rsaKey, rsaKeySz);
|
||||
@@ -5258,10 +5420,12 @@ int main(int argc, char** argv)
|
||||
else if (string_matches(argv[1], "-rsa_sign"))
|
||||
rsa_sign_verify = 1;
|
||||
#endif
|
||||
#ifdef BENCH_ASYM
|
||||
else if (string_matches(argv[1], "-csv")) {
|
||||
csv_format = 1;
|
||||
csv_header_count = 1;
|
||||
}
|
||||
#endif
|
||||
else if (argv[1][0] == '-') {
|
||||
optMatched = 0;
|
||||
#ifndef WOLFSSL_BENCHMARK_ALL
|
||||
|
||||
+14
-4
@@ -127,7 +127,7 @@ STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
}
|
||||
|
||||
|
||||
#ifdef WORD64_AVAILABLE
|
||||
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
|
||||
|
||||
|
||||
STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
|
||||
@@ -169,9 +169,9 @@ STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
|
||||
|
||||
}
|
||||
|
||||
#endif /* WORD64_AVAILABLE */
|
||||
|
||||
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
|
||||
|
||||
#ifndef WOLFSSL_NO_XOR_OPS
|
||||
STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
|
||||
{
|
||||
word32 i;
|
||||
@@ -193,8 +193,9 @@ STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
||||
for (i = 0; i < count; i++) b[i] ^= m[i];
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_FORCE_ZERO
|
||||
/* Make sure compiler doesn't skip */
|
||||
STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
|
||||
{
|
||||
@@ -217,8 +218,10 @@ STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
|
||||
|
||||
while (len--) *z++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_CONST_CMP
|
||||
/* check all length bytes for equality, return 0 on success */
|
||||
STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
|
||||
{
|
||||
@@ -231,6 +234,7 @@ STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
|
||||
|
||||
return compareSum;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_HAVE_MIN
|
||||
@@ -255,6 +259,7 @@ STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length)
|
||||
}
|
||||
#endif /* !WOLFSSL_HAVE_MAX */
|
||||
|
||||
#ifndef WOLFSSL_NO_INT_ENCODE
|
||||
/* converts a 32 bit integer to 24 bit */
|
||||
STATIC WC_INLINE void c32to24(word32 in, word24 out)
|
||||
{
|
||||
@@ -278,7 +283,9 @@ STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
|
||||
c[2] = (wc_u32 >> 8) & 0xff;
|
||||
c[3] = wc_u32 & 0xff;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_INT_DECODE
|
||||
/* convert a 24 bit integer into a 32 bit one */
|
||||
STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
|
||||
{
|
||||
@@ -309,8 +316,10 @@ STATIC WC_INLINE word32 btoi(byte b)
|
||||
{
|
||||
return (word32)(b - 0x30);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_CT_OPS
|
||||
/* Constant time - mask set when a > b. */
|
||||
STATIC WC_INLINE byte ctMaskGT(int a, int b)
|
||||
{
|
||||
@@ -365,6 +374,7 @@ STATIC WC_INLINE byte ctSetLTE(int a, int b)
|
||||
{
|
||||
return ((word32)a - b - 1) >> 31;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#undef STATIC
|
||||
|
||||
+92
-5
@@ -96,6 +96,7 @@ int wc_FreeRsaKey(RsaKey* key)
|
||||
}
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key, WC_RNG* rng)
|
||||
{
|
||||
@@ -104,8 +105,10 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
|
||||
RsaKey* key)
|
||||
{
|
||||
@@ -134,6 +137,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
@@ -164,6 +168,7 @@ int wc_RsaEncryptSize(RsaKey* key)
|
||||
}
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
|
||||
word32* bSz)
|
||||
{
|
||||
@@ -171,6 +176,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
|
||||
/* not specified as fips so not needing _fips */
|
||||
return RsaFlattenPublicKey(key, a, aSz, b, bSz);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
@@ -215,19 +221,25 @@ enum {
|
||||
|
||||
static void wc_RsaCleanup(RsaKey* key)
|
||||
{
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
if (key && key->data) {
|
||||
/* make sure any allocated memory is free'd */
|
||||
if (key->dataIsAlloc) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
if (key->type == RSA_PRIVATE_DECRYPT ||
|
||||
key->type == RSA_PRIVATE_ENCRYPT) {
|
||||
ForceZero(key->data, key->dataLen);
|
||||
}
|
||||
#endif
|
||||
XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
key->dataIsAlloc = 0;
|
||||
}
|
||||
key->data = NULL;
|
||||
key->dataLen = 0;
|
||||
}
|
||||
#else
|
||||
(void)key;
|
||||
#endif
|
||||
}
|
||||
|
||||
int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
@@ -243,9 +255,11 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
key->type = RSA_TYPE_UNKNOWN;
|
||||
key->state = RSA_STATE_NONE;
|
||||
key->heap = heap;
|
||||
key->data = NULL;
|
||||
key->dataLen = 0;
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
key->dataIsAlloc = 0;
|
||||
key->data = NULL;
|
||||
#endif
|
||||
key->dataLen = 0;
|
||||
#ifdef WC_RSA_BLINDING
|
||||
key->rng = NULL;
|
||||
#endif
|
||||
@@ -270,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
#endif /* WC_ASYNC_ENABLE_RSA */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
@@ -284,6 +299,16 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
mp_clear(&key->e);
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
ret = mp_init(&key->n);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
ret = mp_init(&key->e);
|
||||
if (ret != MP_OKAY) {
|
||||
mp_clear(&key->n);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_XILINX_CRYPT
|
||||
key->pubExp = 0;
|
||||
@@ -411,6 +436,7 @@ int wc_FreeRsaKey(RsaKey* key)
|
||||
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA);
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
if (key->type == RSA_PRIVATE) {
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
|
||||
mp_forcezero(&key->u);
|
||||
@@ -430,6 +456,7 @@ int wc_FreeRsaKey(RsaKey* key)
|
||||
mp_clear(&key->q);
|
||||
mp_clear(&key->p);
|
||||
mp_clear(&key->d);
|
||||
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* public part */
|
||||
mp_clear(&key->e);
|
||||
@@ -443,7 +470,7 @@ int wc_FreeRsaKey(RsaKey* key)
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
/* Check the pair-wise consistency of the RSA key.
|
||||
* From NIST SP 800-56B, section 6.4.1.1.
|
||||
* Verify that k = (k^e)^d, for some k: 1 < k < n-1. */
|
||||
@@ -532,6 +559,7 @@ int wc_CheckRsaKey(RsaKey* key)
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
|
||||
@@ -944,6 +972,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
|
||||
}
|
||||
else {
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* pad with non-zero random bytes */
|
||||
word32 padLen, i;
|
||||
int ret;
|
||||
@@ -963,6 +992,9 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
for (i = 1; i < padLen; i++) {
|
||||
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
|
||||
}
|
||||
#else
|
||||
return RSA_WRONG_TYPE_E;
|
||||
#endif
|
||||
}
|
||||
|
||||
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
|
||||
@@ -972,6 +1004,7 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
}
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* helper function to direct which padding is used */
|
||||
static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
|
||||
@@ -1133,6 +1166,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
return pkcsBlockLen - idx;
|
||||
}
|
||||
#endif /* WC_NO_RSA_OAEP */
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
/* 0x00 .. 0x00 0x01 | Salt | Gen Hash | 0xbc
|
||||
@@ -1219,7 +1253,9 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
{
|
||||
int ret;
|
||||
word32 i;
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
byte invalid = 0;
|
||||
#endif
|
||||
|
||||
if (output == NULL || pkcsBlockLen == 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -1244,6 +1280,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
*output = (byte *)(pkcsBlock + i);
|
||||
ret = pkcsBlockLen - i;
|
||||
}
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
else {
|
||||
word32 j;
|
||||
byte pastSep = 0;
|
||||
@@ -1267,6 +1304,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
*output = (byte *)(pkcsBlock + i);
|
||||
ret = ((int)~invalid) & (pkcsBlockLen - i);
|
||||
}
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -1491,6 +1529,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
#ifndef WOLFSSL_SP_NO_2048
|
||||
if (mp_count_bits(&key->n) == 2048) {
|
||||
switch(type) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
case RSA_PRIVATE_DECRYPT:
|
||||
case RSA_PRIVATE_ENCRYPT:
|
||||
#ifdef WC_RSA_BLINDING
|
||||
@@ -1505,6 +1544,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
|
||||
NULL, NULL, NULL, &key->n, out, outLen);
|
||||
#endif
|
||||
#endif
|
||||
case RSA_PUBLIC_ENCRYPT:
|
||||
case RSA_PUBLIC_DECRYPT:
|
||||
return sp_RsaPublic_2048(in, inLen, &key->e, &key->n, out, outLen);
|
||||
@@ -1514,6 +1554,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
#ifndef WOLFSSL_SP_NO_3072
|
||||
if (mp_count_bits(&key->n) == 3072) {
|
||||
switch(type) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
case RSA_PRIVATE_DECRYPT:
|
||||
case RSA_PRIVATE_ENCRYPT:
|
||||
#ifdef WC_RSA_BLINDING
|
||||
@@ -1528,6 +1569,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
|
||||
NULL, NULL, NULL, &key->n, out, outLen);
|
||||
#endif
|
||||
#endif
|
||||
case RSA_PUBLIC_ENCRYPT:
|
||||
case RSA_PUBLIC_DECRYPT:
|
||||
return sp_RsaPublic_3072(in, inLen, &key->e, &key->n, out, outLen);
|
||||
@@ -1537,6 +1579,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
#endif /* WOLFSSL_HAVE_SP_RSA */
|
||||
|
||||
#ifdef WOLFSSL_SP_MATH
|
||||
(void)rng;
|
||||
return WC_KEY_SIZE_E;
|
||||
#else
|
||||
(void)rng;
|
||||
@@ -1575,6 +1618,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
|
||||
if (ret == 0) {
|
||||
switch(type) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
case RSA_PRIVATE_DECRYPT:
|
||||
case RSA_PRIVATE_ENCRYPT:
|
||||
{
|
||||
@@ -1678,6 +1722,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
|
||||
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
case RSA_PUBLIC_ENCRYPT:
|
||||
case RSA_PUBLIC_DECRYPT:
|
||||
#ifdef WOLFSSL_XILINX_CRYPT
|
||||
@@ -1751,6 +1796,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
|
||||
|
||||
switch(type) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
case RSA_PRIVATE_DECRYPT:
|
||||
case RSA_PRIVATE_ENCRYPT:
|
||||
#ifdef HAVE_CAVIUM
|
||||
@@ -1775,6 +1821,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
|
||||
ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
|
||||
case RSA_PUBLIC_ENCRYPT:
|
||||
case RSA_PUBLIC_DECRYPT:
|
||||
@@ -2008,6 +2055,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* Internal Wrappers */
|
||||
/* Gives the option of choosing padding type
|
||||
in : input to be encrypted
|
||||
@@ -2129,6 +2177,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Gives the option of choosing padding type
|
||||
in : input to be decrypted
|
||||
@@ -2170,12 +2219,14 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
/* Async operations that include padding */
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
|
||||
pad_type != WC_RSA_PSS_PAD) {
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
if (rsa_type == RSA_PRIVATE_DECRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_2) {
|
||||
key->state = RSA_STATE_DECRYPT_RES;
|
||||
key->data = NULL;
|
||||
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen,
|
||||
key);
|
||||
#endif
|
||||
}
|
||||
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_1) {
|
||||
@@ -2186,6 +2237,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
|
||||
/* verify the tmp ptr is NULL, otherwise indicates bad state */
|
||||
if (key->data != NULL) {
|
||||
ret = BAD_STATE_E;
|
||||
@@ -2206,13 +2258,19 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
else {
|
||||
key->data = out;
|
||||
}
|
||||
#endif
|
||||
|
||||
key->state = RSA_STATE_DECRYPT_EXPTMOD;
|
||||
FALL_THROUGH;
|
||||
|
||||
case RSA_STATE_DECRYPT_EXPTMOD:
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
|
||||
ret = wc_RsaFunction(key->data, inLen, key->data, &key->dataLen,
|
||||
rsa_type, key, rng);
|
||||
#else
|
||||
ret = wc_RsaFunction(out, inLen, out, &key->dataLen, rsa_type, key,
|
||||
rng);
|
||||
#endif
|
||||
|
||||
if (ret >= 0 || ret == WC_PENDING_E) {
|
||||
key->state = RSA_STATE_DECRYPT_UNPAD;
|
||||
@@ -2226,16 +2284,25 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
case RSA_STATE_DECRYPT_UNPAD:
|
||||
{
|
||||
byte* pad = NULL;
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)
|
||||
ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type,
|
||||
hash, mgf, label, labelSz, saltLen,
|
||||
mp_count_bits(&key->n), key->heap);
|
||||
#else
|
||||
ret = wc_RsaUnPad_ex(out, key->dataLen, &pad, pad_value, pad_type, hash,
|
||||
mgf, label, labelSz, saltLen,
|
||||
mp_count_bits(&key->n), key->heap);
|
||||
#endif
|
||||
if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen)
|
||||
ret = RSA_BUFFER_E;
|
||||
else if (ret >= 0 && pad != NULL) {
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
signed char c;
|
||||
#endif
|
||||
|
||||
/* only copy output if not inline */
|
||||
if (outPtr == NULL) {
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
word32 i, j;
|
||||
int start = (int)((size_t)pad - (size_t)key->data);
|
||||
|
||||
@@ -2246,12 +2313,20 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
/* 0 - no add, -1 add */
|
||||
i += -c;
|
||||
}
|
||||
#else
|
||||
XMEMCPY(out, pad, ret);
|
||||
#endif
|
||||
}
|
||||
else
|
||||
*outPtr = pad;
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
ret = ctMaskSelInt(ctMaskLTE(ret, outLen), ret, RSA_BUFFER_E);
|
||||
ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E);
|
||||
#else
|
||||
if (outLen < (word32)ret)
|
||||
ret = RSA_BUFFER_E;
|
||||
#endif
|
||||
}
|
||||
|
||||
key->state = RSA_STATE_DECRYPT_RES;
|
||||
@@ -2296,6 +2371,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* Public RSA Functions */
|
||||
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key, WC_RNG* rng)
|
||||
@@ -2316,8 +2392,10 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
|
||||
RSA_BLOCK_TYPE_2, type, hash, mgf, label, labelSz, 0, rng);
|
||||
}
|
||||
#endif /* WC_NO_RSA_OAEP */
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
{
|
||||
WC_RNG* rng = NULL;
|
||||
@@ -2373,6 +2451,7 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out,
|
||||
labelSz, 0, rng);
|
||||
}
|
||||
#endif /* WC_NO_RSA_OAEP || WC_RSA_NO_PADDING */
|
||||
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
|
||||
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
@@ -2386,6 +2465,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng);
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
{
|
||||
@@ -2403,6 +2483,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
|
||||
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
/* Verify the message signed with RSA-PSS.
|
||||
@@ -2667,6 +2748,7 @@ int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key, WC_RNG* rng)
|
||||
{
|
||||
@@ -2720,7 +2802,9 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
hash, mgf, NULL, 0, saltLen, rng);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(WOLFSSL_SP_MATH)
|
||||
int wc_RsaEncryptSize(RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
@@ -2739,8 +2823,9 @@ int wc_RsaEncryptSize(RsaKey* key)
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
/* flatten RsaKey structure into individual elements (e, n) */
|
||||
int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
|
||||
word32* nSz)
|
||||
@@ -2769,11 +2854,12 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
static int RsaGetValue(mp_int* in, byte* out, word32* outSz)
|
||||
{
|
||||
word32 sz;
|
||||
@@ -2818,6 +2904,7 @@ int wc_RsaExportKey(RsaKey* key,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
|
||||
@@ -356,7 +356,7 @@ int wc_SignatureGenerateHash(
|
||||
|
||||
case WC_SIGNATURE_TYPE_RSA_W_ENC:
|
||||
case WC_SIGNATURE_TYPE_RSA:
|
||||
#ifndef NO_RSA
|
||||
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* Create signature using provided RSA key */
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
@@ -420,7 +420,7 @@ int wc_SignatureGenerate(
|
||||
}
|
||||
hash_enc_len = hash_len = ret;
|
||||
|
||||
#ifndef NO_RSA
|
||||
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
|
||||
/* For RSA with ASN.1 encoding include room */
|
||||
hash_enc_len += MAX_DER_DIGEST_ASN_SZ;
|
||||
@@ -440,7 +440,8 @@ int wc_SignatureGenerate(
|
||||
if (ret == 0) {
|
||||
/* Handle RSA with DER encoding */
|
||||
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
|
||||
#if defined(NO_RSA) || defined(NO_ASN)
|
||||
#if defined(NO_RSA) || defined(NO_ASN) || \
|
||||
defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
ret = SIG_TYPE_E;
|
||||
#else
|
||||
ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len,
|
||||
|
||||
+1448
-1432
File diff suppressed because it is too large
Load Diff
+818
-814
File diff suppressed because it is too large
Load Diff
+165
-161
@@ -2303,7 +2303,8 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
/* AND m into each word of a and store in r.
|
||||
*
|
||||
@@ -2738,7 +2739,7 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* Caclulate the bottom digit of -1/a mod 2^n.
|
||||
*
|
||||
@@ -2759,7 +2760,84 @@ static void sp_2048_mont_setup(sp_digit* a, sp_digit* rho)
|
||||
*rho = -x;
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
/* Mul a by digit b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A single precision digit.
|
||||
*/
|
||||
SP_NOINLINE static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"mov r6, #1\n\t"
|
||||
"lsl r6, r6, #8\n\t"
|
||||
"add r6, %[a]\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"mov r9, r6\n\t"
|
||||
"mov r3, #0\n\t"
|
||||
"mov r4, #0\n\t"
|
||||
"1:\n\t"
|
||||
"mov %[r], #0\n\t"
|
||||
"mov r5, #0\n\t"
|
||||
"# A[] * B\n\t"
|
||||
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"umull r6, r7, r6, %[b]\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#else
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r3, r7\n\t"
|
||||
"adc r4, %[r]\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#endif
|
||||
"# A[] * B - Done\n\t"
|
||||
"mov %[r], r8\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
"mov r3, r4\n\t"
|
||||
"mov r4, r5\n\t"
|
||||
"add %[r], #4\n\t"
|
||||
"add %[a], #4\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"cmp %[a], r9\n\t"
|
||||
"blt 1b\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
: [r] "+r" (r), [a] "+r" (a)
|
||||
: [b] "r" (b)
|
||||
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
|
||||
);
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
* Given m must be 2048 bits, just need to subtract.
|
||||
*
|
||||
@@ -3598,7 +3676,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, sp_digit* a, sp_digit* e,
|
||||
}
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
#ifdef WOLFSSL_HAVE_SP_DH
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
@@ -3843,82 +3921,6 @@ static void sp_2048_mont_sqr_64(sp_digit* r, sp_digit* a, sp_digit* m,
|
||||
sp_2048_mont_reduce_64(r, m, mp);
|
||||
}
|
||||
|
||||
/* Mul a by digit b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A single precision digit.
|
||||
*/
|
||||
SP_NOINLINE static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"mov r6, #1\n\t"
|
||||
"lsl r6, r6, #8\n\t"
|
||||
"add r6, %[a]\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"mov r9, r6\n\t"
|
||||
"mov r3, #0\n\t"
|
||||
"mov r4, #0\n\t"
|
||||
"1:\n\t"
|
||||
"mov %[r], #0\n\t"
|
||||
"mov r5, #0\n\t"
|
||||
"# A[] * B\n\t"
|
||||
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"umull r6, r7, r6, %[b]\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#else
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r3, r7\n\t"
|
||||
"adc r4, %[r]\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#endif
|
||||
"# A[] * B - Done\n\t"
|
||||
"mov %[r], r8\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
"mov r3, r4\n\t"
|
||||
"mov r4, r5\n\t"
|
||||
"add %[r], #4\n\t"
|
||||
"add %[a], #4\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"cmp %[a], r9\n\t"
|
||||
"blt 1b\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
: [r] "+r" (r), [a] "+r" (a)
|
||||
: [b] "r" (b)
|
||||
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
|
||||
);
|
||||
}
|
||||
|
||||
/* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
|
||||
*
|
||||
* d1 The high order half of the number to divide.
|
||||
@@ -7679,7 +7681,8 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
/* AND m into each word of a and store in r.
|
||||
*
|
||||
@@ -8084,7 +8087,7 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* Caclulate the bottom digit of -1/a mod 2^n.
|
||||
*
|
||||
@@ -8105,7 +8108,85 @@ static void sp_3072_mont_setup(sp_digit* a, sp_digit* rho)
|
||||
*rho = -x;
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
/* Mul a by digit b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A single precision digit.
|
||||
*/
|
||||
SP_NOINLINE static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"mov r6, #1\n\t"
|
||||
"lsl r6, r6, #8\n\t"
|
||||
"add r6, #128\n\t"
|
||||
"add r6, %[a]\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"mov r9, r6\n\t"
|
||||
"mov r3, #0\n\t"
|
||||
"mov r4, #0\n\t"
|
||||
"1:\n\t"
|
||||
"mov %[r], #0\n\t"
|
||||
"mov r5, #0\n\t"
|
||||
"# A[] * B\n\t"
|
||||
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"umull r6, r7, r6, %[b]\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#else
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r3, r7\n\t"
|
||||
"adc r4, %[r]\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#endif
|
||||
"# A[] * B - Done\n\t"
|
||||
"mov %[r], r8\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
"mov r3, r4\n\t"
|
||||
"mov r4, r5\n\t"
|
||||
"add %[r], #4\n\t"
|
||||
"add %[a], #4\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"cmp %[a], r9\n\t"
|
||||
"blt 1b\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
: [r] "+r" (r), [a] "+r" (a)
|
||||
: [b] "r" (b)
|
||||
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
|
||||
);
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
/* Sub b from a into a. (a -= b)
|
||||
*
|
||||
@@ -9201,7 +9282,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, sp_digit* a, sp_digit* e,
|
||||
}
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
#ifdef WOLFSSL_HAVE_SP_DH
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
@@ -9450,83 +9531,6 @@ static void sp_3072_mont_sqr_96(sp_digit* r, sp_digit* a, sp_digit* m,
|
||||
sp_3072_mont_reduce_96(r, m, mp);
|
||||
}
|
||||
|
||||
/* Mul a by digit b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A single precision digit.
|
||||
*/
|
||||
SP_NOINLINE static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
__asm__ __volatile__ (
|
||||
"mov r6, #1\n\t"
|
||||
"lsl r6, r6, #8\n\t"
|
||||
"add r6, #128\n\t"
|
||||
"add r6, %[a]\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"mov r9, r6\n\t"
|
||||
"mov r3, #0\n\t"
|
||||
"mov r4, #0\n\t"
|
||||
"1:\n\t"
|
||||
"mov %[r], #0\n\t"
|
||||
"mov r5, #0\n\t"
|
||||
"# A[] * B\n\t"
|
||||
#ifdef WOLFSSL_SP_ARM_THUMB_ASM_CORTEX_M
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"umull r6, r7, r6, %[b]\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#else
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r3, r7\n\t"
|
||||
"adc r4, %[r]\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"ldr r6, [%[a]]\n\t"
|
||||
"lsr r6, r6, #16\n\t"
|
||||
"lsr r7, %[b], #16\n\t"
|
||||
"mul r7, r6\n\t"
|
||||
"add r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
"lsl r7, %[b], #16\n\t"
|
||||
"lsr r7, r7, #16\n\t"
|
||||
"mul r6, r7\n\t"
|
||||
"lsr r7, r6, #16\n\t"
|
||||
"lsl r6, r6, #16\n\t"
|
||||
"add r3, r6\n\t"
|
||||
"adc r4, r7\n\t"
|
||||
"adc r5, %[r]\n\t"
|
||||
#endif
|
||||
"# A[] * B - Done\n\t"
|
||||
"mov %[r], r8\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
"mov r3, r4\n\t"
|
||||
"mov r4, r5\n\t"
|
||||
"add %[r], #4\n\t"
|
||||
"add %[a], #4\n\t"
|
||||
"mov r8, %[r]\n\t"
|
||||
"cmp %[a], r9\n\t"
|
||||
"blt 1b\n\t"
|
||||
"str r3, [%[r]]\n\t"
|
||||
: [r] "+r" (r), [a] "+r" (a)
|
||||
: [b] "r" (b)
|
||||
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
|
||||
);
|
||||
}
|
||||
|
||||
/* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
|
||||
*
|
||||
* d1 The high order half of the number to divide.
|
||||
|
||||
+1067
-1299
File diff suppressed because it is too large
Load Diff
+155
-123
@@ -50,7 +50,7 @@
|
||||
|
||||
#ifndef WOLFSSL_SP_ASM
|
||||
#if SP_WORD_SIZE == 64
|
||||
#if defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)
|
||||
#if (defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* Mask for address to obfuscate which of the two address will be used. */
|
||||
static const size_t addr_mask[2] = { 0, (size_t)-1 };
|
||||
#endif
|
||||
@@ -701,7 +701,8 @@ SP_NOINLINE static void sp_2048_sqr_36(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
/* Add b to a into r. (r = a + b)
|
||||
*
|
||||
@@ -806,7 +807,7 @@ SP_NOINLINE static void sp_2048_sqr_18(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* Caclulate the bottom digit of -1/a mod 2^n.
|
||||
*
|
||||
@@ -829,7 +830,62 @@ static void sp_2048_mont_setup(sp_digit* a, sp_digit* rho)
|
||||
*rho = (1L << 57) - x;
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
/* Multiply a by scalar b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A scalar.
|
||||
*/
|
||||
SP_NOINLINE static void sp_2048_mul_d_36(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
int128_t tb = b;
|
||||
int128_t t = 0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 36; i++) {
|
||||
t += tb * a[i];
|
||||
r[i] = t & 0x1ffffffffffffffl;
|
||||
t >>= 57;
|
||||
}
|
||||
r[36] = (sp_digit)t;
|
||||
#else
|
||||
int128_t tb = b;
|
||||
int128_t t[8];
|
||||
int i;
|
||||
|
||||
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
|
||||
for (i = 0; i < 32; i += 8) {
|
||||
t[1] = tb * a[i+1];
|
||||
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[i+2];
|
||||
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[i+3];
|
||||
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[i+4];
|
||||
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[i+5];
|
||||
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
t[6] = tb * a[i+6];
|
||||
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
|
||||
t[7] = tb * a[i+7];
|
||||
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
|
||||
t[0] = tb * a[i+8];
|
||||
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
|
||||
}
|
||||
t[1] = tb * a[33];
|
||||
r[33] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[34];
|
||||
r[34] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[35];
|
||||
r[35] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
r[36] = (sp_digit)(t[3] >> 57);
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
* Given m must be 2048 bits, just need to subtract.
|
||||
*
|
||||
@@ -1631,7 +1687,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
* Given m must be 2048 bits, just need to subtract.
|
||||
@@ -1897,6 +1953,7 @@ static void sp_2048_mont_reduce_36(sp_digit* a, sp_digit* m, sp_digit mp)
|
||||
int i;
|
||||
sp_digit mu;
|
||||
|
||||
#ifdef WOLFSSL_SP_DH
|
||||
if (mp != 1) {
|
||||
for (i=0; i<35; i++) {
|
||||
mu = (a[i] * mp) & 0x1ffffffffffffffl;
|
||||
@@ -1919,6 +1976,17 @@ static void sp_2048_mont_reduce_36(sp_digit* a, sp_digit* m, sp_digit mp)
|
||||
a[i+1] += a[i] >> 57;
|
||||
a[i] &= 0x1ffffffffffffffl;
|
||||
}
|
||||
#else
|
||||
for (i=0; i<35; i++) {
|
||||
mu = (a[i] * mp) & 0x1ffffffffffffffl;
|
||||
sp_2048_mul_add_36(a+i, m, mu);
|
||||
a[i+1] += a[i] >> 57;
|
||||
}
|
||||
mu = (a[i] * mp) & 0x1fffffffffffffl;
|
||||
sp_2048_mul_add_36(a+i, m, mu);
|
||||
a[i+1] += a[i] >> 57;
|
||||
a[i] &= 0x1ffffffffffffffl;
|
||||
#endif
|
||||
|
||||
sp_2048_mont_shift_36(a, a);
|
||||
sp_2048_cond_sub_36(a, a, m, 0 - ((a[35] >> 53) > 0));
|
||||
@@ -1955,60 +2023,6 @@ static void sp_2048_mont_sqr_36(sp_digit* r, sp_digit* a, sp_digit* m,
|
||||
sp_2048_mont_reduce_36(r, m, mp);
|
||||
}
|
||||
|
||||
/* Multiply a by scalar b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A scalar.
|
||||
*/
|
||||
SP_NOINLINE static void sp_2048_mul_d_36(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
int128_t tb = b;
|
||||
int128_t t = 0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 36; i++) {
|
||||
t += tb * a[i];
|
||||
r[i] = t & 0x1ffffffffffffffl;
|
||||
t >>= 57;
|
||||
}
|
||||
r[36] = (sp_digit)t;
|
||||
#else
|
||||
int128_t tb = b;
|
||||
int128_t t[8];
|
||||
int i;
|
||||
|
||||
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
|
||||
for (i = 0; i < 32; i += 8) {
|
||||
t[1] = tb * a[i+1];
|
||||
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[i+2];
|
||||
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[i+3];
|
||||
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[i+4];
|
||||
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[i+5];
|
||||
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
t[6] = tb * a[i+6];
|
||||
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
|
||||
t[7] = tb * a[i+7];
|
||||
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
|
||||
t[0] = tb * a[i+8];
|
||||
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
|
||||
}
|
||||
t[1] = tb * a[33];
|
||||
r[33] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[34];
|
||||
r[34] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[35];
|
||||
r[35] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
r[36] = (sp_digit)(t[3] >> 57);
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
/* Conditionally add a and b using the mask m.
|
||||
* m is -1 to add and 0 when not.
|
||||
*
|
||||
@@ -2483,7 +2497,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
|
||||
#endif /* SP_RSA_PRIVATE_EXP_D || WOLFSSL_HAVE_SP_DH */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
|
||||
!defined(RSA_LOW_MEM)
|
||||
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* AND m into each word of a and store in r.
|
||||
*
|
||||
* r A single precision integer.
|
||||
@@ -2716,6 +2730,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
/* RSA private key operation.
|
||||
*
|
||||
* in Array of bytes representing the number to exponentiate, base.
|
||||
@@ -2950,6 +2965,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
|
||||
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
|
||||
}
|
||||
|
||||
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
#endif /* WOLFSSL_HAVE_SP_RSA */
|
||||
#ifdef WOLFSSL_HAVE_SP_DH
|
||||
/* Convert an array of sp_digit to an mp_int.
|
||||
@@ -4011,7 +4027,8 @@ SP_NOINLINE static void sp_3072_sqr_54(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
/* Add b to a into r. (r = a + b)
|
||||
*
|
||||
@@ -4225,7 +4242,7 @@ SP_NOINLINE static void sp_3072_sqr_27(sp_digit* r, const sp_digit* a)
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* Caclulate the bottom digit of -1/a mod 2^n.
|
||||
*
|
||||
@@ -4248,7 +4265,66 @@ static void sp_3072_mont_setup(sp_digit* a, sp_digit* rho)
|
||||
*rho = (1L << 57) - x;
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA)
|
||||
/* Multiply a by scalar b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A scalar.
|
||||
*/
|
||||
SP_NOINLINE static void sp_3072_mul_d_54(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
int128_t tb = b;
|
||||
int128_t t = 0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 54; i++) {
|
||||
t += tb * a[i];
|
||||
r[i] = t & 0x1ffffffffffffffl;
|
||||
t >>= 57;
|
||||
}
|
||||
r[54] = (sp_digit)t;
|
||||
#else
|
||||
int128_t tb = b;
|
||||
int128_t t[8];
|
||||
int i;
|
||||
|
||||
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
|
||||
for (i = 0; i < 48; i += 8) {
|
||||
t[1] = tb * a[i+1];
|
||||
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[i+2];
|
||||
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[i+3];
|
||||
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[i+4];
|
||||
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[i+5];
|
||||
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
t[6] = tb * a[i+6];
|
||||
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
|
||||
t[7] = tb * a[i+7];
|
||||
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
|
||||
t[0] = tb * a[i+8];
|
||||
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
|
||||
}
|
||||
t[1] = tb * a[49];
|
||||
r[49] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[50];
|
||||
r[50] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[51];
|
||||
r[51] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[52];
|
||||
r[52] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[53];
|
||||
r[53] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
r[54] = (sp_digit)(t[5] >> 57);
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
#if !defined(SP_RSA_PRIVATE_EXP_D) && defined(WOLFSSL_HAVE_SP_RSA) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
* Given m must be 3072 bits, just need to subtract.
|
||||
*
|
||||
@@ -5035,7 +5111,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA */
|
||||
#endif /* !SP_RSA_PRIVATE_EXP_D && WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
|
||||
/* r = 2^n mod m where n is the number of bits to reduce by.
|
||||
* Given m must be 3072 bits, just need to subtract.
|
||||
@@ -5308,6 +5384,7 @@ static void sp_3072_mont_reduce_54(sp_digit* a, sp_digit* m, sp_digit mp)
|
||||
int i;
|
||||
sp_digit mu;
|
||||
|
||||
#ifdef WOLFSSL_SP_DH
|
||||
if (mp != 1) {
|
||||
for (i=0; i<53; i++) {
|
||||
mu = (a[i] * mp) & 0x1ffffffffffffffl;
|
||||
@@ -5330,6 +5407,17 @@ static void sp_3072_mont_reduce_54(sp_digit* a, sp_digit* m, sp_digit mp)
|
||||
a[i+1] += a[i] >> 57;
|
||||
a[i] &= 0x1ffffffffffffffl;
|
||||
}
|
||||
#else
|
||||
for (i=0; i<53; i++) {
|
||||
mu = (a[i] * mp) & 0x1ffffffffffffffl;
|
||||
sp_3072_mul_add_54(a+i, m, mu);
|
||||
a[i+1] += a[i] >> 57;
|
||||
}
|
||||
mu = (a[i] * mp) & 0x7ffffffffffffl;
|
||||
sp_3072_mul_add_54(a+i, m, mu);
|
||||
a[i+1] += a[i] >> 57;
|
||||
a[i] &= 0x1ffffffffffffffl;
|
||||
#endif
|
||||
|
||||
sp_3072_mont_shift_54(a, a);
|
||||
sp_3072_cond_sub_54(a, a, m, 0 - ((a[53] >> 51) > 0));
|
||||
@@ -5366,64 +5454,6 @@ static void sp_3072_mont_sqr_54(sp_digit* r, sp_digit* a, sp_digit* m,
|
||||
sp_3072_mont_reduce_54(r, m, mp);
|
||||
}
|
||||
|
||||
/* Multiply a by scalar b into r. (r = a * b)
|
||||
*
|
||||
* r A single precision integer.
|
||||
* a A single precision integer.
|
||||
* b A scalar.
|
||||
*/
|
||||
SP_NOINLINE static void sp_3072_mul_d_54(sp_digit* r, const sp_digit* a,
|
||||
const sp_digit b)
|
||||
{
|
||||
#ifdef WOLFSSL_SP_SMALL
|
||||
int128_t tb = b;
|
||||
int128_t t = 0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 54; i++) {
|
||||
t += tb * a[i];
|
||||
r[i] = t & 0x1ffffffffffffffl;
|
||||
t >>= 57;
|
||||
}
|
||||
r[54] = (sp_digit)t;
|
||||
#else
|
||||
int128_t tb = b;
|
||||
int128_t t[8];
|
||||
int i;
|
||||
|
||||
t[0] = tb * a[0]; r[0] = t[0] & 0x1ffffffffffffffl;
|
||||
for (i = 0; i < 48; i += 8) {
|
||||
t[1] = tb * a[i+1];
|
||||
r[i+1] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[i+2];
|
||||
r[i+2] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[i+3];
|
||||
r[i+3] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[i+4];
|
||||
r[i+4] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[i+5];
|
||||
r[i+5] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
t[6] = tb * a[i+6];
|
||||
r[i+6] = (sp_digit)(t[5] >> 57) + (t[6] & 0x1ffffffffffffffl);
|
||||
t[7] = tb * a[i+7];
|
||||
r[i+7] = (sp_digit)(t[6] >> 57) + (t[7] & 0x1ffffffffffffffl);
|
||||
t[0] = tb * a[i+8];
|
||||
r[i+8] = (sp_digit)(t[7] >> 57) + (t[0] & 0x1ffffffffffffffl);
|
||||
}
|
||||
t[1] = tb * a[49];
|
||||
r[49] = (sp_digit)(t[0] >> 57) + (t[1] & 0x1ffffffffffffffl);
|
||||
t[2] = tb * a[50];
|
||||
r[50] = (sp_digit)(t[1] >> 57) + (t[2] & 0x1ffffffffffffffl);
|
||||
t[3] = tb * a[51];
|
||||
r[51] = (sp_digit)(t[2] >> 57) + (t[3] & 0x1ffffffffffffffl);
|
||||
t[4] = tb * a[52];
|
||||
r[52] = (sp_digit)(t[3] >> 57) + (t[4] & 0x1ffffffffffffffl);
|
||||
t[5] = tb * a[53];
|
||||
r[53] = (sp_digit)(t[4] >> 57) + (t[5] & 0x1ffffffffffffffl);
|
||||
r[54] = (sp_digit)(t[5] >> 57);
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
/* Conditionally add a and b using the mask m.
|
||||
* m is -1 to add and 0 when not.
|
||||
*
|
||||
@@ -5863,7 +5893,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, sp_digit* a, sp_digit* e, int bits,
|
||||
#endif /* SP_RSA_PRIVATE_EXP_D || WOLFSSL_HAVE_SP_DH */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
|
||||
!defined(RSA_LOW_MEM)
|
||||
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
/* AND m into each word of a and store in r.
|
||||
*
|
||||
* r A single precision integer.
|
||||
@@ -6097,6 +6127,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
|
||||
#endif /* WOLFSSL_SP_SMALL */
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|
||||
/* RSA private key operation.
|
||||
*
|
||||
* in Array of bytes representing the number to exponentiate, base.
|
||||
@@ -6331,6 +6362,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
|
||||
#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
|
||||
}
|
||||
|
||||
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
|
||||
#endif /* WOLFSSL_HAVE_SP_RSA */
|
||||
#ifdef WOLFSSL_HAVE_SP_DH
|
||||
/* Convert an array of sp_digit to an mp_int.
|
||||
|
||||
+17
-2
@@ -52,6 +52,7 @@ int sp_init(sp_int* a)
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Initialize up to six big numbers to be zero.
|
||||
*
|
||||
* a SP integer.
|
||||
@@ -92,6 +93,7 @@ int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, sp_int* e,
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Clear the data from the big number and set to zero.
|
||||
*
|
||||
@@ -158,6 +160,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* Convert a number as string in big-endian format to a big number.
|
||||
* Only supports base-16 (hexadecimal).
|
||||
* Negative values not supported.
|
||||
@@ -210,6 +213,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Compare two big numbers.
|
||||
*
|
||||
@@ -284,6 +288,7 @@ int sp_leading_bit(sp_int* a)
|
||||
return bit;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Convert the big number to an array of bytes in big-endian format.
|
||||
* The array must be large enough for encoded number - use mp_unsigned_bin_size
|
||||
* to calculate the number of bytes required.
|
||||
@@ -307,6 +312,7 @@ int sp_to_unsigned_bin(sp_int* a, byte* out)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Convert the big number to an array of bytes in big-endian format.
|
||||
* The array must be large enough for encoded number - use mp_unsigned_bin_size
|
||||
@@ -333,6 +339,8 @@ int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Ensure the data in the big number is zeroed.
|
||||
*
|
||||
* a SP integer.
|
||||
@@ -357,6 +365,7 @@ int sp_copy(sp_int* a, sp_int* b)
|
||||
}
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Set the big number to be the value of the digit.
|
||||
*
|
||||
@@ -371,6 +380,7 @@ int sp_set(sp_int* a, sp_int_digit d)
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||
/* Checks whether the value of the big number is zero.
|
||||
*
|
||||
* a SP integer.
|
||||
@@ -380,7 +390,9 @@ int sp_iszero(sp_int* a)
|
||||
{
|
||||
return a->used == 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Recalculate the number of digits used.
|
||||
*
|
||||
* a SP integer.
|
||||
@@ -436,6 +448,7 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Compare a one digit number with a big number.
|
||||
*
|
||||
@@ -464,6 +477,7 @@ int sp_cmp_d(sp_int *a, sp_int_digit d)
|
||||
return MP_EQ;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Left shift the number by number of bits.
|
||||
* Bits may be larger than the word size.
|
||||
*
|
||||
@@ -561,8 +575,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(USE_FAST_MATH) || !defined(NO_BIG_INT)
|
||||
/* Clear all data in the big number and sets value to zero.
|
||||
*
|
||||
* a SP integer.
|
||||
@@ -604,6 +618,7 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && (!defined(NO_DH) || defined(HAVE_ECC))
|
||||
/* Left shift the big number by a number of digits.
|
||||
* WIll chop off digits overflowing maximum size.
|
||||
*
|
||||
@@ -622,7 +637,6 @@ int sp_lshd(sp_int* a, int s)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_PWDBASED
|
||||
/* Add two large numbers into result: r = a + b
|
||||
@@ -659,6 +673,7 @@ int sp_add(sp_int* a, sp_int* b, sp_int* r)
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
#endif /* NO_PWDBASED */
|
||||
#endif
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
+4
-4
@@ -2399,10 +2399,10 @@ void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
/* Use Duff's device to unroll the loop. */
|
||||
int idx = (c - 1) & ~3;
|
||||
switch (c % 4) {
|
||||
case 0: do { pd[idx+0] = *b++;
|
||||
case 3: pd[idx+1] = *b++;
|
||||
case 2: pd[idx+2] = *b++;
|
||||
case 1: pd[idx+3] = *b++;
|
||||
case 0: do { pd[idx+0] = *b++; // fallthrough
|
||||
case 3: pd[idx+1] = *b++; // fallthrough
|
||||
case 2: pd[idx+2] = *b++; // fallthrough
|
||||
case 1: pd[idx+3] = *b++; // fallthrough
|
||||
idx -= 4;
|
||||
} while ((c -= 4) > 0);
|
||||
}
|
||||
|
||||
+78
-5
@@ -9015,6 +9015,7 @@ int certext_test(void)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
|
||||
|
||||
#ifndef NO_ASN
|
||||
static int rsa_flatten_test(RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
@@ -9106,8 +9107,9 @@ static int rsa_flatten_test(RsaKey* key)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* NO_ASN */
|
||||
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN)
|
||||
static int rsa_export_key_test(RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
@@ -9179,7 +9181,7 @@ static int rsa_export_key_test(RsaKey* key)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !HAVE_FIPS */
|
||||
#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
|
||||
|
||||
#ifndef NO_SIG_WRAPPER
|
||||
static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
|
||||
@@ -9438,7 +9440,7 @@ static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_USER_RSA
|
||||
#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
|
||||
static int rsa_decode_test(RsaKey* keyPub)
|
||||
{
|
||||
int ret;
|
||||
@@ -10812,7 +10814,7 @@ int rsa_test(void)
|
||||
XMEMSET(&caKey, 0, sizeof(caKey));
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_USER_RSA
|
||||
#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
|
||||
ret = rsa_decode_test(&key);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -10862,11 +10864,27 @@ int rsa_test(void)
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7003, exit_rsa);
|
||||
}
|
||||
#ifndef NO_ASN
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7004, exit_rsa);
|
||||
}
|
||||
#elif defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
#ifdef USE_CERT_BUFFERS_2048
|
||||
ret = mp_read_unsigned_bin(&key.n, &tmp[12], 256);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7004, exit_rsa);
|
||||
}
|
||||
ret = mp_set_int(&key.e, WC_RSA_EXPONENT);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7004, exit_rsa);
|
||||
}
|
||||
#else
|
||||
#error Not supported yet!
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
#else
|
||||
@@ -10875,6 +10893,7 @@ int rsa_test(void)
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7005, exit_rsa);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_SIG_WRAPPER
|
||||
ret = rsa_sig_test(&key, sizeof(RsaKey), wc_RsaEncryptSize(&key), &rng);
|
||||
@@ -10888,6 +10907,7 @@ int rsa_test(void)
|
||||
goto exit_rsa;
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
do {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
@@ -10956,6 +10976,49 @@ int rsa_test(void)
|
||||
if (ret < 0) {
|
||||
ERROR_OUT(-7013, exit_rsa);
|
||||
}
|
||||
#else
|
||||
(void)outSz;
|
||||
(void)inLen;
|
||||
(void)res;
|
||||
{
|
||||
byte signature_2048[] = {
|
||||
0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
|
||||
0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
|
||||
0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
|
||||
0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
|
||||
0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
|
||||
0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
|
||||
0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
|
||||
0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
|
||||
0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
|
||||
0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
|
||||
0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
|
||||
0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
|
||||
0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
|
||||
0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
|
||||
0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
|
||||
0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
|
||||
0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
|
||||
0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
|
||||
0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
|
||||
0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
|
||||
0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
|
||||
0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
|
||||
0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
|
||||
0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
|
||||
0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
|
||||
0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
|
||||
0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
|
||||
0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
|
||||
0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
|
||||
0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
|
||||
0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
|
||||
0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
|
||||
};
|
||||
ret = sizeof(signature_2048);
|
||||
XMEMCPY(out, signature_2048, ret);
|
||||
}
|
||||
#endif
|
||||
|
||||
idx = (word32)ret;
|
||||
XMEMSET(plain, 0, plainSz);
|
||||
@@ -10964,7 +11027,15 @@ int rsa_test(void)
|
||||
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
#endif
|
||||
if (ret >= 0) {
|
||||
#ifndef WOLFSSL_RSA_VERIFY_INLINE
|
||||
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
|
||||
#else
|
||||
byte* dec = NULL;
|
||||
ret = wc_RsaSSL_VerifyInline(out, idx, &dec, &key);
|
||||
if (ret > 0) {
|
||||
XMEMCPY(plain, dec, ret);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
} while (ret == WC_PENDING_E);
|
||||
if (ret < 0) {
|
||||
@@ -11245,15 +11316,17 @@ int rsa_test(void)
|
||||
#endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
|
||||
#endif /* WC_NO_RSA_OAEP */
|
||||
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA)
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN)
|
||||
ret = rsa_export_key_test(&key);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif
|
||||
|
||||
#ifndef NO_ASN
|
||||
ret = rsa_flatten_test(&key);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_MDK_ARM)
|
||||
#define sizeof(s) XSTRLEN((char *)(s))
|
||||
|
||||
Reference in New Issue
Block a user