diff --git a/configure.ac b/configure.ac index a4c04e4aa..d24e222ea 100644 --- a/configure.ac +++ b/configure.ac @@ -3907,7 +3907,7 @@ then fi # No Big Int (ASN, DSA, RSA, DH and ECC need bigint) -if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = no && \ +if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \ test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \ test "$ENABLED_RSA" = "no" then @@ -6727,6 +6727,7 @@ do esac done +ENABLED_SP_LINE="$ENABLE_SP" ENABLED_SP=no if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then ENABLED_SP=yes @@ -6796,7 +6797,15 @@ fi if test "$ENABLED_SP_MATH" = "yes"; then if test "$ENABLED_SP" = "no"; then - AC_MSG_ERROR([Must have SP enabled with SP math: --enable-sp]) + if test "$ENABLED_RSA" != "no"; then + AC_MSG_ERROR([Must have SP enabled with SP math for RSA: --enable-sp]) + fi + if test "$ENABLED_DH" != "no"; then + AC_MSG_ERROR([Must have SP enabled with SP math for DH: --enable-sp]) + fi + if test "$ENABLED_ECC" != "no"; then + AC_MSG_ERROR([Must have SP enabled with SP math for ECC: --enable-sp]) + fi fi if test "$ENABLED_ECCCUSTCURVES" != "no"; then AC_MSG_ERROR([Cannot use single precision math and custom curves]) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 86139c2ec..29efb617a 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -4706,7 +4706,8 @@ void sp_free(sp_int* a) } } -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC) +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) /* Grow multi-precision number to be able to hold l digits. * This function does nothing as the number of digits is fixed. * @@ -4739,9 +4740,10 @@ int sp_grow(sp_int* a, int l) return err; } -#endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */ +#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(HAVE_ECC) +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(HAVE_ECC) /* Set the multi-precision number to zero. * * @param [out] a SP integer to set to zero. @@ -4753,7 +4755,7 @@ void sp_zero(sp_int* a) _sp_zero(a); } } -#endif /* !WOLFSSL_RSA_VERIFY_ONLY */ +#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ /* Clear the data from the multi-precision number, set to zero and free. * @@ -5166,8 +5168,8 @@ int sp_cmp(const sp_int* a, const sp_int* b) * Bit check/set functions *************************/ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (defined(WOLFSSL_SP_MATH_ALL) && \ - defined(HAVE_ECC)) +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)) /* Check if a bit is set * * When a is NULL, result is 0. @@ -5195,7 +5197,8 @@ int sp_is_bit_set(const sp_int* a, unsigned int b) return ret; } -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ +#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || + * (WOLFSSL_SP_MATH_ALL && HAVE_ECC) */ /* Count the number of bits in the multi-precision number. * @@ -5424,6 +5427,8 @@ int sp_2expt(sp_int* a, int e) * Digit/Long functions **********************/ +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_ECC) /* Set the multi-precision number to be the value of the digit. * * @param [out] a SP integer to become number. @@ -5454,6 +5459,7 @@ int sp_set(sp_int* a, sp_int_digit d) return err; } +#endif #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || defined(OPENSSL_EXTRA) /* Set a number into the multi-precision number. @@ -5507,8 +5513,9 @@ int sp_set_int(sp_int* a, unsigned long n) } #endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \ - (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_DH)) +#if defined(WOLFSSL_SP_MATH_ALL) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) /* Compare a one digit number with a multi-precision number. * * When a is NULL, MP_LT is returned. @@ -7559,8 +7566,8 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) * Shifting functoins ********************/ -#if !defined(NO_DH) || defined(HAVE_ECC) || (defined(WC_RSA_BLINDING) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) /* Left shift the multi-precision number by a number of digits. * * @param [in,out] a SP integer to shift. @@ -8265,6 +8272,9 @@ int sp_mod(const sp_int* a, const sp_int* m, sp_int* r) #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \ * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(HAVE_ECC) || !defined(NO_RSA) + /* START SP_MUL implementations. */ /* This code is generated. * To generate: @@ -11266,6 +11276,8 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } /* END SP_MUL implementations. */ +#endif + #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFCRYPT_HAVE_ECCSI) || \ (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || defined(OPENSSL_ALL) @@ -16014,8 +16026,9 @@ int sp_sqr(const sp_int* a, sp_int* r) #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC || * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ -#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) +#if defined(WOLFSSL_SP_MATH_ALL) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || defined(HAVE_ECC) /* Square a mod m and store in r: r = (a * a) mod m * * @param [in] a SP integer to square. @@ -16739,20 +16752,21 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz) #else /* Construct digit from required number of bytes. */ for (i = inSz-1; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) { - a->dp[j] = ((sp_int_digit)in[i - 0] << 0); + a->dp[j] = ((sp_int_digit)in[i - 0] << 0) #if SP_WORD_SIZE >= 16 - a->dp[j] |= ((sp_int_digit)in[i - 1] << 8); + | ((sp_int_digit)in[i - 1] << 8) #endif #if SP_WORD_SIZE >= 32 - a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) | - ((sp_int_digit)in[i - 3] << 24); + | ((sp_int_digit)in[i - 2] << 16) | + ((sp_int_digit)in[i - 3] << 24) #endif #if SP_WORD_SIZE >= 64 - a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) | + | ((sp_int_digit)in[i - 4] << 32) | ((sp_int_digit)in[i - 5] << 40) | ((sp_int_digit)in[i - 6] << 48) | - ((sp_int_digit)in[i - 7] << 56); + ((sp_int_digit)in[i - 7] << 56) #endif + ; j++; } #endif @@ -17536,11 +17550,6 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) #else ((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40; #endif /* LITTLE_ENDIAN_ORDER */ - /* Set mandatory low bits - * - bottom bit to make odd. - * - For BBS, second lowest too to make Blum integer (3 mod 4). - */ - r->dp[0] |= low_bits; #ifdef BIG_ENDIAN_ORDER /* Bytes were put into wrong place when less than full digit. */ @@ -17554,6 +17563,11 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) r->dp[r->used - 1] &= ((sp_int_digit)1 << bits) - 1; } #endif /* WOLFSSL_SP_MATH_ALL */ + /* Set mandatory low bits + * - bottom bit to make odd. + * - For BBS, second lowest too to make Blum integer (3 mod 4). + */ + r->dp[0] |= low_bits; /* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance * of a 1024-bit candidate being a false positive, when it is our diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 12372968b..822c74542 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -8320,6 +8320,39 @@ static const unsigned char dh_g[] = 0x02, }; +/* dh2048 p */ +static const unsigned char dh2048_p[] = +{ + 0xB0, 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 0xBC, + 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, 0xEF, 0x4A, 0xC6, + 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, 0x0A, 0x5C, 0x91, 0xDD, 0xA2, + 0xC2, 0x94, 0x84, 0xBF, 0x7D, 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, + 0xC5, 0xBE, 0x72, 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, + 0x85, 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, 0x3D, + 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, 0xD1, 0x17, 0x46, + 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, 0x39, 0x6D, 0x30, 0x8D, 0x2A, + 0xF3, 0x94, 0xD3, 0x75, 0xCF, 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, + 0x70, 0x05, 0xAA, 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, + 0x50, 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, 0xAE, + 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, 0x12, 0x7E, 0x5A, + 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, 0xCC, 0x16, 0x30, 0xDB, 0x0C, + 0xFC, 0xC5, 0x62, 0xA7, 0x35, 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, + 0xF6, 0xD9, 0xC9, 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, + 0x6C, 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, 0x48, + 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, 0x30, 0x07, 0x48, + 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, 0xE3, 0x48, 0xD3, 0x58, 0x4B, + 0xA6, 0xB9, 0xCD, 0x29, 0xBF, 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, + 0x5C, 0x6B, 0xD6, 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, + 0xBB, 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 0x7E, + 0xAF, 0x00, 0x3F, 0x93 +}; + +/* dh2048 g */ +static const unsigned char dh2048_g[] = +{ + 0x02, +}; + #if defined(HAVE_ED25519) /* ./certs/ed25519/server-ed25519.der, ED25519 */ diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 29cec2987..41ed2b895 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -398,7 +398,7 @@ typedef struct sp_ecc_ctx { #define SP_INT_BITS 521 #elif !defined(NO_PWDBASED) && defined(HAVE_PKCS12) /* wc_PKCS12_PBKDF_ex() */ - #define SP_INT_BITS WC_MAX_DIGEST_SIZE * 8 + #define SP_INT_BITS (64 * 8) #else #define SP_INT_BITS 128 #endif