From d2afe9e5e05eac99cf4e697f935405dac17d673b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 24 Apr 2023 17:03:34 +1000 Subject: [PATCH] Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros. --- configure.ac | 5 + examples/client/client.c | 33 ++- scripts/openssl.test | 57 ++++- src/internal.c | 50 ++++- src/pk.c | 19 +- tests/api.c | 31 ++- wolfcrypt/src/ecc.c | 242 +++++++++++++-------- wolfcrypt/src/eccsi.c | 32 ++- wolfcrypt/src/port/caam/wolfcaam_ecdsa.c | 24 +- wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c | 18 +- wolfcrypt/src/port/kcapi/kcapi_ecc.c | 21 +- wolfcrypt/src/port/maxim/maxq10xx.c | 11 +- wolfcrypt/src/port/silabs/silabs_ecc.c | 29 ++- wolfcrypt/src/port/st/stm32.c | 10 +- wolfcrypt/src/sakke.c | 33 ++- wolfcrypt/src/wc_pkcs11.c | 18 +- wolfcrypt/test/test.c | 9 +- wolfssl/wolfcrypt/ecc.h | 51 ++++- 18 files changed, 495 insertions(+), 198 deletions(-) diff --git a/configure.ac b/configure.ac index 927a570b4..f0f272e0a 100644 --- a/configure.ac +++ b/configure.ac @@ -7682,6 +7682,11 @@ case $host_cpu in ;; esac +if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_ECC" = "yes" && (test "$ENABLED_RSA" = "yes" || test "$ENABLED_DH" == "yes") && (test "$ENABLED_SP_MATH" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes") +then + AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE" +fi + ################################################################################ # Update ENABLE_* variables # ################################################################################ diff --git a/examples/client/client.c b/examples/client/client.c index 058c193ce..dd507ddd7 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1260,10 +1260,14 @@ static const char* client_usage_msg[][70] = { #endif #ifdef HAVE_SUPPORTED_CURVES "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ +#endif +#ifndef NO_PSK + "--openssl-psk Use TLS 1.3 PSK callback compatible with " + "OpenSSL\n", /* 74 */ #endif "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 74 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1481,11 +1485,15 @@ static const char* client_usage_msg[][70] = { #endif #ifdef HAVE_SUPPORTED_CURVES "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ +#endif +#ifndef NO_PSK + "--openssl-psk Use TLS 1.3 PSK callback compatible with " + "OpenSSL\n", /* 74 */ #endif "\n" "より簡単なwolfSSL TSL クライアントの例については" "下記にアクセスしてください\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 74 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */ NULL, }, #endif @@ -1852,6 +1860,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #ifdef HAVE_SUPPORTED_CURVES { "onlyPskDheKe", 0, 264 }, +#endif +#ifndef NO_PSK + { "openssl-psk", 0, 265 }, #endif { 0, 0, 0 } }; @@ -1859,6 +1870,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int version = CLIENT_INVALID_VERSION; int minVersion = CLIENT_INVALID_VERSION; int usePsk = 0; + int opensslPsk = 0; int useAnon = 0; int sendGET = 0; int benchmark = 0; @@ -2066,6 +2078,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void)loadCertKeyIntoSSLObj; (void)usePqc; (void)pqcAlg; + (void)opensslPsk; StackTrap(); /* Reinitialize the global myVerifyAction. */ @@ -2678,6 +2691,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef WOLFSSL_TLS13 onlyPskDheKe = 1; #endif +#endif + break; + case 265: +#ifndef NO_PSK + opensslPsk = 1; #endif break; default: @@ -3060,10 +3078,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #ifdef WOLFSSL_TLS13 #if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID) - wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb); - #else - wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb); + if (!opensslPsk) { + wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb); + } + else #endif + { + wolfSSL_CTX_set_psk_client_tls13_callback(ctx, + my_psk_client_tls13_cb); + } #endif if (defaultCipherList == NULL) { #if defined(HAVE_AESGCM) && !defined(NO_DH) diff --git a/scripts/openssl.test b/scripts/openssl.test index 193fbfeb3..8a515333f 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -1,6 +1,6 @@ #!/bin/bash -#openssl.test +# openssl.test # Enviornment variables used: # OPENSSL (openssl app to use) @@ -409,6 +409,14 @@ OIFS=$IFS # store old separator to reset # # Start # +echo +echo "wolfSSL configuration:" +./config.status --config +echo +echo "OpenSSL version:" +$OPENSSL version -a +echo + ps -p $PPID >/dev/null 2>&1 if [ "$?" = "1" ] then @@ -494,51 +502,86 @@ esac if [ "$wolf_certs" != "" ] then + echo + # Check if RSA certificates supported in wolfSSL + wolf_rsa=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1` + case $wolf_rsa in + *"ca file"*) + echo "wolfSSL does not support RSA" + wolf_rsa="" + ;; + *) + ;; + esac + if [ "$wolf_rsa" != "" ]; then + echo "wolfSSL supports RSA" + fi # Check if ECC certificates supported in wolfSSL - wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1` + wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1` case $wolf_ecc in *"ca file"*) + echo "wolfSSL does not support ECDSA" wolf_ecc="" ;; *) ;; esac + if [ "$wolf_ecc" != "" ]; then + echo "wolfSSL supports ECDSA" + fi # Check if Ed25519 certificates supported in wolfSSL wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1` case $wolf_ed25519 in *"ca file"*) + echo "wolfSSL does not support Ed25519" wolf_ed25519="" ;; *) ;; esac + if [ "$wolf_ed25519" != "" ]; then + echo "wolfSSL supports Ed25519" + fi # Check if Ed25519 certificates supported in OpenSSL openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1` case $openssl_ed25519 in *"unable to load"*) + echo "OpenSSL does not support Ed25519" wolf_ed25519="" ;; *) ;; esac + if [ "$wolf_ed25519" != "" ]; then + echo "OpenSSL supports Ed25519" + fi # Check if Ed448 certificates supported in wolfSSL wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1` case $wolf_ed448 in *"ca file"*) + echo "wolfSSL does not support Ed448" wolf_ed448="" ;; *) ;; esac + if [ "$wolf_ed448" != "" ]; then + echo "wolfSSL supports Ed448" + fi # Check if Ed448 certificates supported in OpenSSL openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1` case $openssl_ed448 in *"unable to load"*) + echo "OpenSSL does not support Ed448" wolf_ed448="" ;; *) ;; esac + if [ "$wolf_ed448" != "" ]; then + echo "OpenSSL supports Ed448" + fi + echo fi openssl_tls13=`$OPENSSL s_client -help 2>&1` @@ -664,7 +707,7 @@ if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ] then cert_file="${CERT_DIR}/server-ecc.pem" key_file="${CERT_DIR}/ecc-key.pem" - ca_file="${CERT_DIR}/client-ca.pem" + ca_file="${CERT_DIR}/client-ecc-cert.pem" openssl_suite="ECDH[E]-ECDSA" start_openssl_server @@ -727,7 +770,7 @@ then tls13_psk_openssl_port=$server_port tls13_psk_openssl_pid=$server_pid - psk="-s" + psk="-s --openssl-psk" wolfssl_suite="TLSv1.3_PSK" start_wolfssl_server tls13_psk_wolfssl_port=$server_port @@ -977,8 +1020,8 @@ do *ECDHE-ECDSA*|*ECDH-ECDSA*) if [ "$wolf_ecc" != "" ] then - cert="${CERT_DIR}/client-cert.pem" - key="${CERT_DIR}/client-key.pem" + cert="${CERT_DIR}/client-ecc-cert.pem" + key="${CERT_DIR}/ecc-client-key.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem" port=$ecdsa_openssl_port @@ -1090,7 +1133,7 @@ do wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) port=$tls13_psk_openssl_port - psk="-s" + psk="-s --openssl-psk" # OpenSSL doesn't support DH for key exchange so do no PSK # DHE when ECC not supported if [ "$wolf_ecc" = "" ] diff --git a/src/internal.c b/src/internal.c index 411671f18..26a3b4fbe 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25415,6 +25415,29 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) if (ret == 0 && hashAlgo > ssl->options.hashAlgo) break; #endif + if (IsAtLeastTLSv1_2(ssl) && !IsAtLeastTLSv1_3(ssl->version) && + (ssl->options.side == WOLFSSL_CLIENT_END)) { + /* TLS 1.2 client deciding hash algorithm for + * CertificateVerify. Hash must be one of the handshake + * hashes being maintained. */ + if (1 + #ifndef NO_SHA + && (hashAlgo != sha_mac) + #endif + #ifndef NO_SHA256 + && (hashAlgo != sha256_mac) + #endif + #ifdef WOLFSSL_SHA384 + && (hashAlgo != sha384_mac) + #endif + #ifdef WOLFSSL_SHA512 + && (hashAlgo != sha512_mac) + #endif + ) + { + break; + } + } /* The chosen one - but keep looking. */ ssl->options.hashAlgo = hashAlgo; ssl->options.sigAlgo = sigAlgo; @@ -30188,17 +30211,22 @@ int SendCertificateVerify(WOLFSSL* ssl) } #endif - #ifndef NO_OLD_TLS - #ifndef NO_SHA - /* old tls default */ - SetDigest(ssl, sha_mac); - #endif - #else - #ifndef NO_SHA256 - /* new tls default */ - SetDigest(ssl, sha256_mac); - #endif - #endif /* !NO_OLD_TLS */ + if (!IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_OLD_TLS + #ifndef NO_SHA + /* old tls default */ + SetDigest(ssl, sha_mac); + #endif + #else + #ifndef NO_SHA256 + /* new tls default */ + SetDigest(ssl, sha256_mac); + #endif + #endif /* !NO_OLD_TLS */ + } + else { + SetDigest(ssl, ssl->options.hashAlgo); + } if (ssl->hsType == DYNAMIC_TYPE_RSA) { #ifdef WC_RSA_PSS diff --git a/src/pk.c b/src/pk.c index 8ac6a8271..346373761 100644 --- a/src/pk.c +++ b/src/pk.c @@ -30,6 +30,15 @@ #include #endif +#ifdef HAVE_ECC + #include +#endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #if !defined(WOLFSSL_PK_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN #warning pk.c does not need to be compiled separately from ssl.c @@ -11395,7 +11404,7 @@ static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src) if (ret == 0) { /* Copy private key. */ - ret = mp_copy(&src->k, &dst->k); + ret = mp_copy(wc_ecc_key_get_priv(src), wc_ecc_key_get_priv(dst)); if (ret != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); } @@ -12533,7 +12542,8 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) /* set the external privkey */ if ((ret == 1) && (key->type == ECC_PRIVATEKEY) && - (wolfssl_bn_set_value(&eckey->priv_key, &key->k) != 1)) { + (wolfssl_bn_set_value(&eckey->priv_key, + wc_ecc_key_get_priv(key)) != 1)) { WOLFSSL_MSG("ec priv key error"); ret = -1; } @@ -12604,12 +12614,13 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) /* set privkey */ if ((ret == 1) && (eckey->priv_key != NULL)) { - if (wolfssl_bn_get_value(eckey->priv_key, &key->k) != 1) { + if (wolfssl_bn_get_value(eckey->priv_key, + wc_ecc_key_get_priv(key)) != 1) { WOLFSSL_MSG("ec key priv error"); ret = -1; } /* private key */ - if ((ret == 1) && (!mp_iszero(&key->k))) { + if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) { if (pubSet) { key->type = ECC_PRIVATEKEY; } diff --git a/tests/api.c b/tests/api.c index 981671d50..26aa797b5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -358,6 +358,12 @@ #endif #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + typedef struct testVector { const char* input; const char* output; @@ -27393,25 +27399,30 @@ static int test_wc_ecc_mulmod(void) } if (ret == 0) { - ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k, - &key3.k, 1); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, + &key3.pubkey, wc_ecc_key_get_priv(&key2), + wc_ecc_key_get_priv(&key3), 1); } /* Test bad args. */ if (ret == 0) { - ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k, - &key3.k, 1); + ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, + wc_ecc_key_get_priv(&key2), + wc_ecc_key_get_priv(&key3), 1); if (ret == ECC_BAD_ARG_E) { - ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k, - &key3.k, 1); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey, + wc_ecc_key_get_priv(&key2), + wc_ecc_key_get_priv(&key3), 1); } if (ret == ECC_BAD_ARG_E) { - ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k, - &key3.k, 1); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL, + wc_ecc_key_get_priv(&key2), + wc_ecc_key_get_priv(&key3), 1); } if (ret == ECC_BAD_ARG_E) { - ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, - &key2.k, NULL, 1); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, + &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, + 1); } if (ret == ECC_BAD_ARG_E) { ret = 0; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index bfa69d564..2a183d739 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3366,8 +3366,43 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) { int err = MP_OKAY; + (void)heap; + XMEMSET(key, 0, sizeof(*key)); +#if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK) + NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); +#ifdef ALT_ECC_SIZE + NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); +#endif + if (key->t1 == NULL || key->t2 == NULL +#ifdef ALT_ECC_SIZE + || key->x == NULL || key->y == NULL || key->z == NULL +#endif + ) { + err = MEMORY_E; + } + if (err == 0) { + err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key)); + } + if (err == 0) { + err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key)); + } +#ifdef ALT_ECC_SIZE + if (err == 0) { + err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key)); + } + if (err == 0) { + err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key)); + } + if (err == 0) { + err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key)); + } +#endif +#else key->t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); key->t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); #ifdef ALT_ECC_SIZE @@ -3382,6 +3417,7 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) ) { err = MEMORY_E; } +#endif return err; } @@ -3389,6 +3425,16 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) static void ecc_key_tmp_final(ecc_key* key, void* heap) { (void)heap; + +#if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK) +#ifdef ALT_ECC_SIZE + FREE_MP_INT_SIZE(key->z, heap, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(key->y, heap, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(key->x, heap, DYNAMIC_TYPE_ECC); +#endif + FREE_MP_INT_SIZE(key->t2, heap, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(key->t1, heap, DYNAMIC_TYPE_ECC); +#else #ifdef ALT_ECC_SIZE if (key->z != NULL) XFREE(key->z, heap, DYNAMIC_TYPE_ECC); @@ -3401,6 +3447,7 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap) XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); if (key->t1 != NULL) XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); +#endif } #endif /* WOLFSSL_SMALL_STACK_CACHE */ #endif /* !WOLFSSL_SP_MATH */ @@ -4459,7 +4506,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, byte* out, word32* outlen) { int err = MP_OKAY; - mp_int* k = &private_key->k; + mp_int* k = private_key->k; #ifdef HAVE_ECC_CDH #ifdef WOLFSSL_SMALL_STACK mp_int *k_lcl = NULL; @@ -4489,7 +4536,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, goto errout; } /* multiply cofactor times private key "k" */ - err = mp_mul_d(&private_key->k, cofactor, k); + err = mp_mul_d(private_key->k, cofactor, k); if (err != MP_OKAY) goto errout; } @@ -4722,7 +4769,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, word32 keySz = private_key->dp->size; /* sync public key x/y */ - err = wc_mp_to_bigint_sz(&private_key->k, &private_key->k.raw, keySz); + err = wc_mp_to_bigint_sz(private_key->k, &private_key->k->raw, keySz); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(point->x, &point->x->raw, keySz); if (err == MP_OKAY) @@ -4736,7 +4783,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, NitroxEccGetSize(private_key)*2); if (err == MP_OKAY) err = NitroxEcdh(private_key, - &private_key->k.raw, &point->x->raw, &point->y->raw, + &private_key->k->raw, &point->x->raw, &point->y->raw, private_key->e->raw.buf, &private_key->e->raw.len, &curve->prime->raw); #else @@ -4744,7 +4791,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF); if (err == MP_OKAY) err = IntelQaEcdh(&private_key->asyncDev, - &private_key->k.raw, &point->x->raw, &point->y->raw, + &private_key->k->raw, &point->x->raw, &point->y->raw, out, outlen, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, private_key->dp->cofactor); @@ -5061,8 +5108,8 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, key->type = ECC_PRIVATEKEY_ONLY; } - if ((err == MP_OKAY) && (mp_iszero(&key->k) || mp_isneg(&key->k) || - (mp_cmp(&key->k, curve->order) != MP_LT))) + if ((err == MP_OKAY) && (mp_iszero(key->k) || mp_isneg(key->k) || + (mp_cmp(key->k, curve->order) != MP_LT))) { err = ECC_PRIV_KEY_E; } @@ -5085,10 +5132,10 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, if (err == MP_OKAY && key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { word32 keySz = key->dp->size; /* sync private key to raw */ - err = wc_mp_to_bigint_sz(&key->k, &key->k.raw, keySz); + err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz); if (err == MP_OKAY) { err = IntelQaEccPointMul(&key->asyncDev, - &key->k.raw, pub->x, pub->y, pub->z, + &key->k->raw, pub->x, pub->y, pub->z, &curve->Gx->raw, &curve->Gy->raw, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, key->dp->cofactor); @@ -5104,19 +5151,19 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, else #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { - err = sp_ecc_mulmod_base_256(&key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_256(key->k, pub, 1, key->heap); } else #endif #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { - err = sp_ecc_mulmod_base_384(&key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_384(key->k, pub, 1, key->heap); } else #endif #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { - err = sp_ecc_mulmod_base_521(&key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_521(key->k, pub, 1, key->heap); } else #endif @@ -5148,7 +5195,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, /* make the public key */ if (err == MP_OKAY) { /* Map in a separate call as this should be constant time */ - err = wc_ecc_mulmod_ex2(&key->k, base, pub, curve->Af, curve->prime, + err = wc_ecc_mulmod_ex2(key->k, base, pub, curve->Af, curve->prime, curve->order, rng, 0, key->heap); if (err == MP_MEM) { err = MEMORY_E; @@ -5388,7 +5435,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, } if (err == SA_SILIB_RET_OK) { - err = mp_read_unsigned_bin(&key->k, ucompressed_key, raw_size); + err = mp_read_unsigned_bin(key->k, ucompressed_key, raw_size); } #elif defined(WOLFSSL_SILABS_SE_ACCEL) @@ -5440,7 +5487,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, err = xil_mpi_import(key->pubkey.y, key->keyRaw + key->dp->size, key->dp->size, key->heap); if (err == 0) - err = xil_mpi_import(&key->k, key->privKey, key->dp->size, key->heap); + err = xil_mpi_import(key->k, key->privKey, key->dp->size, key->heap); if (err == 0) err = mp_set(key->pubkey.z, 1); if (err) { @@ -5458,20 +5505,20 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { #ifndef WC_ECC_NONBLOCK - err = sp_ecc_make_key_256(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_256(rng, key->k, &key->pubkey, key->heap); #else if (key->nb_ctx) { - err = sp_ecc_make_key_256_nb(&key->nb_ctx->sp_ctx, rng, &key->k, + err = sp_ecc_make_key_256_nb(&key->nb_ctx->sp_ctx, rng, key->k, &key->pubkey, key->heap); } else { #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ - err = sp_ecc_make_key_256_nb(&nb_ctx.sp_ctx, rng, &key->k, + err = sp_ecc_make_key_256_nb(&nb_ctx.sp_ctx, rng, key->k, &key->pubkey, key->heap); } while (err == FP_WOULDBLOCK); #else - err = sp_ecc_make_key_256(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_256(rng, key->k, &key->pubkey, key->heap); #endif /* WC_ECC_NONBLOCK_ONLY */ } #endif /* !WC_ECC_NONBLOCK */ @@ -5485,20 +5532,20 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { #ifndef WC_ECC_NONBLOCK - err = sp_ecc_make_key_384(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_384(rng, key->k, &key->pubkey, key->heap); #else if (key->nb_ctx) { - err = sp_ecc_make_key_384_nb(&key->nb_ctx->sp_ctx, rng, &key->k, + err = sp_ecc_make_key_384_nb(&key->nb_ctx->sp_ctx, rng, key->k, &key->pubkey, key->heap); } else { #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ - err = sp_ecc_make_key_384_nb(&nb_ctx.sp_ctx, rng, &key->k, + err = sp_ecc_make_key_384_nb(&nb_ctx.sp_ctx, rng, key->k, &key->pubkey, key->heap); } while (err == FP_WOULDBLOCK); #else - err = sp_ecc_make_key_384(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_384(rng, key->k, &key->pubkey, key->heap); #endif /* WC_ECC_NONBLOCK_ONLY */ } #endif /* !WC_ECC_NONBLOCK */ @@ -5512,20 +5559,20 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { #ifndef WC_ECC_NONBLOCK - err = sp_ecc_make_key_521(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_521(rng, key->k, &key->pubkey, key->heap); #else if (key->nb_ctx) { - err = sp_ecc_make_key_521_nb(&key->nb_ctx->sp_ctx, rng, &key->k, + err = sp_ecc_make_key_521_nb(&key->nb_ctx->sp_ctx, rng, key->k, &key->pubkey, key->heap); } else { #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ - err = sp_ecc_make_key_521_nb(&nb_ctx.sp_ctx, rng, &key->k, + err = sp_ecc_make_key_521_nb(&nb_ctx.sp_ctx, rng, key->k, &key->pubkey, key->heap); } while (err == FP_WOULDBLOCK); #else - err = sp_ecc_make_key_521(rng, &key->k, &key->pubkey, key->heap); + err = sp_ecc_make_key_521(rng, key->k, &key->pubkey, key->heap); #endif /* WC_ECC_NONBLOCK_ONLY */ } #endif /* !WC_ECC_NONBLOCK */ @@ -5545,7 +5592,12 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); /* setup the key variables */ - err = mp_init(&key->k); +#ifndef ALT_ECC_SIZE + err = mp_init(key->k); +#else + key->k = (mp_int*)key->ka; + alt_fp_init(key->k); +#endif /* load curve info */ if (err == MP_OKAY) { @@ -5557,7 +5609,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, /* generate k */ if (err == MP_OKAY) { - err = wc_ecc_gen_k(rng, key->dp->size, &key->k, curve->order); + err = wc_ecc_gen_k(rng, key->dp->size, key->k, curve->order); } /* generate public key from k */ @@ -5574,7 +5626,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, } else { /* cleanup these on failure case only */ - mp_forcezero(&key->k); + mp_forcezero(key->k); } /* cleanup allocations */ @@ -5585,7 +5637,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #ifdef HAVE_WOLF_BIGINT if (err == MP_OKAY) - err = wc_mp_to_bigint(&key->k, &key->k.raw); + err = wc_mp_to_bigint(key->k, &key->k->raw); if (err == MP_OKAY) err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw); if (err == MP_OKAY) @@ -5774,12 +5826,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) alt_fp_init(key->pubkey.x); alt_fp_init(key->pubkey.y); alt_fp_init(key->pubkey.z); - ret = mp_init(&key->k); - if (ret != MP_OKAY) { - return MEMORY_E; - } + key->k = (mp_int*)key->ka; + alt_fp_init(key->k); #else - ret = mp_init_multi(&key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, + ret = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, NULL, NULL); if (ret != MP_OKAY) { return MEMORY_E; @@ -5818,7 +5868,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #endif #ifdef WOLFSSL_CHECK_MEM_ZERO - mp_memzero_add("ECC k", &key->k); + mp_memzero_add("ECC k", key->k); #endif #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) @@ -6385,7 +6435,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) /* currently limiting to SHA256 for auto create */ if (mp_init(key->sign_k) != MP_OKAY || wc_ecc_gen_deterministic_k(in, inlen, - WC_HASH_TYPE_SHA256, &key->k, key->sign_k, + WC_HASH_TYPE_SHA256, key->k, key->sign_k, curve->order, key->heap) != 0) { mp_free(key->sign_k); XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); @@ -6404,7 +6454,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) #else key->sign_k_set = 0; /* currently limiting to SHA256 for auto create */ - if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256, &key->k, + if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256, key->k, key->sign_k, curve->order, key->heap) != 0) { err = ECC_PRIV_KEY_E; } @@ -6494,7 +6544,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, } /* use provided sign_k */ - err = mp_copy(key->sign_k, &pubkey->k); + err = mp_copy(key->sign_k, pubkey->k); if (err != MP_OKAY) break; /* free sign_k, so only used once */ @@ -6529,7 +6579,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, } #ifdef WOLFSSL_CHECK_MEM_ZERO if (err == MP_OKAY) { - mp_memzero_add("ecc_sign_hash_sw k", &pubkey->k); + mp_memzero_add("ecc_sign_hash_sw k", pubkey->k); } #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -6543,15 +6593,15 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, if (err != MP_OKAY) break; if (mp_iszero(r) == MP_NO) { - mp_int* ep = &pubkey->k; - mp_int* kp = &pubkey->k; - mp_int* x = &key->k; + mp_int* ep = pubkey->k; + mp_int* kp = pubkey->k; + mp_int* x = key->k; /* find s = (e + xr)/k = b.(e/k.b + x.r/k.b) */ /* k' = k.b */ - err = mp_mulmod(&pubkey->k, b, curve->order, kp); + err = mp_mulmod(pubkey->k, b, curve->order, kp); if (err != MP_OKAY) break; /* k' = 1/k.b @@ -6593,7 +6643,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, mp_clear(pubkey->pubkey.y); mp_clear(pubkey->pubkey.z); #endif - mp_forcezero(&pubkey->k); + mp_forcezero(pubkey->k); } mp_forcezero(b); FREE_MP_INT_SIZE(b, key->heap, DYNAMIC_TYPE_ECC); @@ -6630,12 +6680,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_256_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_256_nb(&nb_ctx.sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -6644,7 +6694,7 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, sign_k, + ret = sp_ecc_sign_256(in, inlen, rng, key->k, r, s, sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; @@ -6660,12 +6710,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_384_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_384_nb(&nb_ctx.sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -6674,7 +6724,7 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, sign_k, + ret = sp_ecc_sign_384(in, inlen, rng, key->k, r, s, sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; @@ -6690,12 +6740,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_521_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_521_nb(&nb_ctx.sp_ctx, in, inlen, rng, - &key->k, r, s, sign_k, key->heap); + key->k, r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -6704,7 +6754,7 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_521(in, inlen, rng, &key->k, r, s, sign_k, + ret = sp_ecc_sign_521(in, inlen, rng, key->k, r, s, sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; @@ -6925,7 +6975,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, if (err == MP_OKAY) err = wc_mp_to_bigint_sz(e, &e->raw, keySz); if (err == MP_OKAY) - err = wc_mp_to_bigint_sz(&key->k, &key->k.raw, keySz); + err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz); if (err == MP_OKAY) err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order); if (err == MP_OKAY) @@ -6933,11 +6983,11 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, #ifdef HAVE_CAVIUM_V if (err == MP_OKAY) - err = NitroxEcdsaSign(key, &e->raw, &key->k.raw, &k->raw, + err = NitroxEcdsaSign(key, &e->raw, &key->k->raw, &k->raw, &r->raw, &s->raw, &curve->prime->raw, &curve->order->raw); #else if (err == MP_OKAY) - err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k.raw, + err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k->raw, &k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, &curve->order->raw, &curve->Gx->raw, &curve->Gy->raw); @@ -7438,7 +7488,7 @@ int wc_ecc_free(ecc_key* key) mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_forcezero(&key->k); + mp_forcezero(key->k); #ifdef WOLFSSL_CUSTOM_CURVES if (key->deallocSet && key->dp != NULL) @@ -7900,7 +7950,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #endif XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); - XFREE(key, heap, DYNAMIC_TYPE_ECC); + XFREE(key, heap, DYNAMIC_TYPE_ECC_BUFFER); C->key = NULL; #endif #ifdef WOLFSSL_SMALL_STACK @@ -9473,7 +9523,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_256(&key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_256(key->k, res, 1, key->heap); } } else @@ -9481,7 +9531,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_384(&key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_384(key->k, res, 1, key->heap); } } else @@ -9489,7 +9539,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_521(&key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_521(key->k, res, 1, key->heap); } } else @@ -9542,11 +9592,11 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #else #ifdef ECC_TIMING_RESISTANT if (err == MP_OKAY) - err = wc_ecc_mulmod_ex2(&key->k, base, res, a, prime, curve->order, + err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order, key->rng, 1, key->heap); #else if (err == MP_OKAY) - err = wc_ecc_mulmod_ex2(&key->k, base, res, a, prime, curve->order, + err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order, NULL, 1, key->heap); #endif #endif /* WOLFSSL_KCAPI_ECC */ @@ -9813,25 +9863,25 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { return sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); } #endif #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { return sp_ecc_check_key_384(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); } #endif #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { return sp_ecc_check_key_521(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); } #endif #if defined(WOLFSSL_SP_1024) && defined(WOLFCRYPT_HAVE_SAKKE) if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SAKKE_1) { return sp_ecc_check_key_1024(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); } #endif #endif @@ -9946,8 +9996,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) /* SP 800-56Ar3, section 5.6.2.1.2 */ /* private keys must be in the range [1, n-1] */ if ((err == MP_OKAY) && (key->type == ECC_PRIVATEKEY) && - (mp_iszero(&key->k) || mp_isneg(&key->k) || - (mp_cmp(&key->k, curve->order) != MP_LT)) + (mp_iszero(key->k) || mp_isneg(key->k) || + (mp_cmp(key->k, curve->order) != MP_LT)) #ifdef WOLFSSL_KCAPI_ECC && key->handle == NULL #endif @@ -10029,9 +10079,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, alt_fp_init(key->pubkey.x); alt_fp_init(key->pubkey.y); alt_fp_init(key->pubkey.z); - err = mp_init(&key->k); + key->k = (mp_int*)key->ka; + alt_fp_init(key->k); #else - err = mp_init_multi(&key->k, + err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, NULL, NULL); #endif if (err != MP_OKAY) @@ -10277,7 +10328,7 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(&key->k); + mp_clear(key->k); } RESTORE_VECTOR_REGISTERS(); @@ -10336,7 +10387,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, return BUFFER_E; } - err = wc_export_int(&key->k, d, dLen, keySz + WC_CAAM_MAC_SZ, + err = wc_export_int(key->k, d, dLen, keySz + WC_CAAM_MAC_SZ, encType); *dLen = keySz + WC_CAAM_MAC_SZ; } @@ -10358,7 +10409,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, else #endif { - err = wc_export_int(&key->k, d, dLen, keySz, encType); + err = wc_export_int(key->k, d, dLen, keySz, encType); if (err != MP_OKAY) return err; } @@ -10490,11 +10541,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, return ret; } - ret = mp_read_unsigned_bin(&key->k, priv, privSz); + ret = mp_read_unsigned_bin(key->k, priv, privSz); } #elif defined(WOLFSSL_SILABS_SE_ACCEL) if (ret == MP_OKAY) - ret = mp_read_unsigned_bin(&key->k, priv, privSz); + ret = mp_read_unsigned_bin(key->k, priv, privSz); if (ret == MP_OKAY) { if (pub) { @@ -10533,12 +10584,12 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, } #else key->blackKey = CAAM_BLACK_KEY_CCM; - ret = mp_read_unsigned_bin(&key->k, priv, privSz); + ret = mp_read_unsigned_bin(key->k, priv, privSz); #endif } else { key->blackKey = 0; - ret = mp_read_unsigned_bin(&key->k, priv, privSz); + ret = mp_read_unsigned_bin(key->k, priv, privSz); /* If using AES-ECB encrypted black keys check here if key is valid, * if not valid than assume is an encrypted key. A public key is needed @@ -10565,11 +10616,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, SAVE_VECTOR_REGISTERS(return _svr_ret;); #endif - ret = mp_read_unsigned_bin(&key->k, priv, privSz); + ret = mp_read_unsigned_bin(key->k, priv, privSz); #ifdef HAVE_WOLF_BIGINT if (ret == 0 && - wc_bigint_from_unsigned_bin(&key->k.raw, priv, privSz) != 0) { - mp_clear(&key->k); + wc_bigint_from_unsigned_bin(&key->k->raw, priv, privSz) != 0) { + mp_clear(key->k); ret = ASN_GETINT_E; } #endif /* HAVE_WOLF_BIGINT */ @@ -10594,7 +10645,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, if (ret == 0) { ret = mp_read_radix(order, key->dp->order, MP_RADIX_HEX); } - if ((ret == 0) && (mp_cmp(&key->k, order) != MP_LT)) { + if ((ret == 0) && (mp_cmp(key->k, order) != MP_LT)) { ret = ECC_PRIV_KEY_E; } @@ -10787,9 +10838,10 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, alt_fp_init(key->pubkey.x); alt_fp_init(key->pubkey.y); alt_fp_init(key->pubkey.z); - err = mp_init(&key->k); + key->k = (mp_int*)key->ka; + alt_fp_init(key->k); #else - err = mp_init_multi(&key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, + err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, NULL, NULL); #endif if (err != MP_OKAY) @@ -10940,12 +10992,12 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, key->type = ECC_PRIVATEKEY; if (encType == WC_TYPE_HEX_STR) - err = mp_read_radix(&key->k, d, MP_RADIX_HEX); + err = mp_read_radix(key->k, d, MP_RADIX_HEX); else - err = mp_read_unsigned_bin(&key->k, (const byte*)d, + err = mp_read_unsigned_bin(key->k, (const byte*)d, key->dp->size); if (err == MP_OKAY) { - err = wc_export_int(&key->k, &keyRaw[0], &keySz, keySz, + err = wc_export_int(key->k, &keyRaw[0], &keySz, keySz, WC_TYPE_UNSIGNED_BIN); } @@ -10965,17 +11017,17 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #else key->type = ECC_PRIVATEKEY; if (encType == WC_TYPE_HEX_STR) - err = mp_read_radix(&key->k, d, MP_RADIX_HEX); + err = mp_read_radix(key->k, d, MP_RADIX_HEX); else { #if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if (key->blackKey == CAAM_BLACK_KEY_CCM) { - err = mp_read_unsigned_bin(&key->k, (const byte*)d, + err = mp_read_unsigned_bin(key->k, (const byte*)d, key->dp->size + WC_CAAM_MAC_SZ); } else #endif /* WOLFSSL_QNX_CAAM */ { - err = mp_read_unsigned_bin(&key->k, (const byte*)d, + err = mp_read_unsigned_bin(key->k, (const byte*)d, (word32)key->dp->size); } } @@ -10983,14 +11035,14 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, if (err == MP_OKAY) { const word32 key_size = key->dp->size; word32 buf_size = key_size; - err = wc_export_int(&key->k, key->privKey, + err = wc_export_int(key->k, key->privKey, &buf_size, key_size, WC_TYPE_UNSIGNED_BIN); mp_reverse(key->privKey, key_size); } #endif #endif /* #else-case of custom HW-specific implementations */ - if (mp_iszero(&key->k) || mp_isneg(&key->k)) { + if (mp_iszero(key->k) || mp_isneg(key->k)) { WOLFSSL_MSG("Invalid private key"); err = BAD_FUNC_ARG; } @@ -11023,7 +11075,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(&key->k); + mp_clear(key->k); #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) ForceZero(key->keyRaw, sizeof(key->keyRaw)); #endif diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index a707a5e3c..23c95f49b 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -43,6 +43,12 @@ #include #endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + /** * Initialize the components of the ECCSI key and use the specified curve. * @@ -594,7 +600,8 @@ static int eccsi_encode_key(EccsiKey* key, byte* data) word32 sz = (word32)key->ecc.dp->size * 2; /* Write out the secret value into key size bytes. */ - err = mp_to_unsigned_bin_len(&key->ecc.k, data, key->ecc.dp->size); + err = mp_to_unsigned_bin_len(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); if (err == 0) { data += key->ecc.dp->size; /* Write the public key. */ @@ -676,7 +683,8 @@ static int eccsi_decode_key(EccsiKey* key, const byte* data) int err; /* Read the secret value from key size bytes. */ - err = mp_read_unsigned_bin(&key->ecc.k, data, key->ecc.dp->size); + err = mp_read_unsigned_bin(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); if (err == 0) { data += key->ecc.dp->size; /* Read public key. */ @@ -771,7 +779,8 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz) } } if (err == 0) { - err = mp_to_unsigned_bin_len(&key->ecc.k, data, key->ecc.dp->size); + err = mp_to_unsigned_bin_len(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); } return err; @@ -804,7 +813,8 @@ int wc_ImportEccsiPrivateKey(EccsiKey* key, const byte* data, word32 sz) } if (err == 0) { - err = mp_read_unsigned_bin(&key->ecc.k, data, key->ecc.dp->size); + err = mp_read_unsigned_bin(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); } return err; @@ -907,18 +917,20 @@ static int eccsi_make_pair(EccsiKey* key, WC_RNG* rng, err = mp_read_unsigned_bin(ssk, key->data, hashSz); } if (err == 0) { - err = mp_mulmod(ssk, &key->pubkey.k, &key->params.order, ssk); + err = mp_mulmod(ssk, wc_ecc_key_get_priv(&key->pubkey), + &key->params.order, ssk); } if (err == 0) { - err = mp_addmod(ssk, &key->ecc.k, &key->params.order, ssk); + err = mp_addmod(ssk, wc_ecc_key_get_priv(&key->ecc), + &key->params.order, ssk); } } while ((err == 0) && (mp_iszero(ssk) || - (mp_cmp(ssk, &key->ecc.k) == MP_EQ))); + (mp_cmp(ssk, wc_ecc_key_get_priv(&key->ecc)) == MP_EQ))); /* Step 5: ensure SSK and HS are non-zero (code lines above) */ /* Step 6: Copy out SSK (done during calc) and PVT. Erase v */ - mp_forcezero(&key->pubkey.k); + mp_forcezero(wc_ecc_key_get_priv(&key->pubkey)); return err; } @@ -2005,7 +2017,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, err = mp_invmod(s, &key->params.order, s); } if (err == 0) { - j = &key->pubkey.k; + j = wc_ecc_key_get_priv(&key->pubkey); err = mp_mulmod(s, j, &key->params.order, s); } if (err == 0) { @@ -2215,7 +2227,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, SAVE_VECTOR_REGISTERS(return _svr_ret;); /* Decode the signature into components. */ - r = &key->pubkey.k; + r = wc_ecc_key_get_priv(&key->pubkey); pvt = &key->pubkey.pubkey; err = eccsi_decode_sig_r_pvt(key, sig, sigSz, r, pvt); diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c index bf063e780..f6bb27055 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c +++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c @@ -47,6 +47,12 @@ #include #endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #if defined(WOLFSSL_DEVCRYPTO_ECDSA) /* offload calls through devcrypto support */ @@ -79,7 +85,8 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out, keySz = wc_ecc_size(key); /* private key */ - if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY) + { return MP_TO_E; } @@ -191,7 +198,8 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out, XMEMCPY(qxy+qxSz, qy, qySz); /* private key */ - if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) != + MP_OKAY) { WOLFSSL_MSG("error getting private key buffer"); return MP_TO_E; } @@ -330,14 +338,15 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, } else { if (key->blackKey == CAAM_BLACK_KEY_CCM) { - if (mp_to_unsigned_bin_len(&key->k, pk, keySz + WC_CAAM_MAC_SZ) - != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, + keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { return MP_TO_E; } buf[idx].Length = keySz + WC_CAAM_MAC_SZ; } else { - if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != + MP_OKAY) { return MP_TO_E; } buf[idx].Length = keySz; @@ -599,14 +608,15 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, } if (private_key->blackKey == CAAM_BLACK_KEY_CCM) { - if (mp_to_unsigned_bin_len(&private_key->k, pk, + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { return MP_TO_E; } buf[idx].Length = keySz + WC_CAAM_MAC_SZ; } else { - if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, + keySz) != MP_OKAY) { return MP_TO_E; } buf[idx].Length = keySz; diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c index ae02692c0..4a8801895 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c +++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c @@ -31,6 +31,12 @@ #include #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #if defined(FSL_FEATURE_HAS_L1CACHE) || defined(__DCACHE_PRESENT) /* Setup for if memory is cached */ AT_NONCACHEABLE_SECTION(static caam_job_ring_interface_t jr0); @@ -439,13 +445,14 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, } else { if (key->blackKey == CAAM_BLACK_KEY_CCM) { - if (mp_to_unsigned_bin_len(&key->k, k, kSz + WC_CAAM_MAC_SZ) - != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, + kSz + WC_CAAM_MAC_SZ) != MP_OKAY) { return MP_TO_E; } } else { - if (mp_to_unsigned_bin_len(&key->k, k, kSz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz) != + MP_OKAY) { return MP_TO_E; } } @@ -696,13 +703,14 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, } if (private_key->blackKey == CAAM_BLACK_KEY_CCM) { - if (mp_to_unsigned_bin_len(&private_key->k, k, + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { return MP_TO_E; } } else { - if (mp_to_unsigned_bin_len(&private_key->k, k, keySz) != MP_OKAY) { + if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz) + != MP_OKAY) { return MP_TO_E; } } diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c index eedc87c8f..1f66b5222 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c +++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c @@ -34,6 +34,12 @@ #include #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #ifndef ECC_CURVE_NIST_P256 #define ECC_CURVE_NIST_P256 2 #endif @@ -113,10 +119,11 @@ int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, word32* pubkey_sz, /* set the key */ if (ret == 0) { - if (mp_iszero(&key->k) != MP_YES) { + if (mp_iszero(wc_ecc_key_get_priv(key)) != MP_YES) { /* if a private key value is set, load and use it */ byte priv[MAX_ECC_BYTES]; - ret = wc_export_int(&key->k, priv, &keySz, keySz, WC_TYPE_UNSIGNED_BIN); + ret = wc_export_int(wc_ecc_key_get_priv(key), priv, &keySz, keySz, + WC_TYPE_UNSIGNED_BIN); if (ret == 0) { ret = kcapi_kpp_setkey(key->handle, priv, keySz); } @@ -231,10 +238,10 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out, } /* if a private key value is set, load and use it */ - if (ret == 0 && mp_iszero(&private_key->k) != MP_YES) { + if (ret == 0 && mp_iszero(wc_ecc_key_get_priv(private_key)) != MP_YES) { byte priv[MAX_ECC_BYTES]; - ret = wc_export_int(&private_key->k, priv, &keySz, keySz, - WC_TYPE_UNSIGNED_BIN); + ret = wc_export_int(wc_ecc_key_get_priv(private_key), priv, &keySz, + keySz, WC_TYPE_UNSIGNED_BIN); if (ret == 0) { ret = kcapi_kpp_setkey(private_key->handle, priv, keySz); if (ret >= 0) { @@ -302,8 +309,8 @@ static int KcapiEcc_SetPrivKey(ecc_key* key) else #endif { - ret = wc_export_int(&key->k, priv + KCAPI_PARAM_SZ, &keySz, keySz, - WC_TYPE_UNSIGNED_BIN); + ret = wc_export_int(wc_ecc_key_get_priv(key), priv + KCAPI_PARAM_SZ, + &keySz, keySz, WC_TYPE_UNSIGNED_BIN); } } if (ret == 0) { diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c index b7f136ca4..a4736bf06 100644 --- a/wolfcrypt/src/port/maxim/maxq10xx.c +++ b/wolfcrypt/src/port/maxim/maxq10xx.c @@ -43,6 +43,12 @@ #include #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #ifdef MAXQ_DEBUG void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen); #else @@ -525,8 +531,9 @@ int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize) if (err == 0) { if ((keytype == ECC_PRIVATEKEY) || (keytype == ECC_PRIVATEKEY_ONLY)) { - err = wc_export_int(&key->k, key->maxq_ctx.ecc_key + (2 * keysize), - &bufflen, keysize, WC_TYPE_UNSIGNED_BIN); + err = wc_export_int(wc_ecc_key_get_priv(key), + key->maxq_ctx.ecc_key + (2 * keysize), &bufflen, keysize, + WC_TYPE_UNSIGNED_BIN); } } diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c index 1a820bef6..dcd6b2568 100644 --- a/wolfcrypt/src/port/silabs/silabs_ecc.c +++ b/wolfcrypt/src/port/silabs/silabs_ecc.c @@ -32,6 +32,11 @@ #include #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif #define SILABS_UNSUPPORTED_KEY_TYPE 0xFFFFFFFF @@ -163,7 +168,7 @@ int silabs_ecc_make_key(ecc_key* key, int keysize) mp_read_unsigned_bin (key->pubkey.y, key->key.storage.location.buffer.pointer + keysize, keysize); - mp_read_unsigned_bin (&key->k, + mp_read_unsigned_bin (wc_ecc_key_get_priv(key), key->key.storage.location.buffer.pointer + 2 * keysize, keysize); @@ -203,9 +208,9 @@ int silabs_ecc_import(ecc_key* key, word32 keysize) &used, keysize, WC_TYPE_UNSIGNED_BIN); if (err == MP_OKAY) - err = wc_export_int(&key->k, key->key.storage.location.buffer.pointer + 2 * keysize, - &used, keysize, - WC_TYPE_UNSIGNED_BIN); + err = wc_export_int(wc_ecc_key_get_priv(key), + key->key.storage.location.buffer.pointer + 2 * keysize, &used, + keysize, WC_TYPE_UNSIGNED_BIN); return err; } @@ -229,9 +234,9 @@ int silabs_ecc_import_private(ecc_key* key, word32 keysize) if (sl_stat != SL_STATUS_OK) return WC_HW_E; - ret = wc_export_int(&key->k, key->key.storage.location.buffer.pointer, - &keySz, keySz, - WC_TYPE_UNSIGNED_BIN); + ret = wc_export_int(wc_ecc_key_get_priv(key), + key->key.storage.location.buffer.pointer, &keySz, keySz, + WC_TYPE_UNSIGNED_BIN); if (keySz != keysize) ret = WC_HW_E; @@ -284,14 +289,14 @@ int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int return WC_HW_E; if (encType == WC_TYPE_HEX_STR) - err = mp_read_radix(&key->k, d, MP_RADIX_HEX); + err = mp_read_radix(wc_ecc_key_get_priv(key), d, MP_RADIX_HEX); else - err = mp_read_unsigned_bin(&key->k, (const byte*)d, + err = mp_read_unsigned_bin(wc_ecc_key_get_priv(key), (const byte*)d, key->dp->size); if (err == MP_OKAY) { - err = wc_export_int(&key->k, key->key.storage.location.buffer.pointer + (2 * keySz), - &keySz, keySz, - WC_TYPE_UNSIGNED_BIN); + err = wc_export_int(wc_ecc_key_get_priv(key), + key->key.storage.location.buffer.pointer + (2 * keySz), &keySz, + keySz, WC_TYPE_UNSIGNED_BIN); } return err; diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index 82408dc58..ad64ec2cb 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -43,6 +43,11 @@ #include #endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif #ifdef STM32_HASH @@ -954,7 +959,8 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, if (status == MP_OKAY) status = stm32_get_from_mp_int(Qybin, key->pubkey.y, szModulus); if (status == MP_OKAY) - status = stm32_get_from_mp_int(privKeybin, &key->k, szModulus); + status = stm32_get_from_mp_int(privKeybin, wc_ecc_key_get_priv(key), + szModulus); if (status != MP_OKAY) return status; @@ -1020,7 +1026,7 @@ int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, size = wc_ecc_size(key); - status = stm32_get_from_mp_int(Keybin, &key->k, size); + status = stm32_get_from_mp_int(Keybin, wc_ecc_key_get_priv(key), size); if (status != MP_OKAY) return status; diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 3803a4dd5..3adc01dd7 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -44,6 +44,12 @@ #include #include +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + /* SAKKE Build Options: * WOLFSSL_SAKKE_SMALL: Small code size version of SAKKE. * WOLFSSL_SAKKE_SMALL_MODEXP: Small code size for just SAKKE modexp. @@ -515,17 +521,19 @@ int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng) err = RNG_FAILURE_E; } if (err == 0) { - err = mp_rand(&key->ecc.k, digits, rng); + err = mp_rand(wc_ecc_key_get_priv(&key->ecc), digits, rng); } if (err == 0) { - err = mp_mod(&key->ecc.k, &key->params.q, &key->ecc.k); + err = mp_mod(wc_ecc_key_get_priv(&key->ecc), &key->params.q, + wc_ecc_key_get_priv(&key->ecc)); } } - while ((err == 0) && mp_iszero(&key->ecc.k)); + while ((err == 0) && mp_iszero(wc_ecc_key_get_priv(&key->ecc))); } if (err == 0) { /* Calculate public key by multiply master secret by base point. */ - err = sakke_mulmod_base(key, &key->ecc.k, &key->ecc.pubkey, 1); + err = sakke_mulmod_base(key, wc_ecc_key_get_priv(&key->ecc), + &key->ecc.pubkey, 1); } if (err == 0) { key->ecc.type = ECC_PRIVATEKEY; @@ -561,7 +569,7 @@ int wc_MakeSakkePublicKey(SakkeKey* key, ecc_point* pub) err = sakke_load_base_point(key); } if (err == 0) { - err = sakke_mulmod_base(key, &key->ecc.k, pub, 1); + err = sakke_mulmod_base(key, wc_ecc_key_get_priv(&key->ecc), pub, 1); } return err; @@ -601,7 +609,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz) } if (err == 0) { /* Write out the secret value into key size bytes. */ - err = mp_to_unsigned_bin_len(&key->ecc.k, data, key->ecc.dp->size); + err = mp_to_unsigned_bin_len(wc_ecc_key_get_priv(&key->ecc), data, key->ecc.dp->size); } if (err == 0) { data += key->ecc.dp->size; @@ -651,7 +659,8 @@ int wc_ImportSakkeKey(SakkeKey* key, const byte* data, word32 sz) if (err == 0) { /* Read the secret value from key size bytes. */ - err = mp_read_unsigned_bin(&key->ecc.k, data, key->ecc.dp->size); + err = mp_read_unsigned_bin(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); } if (err == 0) { data += key->ecc.dp->size; @@ -706,7 +715,8 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz) } if (err == 0) { /* Write out the secret value into key size bytes. */ - err = mp_to_unsigned_bin_len(&key->ecc.k, data, key->ecc.dp->size); + err = mp_to_unsigned_bin_len(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); } if (err == 0) { *sz = key->ecc.dp->size; @@ -745,7 +755,8 @@ int wc_ImportSakkePrivateKey(SakkeKey* key, const byte* data, word32 sz) if (err == 0) { /* Read the secret value from key size bytes. */ - err = mp_read_unsigned_bin(&key->ecc.k, data, key->ecc.dp->size); + err = mp_read_unsigned_bin(wc_ecc_key_get_priv(&key->ecc), data, + key->ecc.dp->size); } return err; @@ -972,7 +983,7 @@ int wc_MakeSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, ecc_point* rsk) } /* a + z_T */ if (err == 0) { - err = mp_addmod(a, &key->ecc.k, &key->params.q, a); + err = mp_addmod(a, wc_ecc_key_get_priv(&key->ecc), &key->params.q, a); } /* (a + z_T) ^ 1 modulo q */ if (err == 0) { @@ -2361,7 +2372,7 @@ static int sakke_compute_point_i(SakkeKey* key, const byte* id, word16 idSz, ecc_point* i) { int err; - mp_int* b = &key->ecc.k; + mp_int* b = wc_ecc_key_get_priv(&key->ecc); /* Load b - ID of receiver */ err = mp_read_unsigned_bin(b, id, idSz); diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index d988f6ee6..b2386f57b 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -45,6 +45,12 @@ #include #endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #if defined(NO_PKCS11_RSA) && !defined(NO_RSA) #define NO_RSA #endif @@ -1184,8 +1190,8 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey, ret = Pkcs11EccSetParams(private_key, keyTemplate, 3); if (ret == 0) { - keyTemplate[4].pValue = private_key->k.raw.buf; - keyTemplate[4].ulValueLen = private_key->k.raw.len; + keyTemplate[4].pValue = wc_ecc_key_get_priv(private_key)->raw.buf; + keyTemplate[4].ulValueLen = wc_ecc_key_get_priv(private_key)->raw.len; PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt); rv = session->func->C_CreateObject(session->handle, keyTemplate, @@ -1426,7 +1432,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) ret = ret2; } if (ret == 0 && clear) - mp_forcezero(&eccKey->k); + mp_forcezero(wc_ecc_key_get_priv(eccKey)); break; } #endif @@ -2448,7 +2454,8 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info) if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Key Derivation Operation"); - if ((sessionKey = !mp_iszero(&info->pk.ecdh.private_key->k))) + if ((sessionKey = !mp_iszero( + wc_ecc_key_get_priv(info->pk.ecdh.private_key)))) ret = Pkcs11CreateEccPrivateKey(&privateKey, session, info->pk.ecdh.private_key, CKA_DERIVE); else if (info->pk.ecdh.private_key->labelLen > 0) { @@ -2742,7 +2749,8 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info) if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Signing Operation"); - if ((sessionKey = !mp_iszero(&info->pk.eccsign.key->k))) + if ((sessionKey = !mp_iszero( + wc_ecc_key_get_priv(info->pk.eccsign.key)))) ret = Pkcs11CreateEccPrivateKey(&privateKey, session, info->pk.eccsign.key, CKA_SIGN); else if (info->pk.eccsign.key->labelLen > 0) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index dcf2c727b..8f9ee60f8 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -356,6 +356,12 @@ #include #endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + #ifdef WOLFSSL_STATIC_MEMORY static WOLFSSL_HEAP_HINT* HEAP_HINT; #else @@ -25748,7 +25754,8 @@ static int ecc_mulmod_test(ecc_key* key1) if (ret != 0) goto done; - ret = wc_ecc_mulmod(&key1->k, &key2->pubkey, &key3->pubkey, &key2->k, &key3->k, + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey, + wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3), 1); if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 80141bdd8..8bb07f60e 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -347,14 +347,15 @@ typedef struct ecc_set_type { * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH. */ -#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH_ALL) && \ - !defined(WOLFSSL_SP_MATH) - #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE +#if defined(USE_INTEGER_HEAP_MATH) + #error Cannot use integer math with ALT_ECC_SIZE #endif #ifdef WOLFSSL_NO_MALLOC #error ALT_ECC_SIZE cannot be used with no malloc (WOLFSSL_NO_MALLOC) #endif +#ifdef USE_FAST_MATH + /* determine max bits required for ECC math */ #ifndef FP_MAX_BITS_ECC /* max bits rounded up by 8 then doubled */ @@ -385,6 +386,40 @@ typedef struct alt_fp_int { int used, sign, size; mp_digit dp[FP_SIZE_ECC]; } alt_fp_int; + +#else + +#ifdef FP_MAX_BITS_ECC + #define SP_INT_BITS_ECC (FP_MAX_BITS_ECC / 2) +#elif SP_INT_BITS < MAX_ECC_BITS + #define SP_INT_BITS_ECC SP_INT_BITS +#else + #define SP_INT_BITS_ECC MAX_ECC_BITS +#endif + +#define SP_INT_DIGITS_ECC \ + (((SP_INT_BITS_ECC + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1) + +#define FP_SIZE_ECC SP_INT_DIGITS_ECC + +typedef struct alt_fp_int { + /** Number of words that contain data. */ + unsigned int used; + /** Maximum number of words in data. */ + unsigned int size; +#ifdef WOLFSSL_SP_INT_NEGATIVE + /** Indicates whether number is 0/positive or negative. */ + unsigned int sign; +#endif +#ifdef HAVE_WOLF_BIGINT + /** Unsigned binary (big endian) representation of number. */ + struct WC_BIGINT raw; +#endif + /** Data of number. */ + sp_int_digit dp[SP_INT_DIGITS_ECC]; +} alt_fp_int; + +#endif #endif /* ALT_ECC_SIZE */ #ifndef WC_ECCKEY_TYPE_DEFINED @@ -446,7 +481,12 @@ struct ecc_key { #endif void* heap; /* heap hint */ ecc_point pubkey; /* public key */ - mp_int k; /* private key */ +#ifndef ALT_ECC_SIZE + mp_int k[1]; /* private key */ +#else + mp_int* k; + alt_fp_int ka[1]; +#endif #ifdef WOLFSSL_CAAM word32 blackKey; /* address of key encrypted and in secure memory */ @@ -543,6 +583,9 @@ struct ecc_key { #endif }; +#define wc_ecc_key_get_priv(key) ((key)->k) +#define WOLFSSL_HAVE_ECC_KEY_GET_PRIV + WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void* heap); WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);