wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 08:32:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

RipeMd and Sha224 added to unit test.

Browse Source
This commit is contained in:
David Garske
2016-12-19 12:15:10 -08:00
committed by jrblixt
parent a40a3cb142
commit 4edcbc79c1
215 changed files with 58563 additions and 21354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1196
wolfcrypt/src/aes.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

46
wolfcrypt/src/arc4.c
View File

@@ -32,12 +32,14 @@
#include <wolfssl/wolfcrypt/arc4.h>
void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
{
int ret = 0;
word32 i;
word32 keyIndex = 0, stateIndex = 0;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ARC4) && \
defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
return NitroxArc4SetKey(arc4, key, length);
}
@@ -59,6 +61,8 @@ void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
if (++keyIndex >= length)
keyIndex = 0;
}
return ret;
}
@@ -76,12 +80,14 @@ static INLINE byte MakeByte(word32* x, word32* y, byte* s)
}
void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
{
int ret = 0;
word32 x;
word32 y;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ARC4) && \
defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
return NitroxArc4Process(arc4, out, in, length);
}
@@ -95,31 +101,41 @@ void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
arc4->x = (byte)x;
arc4->y = (byte)y;
return ret;
}
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Arc4 for use with Nitrox device */
int wc_Arc4AsyncInit(Arc4* arc4, int devId)
/* Initialize Arc4 for use with async device */
int wc_Arc4Init(Arc4* arc4, void* heap, int devId)
{
int ret = 0;
if (arc4 == NULL)
return BAD_FUNC_ARG;
return wolfAsync_DevCtxInit(&arc4->asyncDev, WOLFSSL_ASYNC_MARKER_ARC4, devId);
arc4->heap = heap;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ARC4)
ret = wolfAsync_DevCtxInit(&arc4->asyncDev, WOLFSSL_ASYNC_MARKER_ARC4,
arc4->heap, devId);
#else
(void)devId;
#endif /* WOLFSSL_ASYNC_CRYPT */
return ret;
}
/* Free Arc4 from use with Nitrox device */
void wc_Arc4AsyncFree(Arc4* arc4)
/* Free Arc4 from use with async device */
void wc_Arc4Free(Arc4* arc4)
{
if (arc4 == NULL)
return;
wolfAsync_DevCtxFree(&arc4->asyncDev);
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ARC4)
wolfAsync_DevCtxFree(&arc4->asyncDev, WOLFSSL_ASYNC_MARKER_ARC4);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
#endif /* NO_RC4 */

3727
wolfcrypt/src/asn.c Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

15
wolfcrypt/src/blake2b.c
View File

@@ -126,6 +126,7 @@ int blake2b_init( blake2b_state *S, const byte outlen )
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
P->digest_length = outlen;
P->key_length = 0;
P->fanout = 1;
@@ -137,6 +138,12 @@ int blake2b_init( blake2b_state *S, const byte outlen )
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
XMEMSET( P->salt, 0, sizeof( P->salt ) );
XMEMSET( P->personal, 0, sizeof( P->personal ) );
#else
XMEMSET( P, 0, sizeof( *P ) );
P->digest_length = outlen;
P->fanout = 1;
P->depth = 1;
#endif
return blake2b_init_param( S, P );
}
@@ -150,6 +157,7 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
P->digest_length = outlen;
P->key_length = keylen;
P->fanout = 1;
@@ -161,6 +169,13 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
XMEMSET( P->salt, 0, sizeof( P->salt ) );
XMEMSET( P->personal, 0, sizeof( P->personal ) );
#else
XMEMSET( P, 0, sizeof( *P ) );
P->digest_length = outlen;
P->key_length = keylen;
P->fanout = 1;
P->depth = 1;
#endif
if( blake2b_init_param( S, P ) < 0 ) return -1;

11
wolfcrypt/src/cmac.c
View File

@@ -40,17 +40,6 @@
#include <wolfssl/wolfcrypt/cmac.h>
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
static void ShiftAndXorRb(byte* out, byte* in)
{
int i, j, xorRb;

3
wolfcrypt/src/coding.c
View File

@@ -347,7 +347,8 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
#endif /* defined(WOLFSSL_BASE64_ENCODE) */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) \
|| defined(HAVE_ECC_CDH)
static
const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

1598
wolfcrypt/src/des3.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

777
wolfcrypt/src/dh.c Normal file → Executable file
View File

@@ -30,6 +30,15 @@
#include <wolfssl/wolfcrypt/dh.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
#include <math.h>
@@ -39,48 +48,502 @@
/* user's own math lib */
#endif
#ifdef HAVE_FFDHE_2048
static const byte dh_ffdhe2048_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe2048_g[] = { 0x02 };
#if !defined(WOLFSSL_HAVE_MIN) && !defined(WOLFSSL_DH_CONST)
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
void wc_InitDhKey(DhKey* key)
const DhParams* wc_Dh_ffdhe2048_Get(void)
{
(void)key;
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
key->p.dp = NULL;
key->g.dp = NULL;
static const DhParams ffdhe2048 = {
dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
};
return &ffdhe2048;
}
#endif
#ifdef HAVE_FFDHE_3072
static const byte dh_ffdhe3072_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe3072_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe3072_Get(void)
{
static const DhParams ffdhe3072 = {
dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
};
return &ffdhe3072;
}
#endif
#ifdef HAVE_FFDHE_4096
static const byte dh_ffdhe4096_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe4096_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe4096_Get(void)
{
static const DhParams ffdhe4096 = {
dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
};
return &ffdhe4096;
}
#endif
#ifdef HAVE_FFDHE_6144
static const byte dh_ffdhe6144_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe6144_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe6144_Get(void)
{
static const DhParams ffdhe6144 = {
dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
};
return &ffdhe6144;
}
#endif
#ifdef HAVE_FFDHE_8192
static const byte dh_ffdhe8192_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe8192_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe8192_Get(void)
{
static const DhParams ffdhe8192 = {
dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
};
return &ffdhe8192;
}
#endif
int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
{
int ret = 0;
if (key == NULL)
return BAD_FUNC_ARG;
key->heap = heap; /* for XMALLOC/XFREE in future */
if (mp_init_multi(&key->p, &key->g, NULL, NULL, NULL, NULL) != MP_OKAY)
return MEMORY_E;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
key->heap, devId);
#else
(void)devId;
#endif
return ret;
}
int wc_InitDhKey(DhKey* key)
{
return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
}
void wc_FreeDhKey(DhKey* key)
{
(void)key;
mp_clear(&key->p);
mp_clear(&key->g);
if (key) {
mp_clear(&key->p);
mp_clear(&key->g);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
#endif
}
}
/* if defined to not use floating point values do not compile in */
#ifndef WOLFSSL_DH_CONST
static word32 DiscreteLogWorkFactor(word32 n)
{
/* assuming discrete log takes about the same time as factoring */
if (n<5)
return 0;
else
return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
XPOW(XLOG((double)n), 2.0/3.0) - 5);
}
static word32 DiscreteLogWorkFactor(word32 n)
{
/* assuming discrete log takes about the same time as factoring */
if (n < 5)
return 0;
else
return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
XPOW(XLOG((double)n), 2.0/3.0) - 5);
}
#endif /* WOLFSSL_DH_CONST*/
@@ -100,9 +563,9 @@ static word32 DiscreteLogWorkFactor(word32 n)
#endif
static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
{
int ret;
int ret = 0;
word32 sz = mp_unsigned_bin_size(&key->p);
/* Table of predetermined values from the operation
@@ -120,33 +583,31 @@ static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
case 896: sz = 49; break;
case 1024: sz = 52; break;
default:
#ifndef WOLFSSL_DH_CONST
/* if using floating points and size of p is not in table */
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
WOLFSSL_BIT_SIZE + 1);
break;
#else
return BAD_FUNC_ARG;
#endif
#ifndef WOLFSSL_DH_CONST
/* if using floating points and size of p is not in table */
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
WOLFSSL_BIT_SIZE + 1);
break;
#else
return BAD_FUNC_ARG;
#endif
}
ret = wc_RNG_GenerateBlock(rng, priv, sz);
if (ret != 0)
return ret;
priv[0] |= 0x0C;
if (ret == 0) {
priv[0] |= 0x0C;
*privSz = sz;
}
*privSz = sz;
return 0;
return ret;
}
static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
byte* pub, word32* pubSz)
static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
@@ -171,24 +632,163 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
return ret;
}
int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz,
byte* pub, word32* pubSz)
static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
int ret = GeneratePrivate(key, rng, priv, privSz);
int ret;
return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
pub == NULL || pubSz == NULL) {
return BAD_FUNC_ARG;
}
ret = GeneratePrivateDh(key, rng, priv, privSz);
return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
}
int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
word32 privSz, const byte* otherPub, word32 pubSz)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
int ret;
#if defined(HAVE_INTEL_QA)
mp_int x;
ret = mp_init(&x);
if (ret != MP_OKAY)
return ret;
ret = GeneratePrivateDh(key, rng, priv, privSz);
if (ret == 0)
ret = mp_read_unsigned_bin(&x, priv, *privSz);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&x, &x.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->g, &key->g.raw);
if (ret == MP_OKAY)
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
&x.raw, pub, pubSz);
mp_clear(&x);
#else
#if defined(HAVE_CAVIUM)
/* TODO: Not implemented - use software for now */
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_DH_GEN;
testDev->dhGen.key = key;
testDev->dhGen.rng = rng;
testDev->dhGen.priv = priv;
testDev->dhGen.privSz = privSz;
testDev->dhGen.pub = pub;
testDev->dhGen.pubSz = pubSz;
return WC_PENDING_E;
}
#endif
ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
#endif /* HAVE_INTEL_QA */
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
/* Check DH Public Key for invalid numbers
*
* key DH key group parameters.
* pub Public Key.
* pubSz Public Key size.
*
* returns 0 on success or error code
*/
int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
{
int ret = 0;
mp_int x;
mp_int x;
mp_int y;
if (key == NULL || pub == NULL) {
return BAD_FUNC_ARG;
}
if (mp_init_multi(&x, &y, NULL, NULL, NULL, NULL) != MP_OKAY) {
return MP_INIT_E;
}
if (mp_read_unsigned_bin(&x, pub, pubSz) != MP_OKAY) {
ret = MP_READ_E;
}
/* pub should not be 0 or 1 */
if (ret == 0 && mp_cmp_d(&x, 2) == MP_LT) {
ret = MP_CMP_E;
}
/* pub shouldn't be greater than or equal to p - 1 */
if (ret == 0 && mp_copy(&key->p, &y) != MP_OKAY) {
ret = MP_INIT_E;
}
if (ret == 0 && mp_sub_d(&y, 2, &y) != MP_OKAY) {
ret = MP_SUB_E;
}
if (ret == 0 && mp_cmp(&x, &y) == MP_GT) {
ret = MP_CMP_E;
}
mp_clear(&y);
mp_clear(&x);
return ret;
}
int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
int ret;
if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
pub == NULL || pubSz == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
}
else
#endif
{
ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
}
return ret;
}
static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
mp_int z;
if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
return DH_CHECK_PUB_E;
}
if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
return MP_INIT_E;
@@ -209,7 +809,65 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
mp_clear(&z);
mp_clear(&y);
mp_clear(&x);
mp_forcezero(&x);
return ret;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
{
int ret;
#ifdef HAVE_CAVIUM
/* TODO: Not implemented - use software for now */
ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
#elif defined(HAVE_INTEL_QA)
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
if (ret == MP_OKAY)
ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
agree, agreeSz, priv, privSz, otherPub, pubSz);
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_DH_AGREE;
testDev->dhAgree.key = key;
testDev->dhAgree.agree = agree;
testDev->dhAgree.agreeSz = agreeSz;
testDev->dhAgree.priv = priv;
testDev->dhAgree.privSz = privSz;
testDev->dhAgree.otherPub = otherPub;
testDev->dhAgree.pubSz = pubSz;
return WC_PENDING_E;
}
ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
#endif
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
word32 privSz, const byte* otherPub, word32 pubSz)
{
int ret = 0;
if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
otherPub == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
}
else
#endif
{
ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
}
return ret;
}
@@ -219,8 +877,9 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz)
{
if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0)
if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
return BAD_FUNC_ARG;
}
/* may have leading 0 */
if (p[0] == 0) {
@@ -251,6 +910,4 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
return 0;
}
#endif /* NO_DH */

74
wolfcrypt/src/dsa.c
View File

@@ -35,6 +35,13 @@
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/dsa.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
enum {
DSA_HALF_SIZE = 20, /* r and s size */
@@ -42,50 +49,49 @@ enum {
};
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
void wc_InitDsaKey(DsaKey* key)
int wc_InitDsaKey(DsaKey* key)
{
if (key == NULL)
return BAD_FUNC_ARG;
key->type = -1; /* haven't decided yet */
key->heap = NULL;
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
key->p.dp = 0; /* public alloc parts */
key->q.dp = 0;
key->g.dp = 0;
key->y.dp = 0;
return mp_init_multi(
/* public alloc parts */
&key->p,
&key->q,
&key->g,
&key->y,
key->x.dp = 0; /* private alloc parts */
#endif
/* private alloc parts */
&key->x,
NULL
);
}
int wc_InitDsaKey_h(DsaKey* key, void* h)
{
wc_InitDsaKey(key);
key->heap = h;
int ret = wc_InitDsaKey(key);
if (ret == 0)
key->heap = h;
return 0;
return ret;
}
void wc_FreeDsaKey(DsaKey* key)
{
(void)key;
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
if (key == NULL)
return;
if (key->type == DSA_PRIVATE)
mp_clear(&key->x);
mp_forcezero(&key->x);
#ifndef USE_FAST_MATH
mp_clear(&key->x);
mp_clear(&key->y);
mp_clear(&key->g);
mp_clear(&key->q);
@@ -151,7 +157,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
}
dsa->type = DSA_PRIVATE;
return MP_OKAY;
}
@@ -315,7 +321,13 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
}
/* find a value g for which g^tmp2 != 1 */
mp_set(&dsa->g, 1);
if (mp_set(&dsa->g, 1) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return MP_INIT_E;
}
do {
err = mp_add_d(&dsa->g, 1, &dsa->g);
@@ -359,7 +371,7 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
byte* tmp = out; /* initial output pointer */
sz = min((int)sizeof(buffer), mp_unsigned_bin_size(&key->q));
if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)
return MP_INIT_E;
@@ -373,12 +385,12 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY)
ret = MP_READ_E;
/* k is a random numnber and it should be less than q
* if k greater than repeat
*/
} while (mp_cmp(&k, &key->q) != MP_LT);
if (ret == 0 && mp_cmp_d(&k, 1) != MP_GT)
ret = MP_CMP_E;

2720
wolfcrypt/src/ecc.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

12
wolfcrypt/src/ed25519.c
View File

@@ -207,11 +207,11 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
siglen is the length of sig byte array
msg the array of bytes containing the message
msglen length of msg array
stat will be 1 on successful verify and 0 on unsuccessful
return 0 and stat of 1 on success
res will be 1 on successful verify and 0 on unsuccessful
return 0 and res of 1 on success
*/
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key)
word32 msglen, int* res, ed25519_key* key)
{
byte rcheck[ED25519_KEY_SIZE];
byte h[SHA512_DIGEST_SIZE];
@@ -223,11 +223,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
Sha512 sha;
/* sanity check on arguments */
if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
if (sig == NULL || msg == NULL || res == NULL || key == NULL)
return BAD_FUNC_ARG;
/* set verification failed by default */
*stat = 0;
*res = 0;
/* check on basics needed to verify signature */
if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
@@ -279,7 +279,7 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
return SIG_VERIFY_E;
/* set the verification status */
*stat = 1;
*res = 1;
return ret;
}

20
wolfcrypt/src/error.c
View File

@@ -204,7 +204,7 @@ const char* wc_GetErrorString(int error)
return "ASN NTRU key decode error, invalid input";
case ASN_CRIT_EXT_E:
return "X.509 Critical extension ignored";
return "X.509 Critical extension ignored or invalid";
case ECC_BAD_ARG_E :
return "ECC input argument wrong type, invalid input";
@@ -338,6 +338,9 @@ const char* wc_GetErrorString(int error)
case ECC_INF_E:
return " ECC point at infinity error";
case ECC_OUT_OF_RANGE_E:
return " ECC Qx or Qy out of range error";
case ECC_PRIV_KEY_E:
return " ECC private key is not valid error";
@@ -407,6 +410,21 @@ const char* wc_GetErrorString(int error)
case BAD_KEYWRAP_IV_E:
return "Decrypted AES key wrap IV does not match expected";
case WC_CLEANUP_E:
return "wolfcrypt cleanup failed";
case ECC_CDH_KAT_FIPS_E:
return "wolfcrypt FIPS ECC CDH Known Answer Test Failure";
case DH_CHECK_PUB_E:
return "DH Check Public Key failure";
case BAD_PATH_ERROR:
return "Bad path for opendir error";
case ASYNC_OP_E:
return "Async operation error";
default:
return "unknown error number";

539
wolfcrypt/src/evp.c Normal file
View File

@@ -0,0 +1,539 @@
/* evp.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
unsigned char* key, unsigned char* iv)
{
return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1);
}
WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
unsigned char* key, unsigned char* iv)
{
(void) impl;
return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1);
}
WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
unsigned char* key, unsigned char* iv)
{
WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0);
}
WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
unsigned char* key, unsigned char* iv)
{
(void) impl;
WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit");
return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0);
}
WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void)
{
WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ctx){
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
}
return ctx;
}
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
{
if (ctx) {
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free");
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
}
WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL) return 0;
return ctx->flags & WOLFSSL_EVP_CIPH_MODE;
}
WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc){
WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
else
return 0;
}
WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
unsigned char* key, unsigned char* iv,
int enc)
{
(void)impl;
return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc);
}
WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc){
WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
else
return 0;
}
WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc)
return 0;
else{
WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
}
WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc)
return 0;
else{
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
}
WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
const WOLFSSL_EVP_MD* type,
WOLFSSL_ENGINE *impl)
{
(void) impl;
WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex");
return wolfSSL_EVP_DigestInit(ctx, type);
}
#ifdef DEBUG_WOLFSSL_EVP
#define PRINT_BUF(b, sz) { int i; for(i=0; i<(sz); i++){printf("%02x(%c),", (b)[i], (b)[i]); if((i+1)%8==0)printf("\n");}}
#else
#define PRINT_BUF(b, sz)
#endif
static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz)
{
int fill;
if (sz > 0) {
if ((sz+ctx->bufUsed) > ctx->block_size) {
fill = ctx->block_size - ctx->bufUsed;
} else {
fill = sz;
}
XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill);
ctx->bufUsed += fill;
return fill;
} else return 0;
}
static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in, int inl)
{
int ret = 0;
switch (ctx->cipherType) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
if (ctx->enc)
ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
else
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
case AES_128_CTR_TYPE:
case AES_192_CTR_TYPE:
case AES_256_CTR_TYPE:
if (ctx->enc)
wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
else
wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#if !defined(NO_AES) && defined(HAVE_AES_ECB)
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
if (ctx->enc)
ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
else
ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
if (ctx->enc)
ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
else
ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_CBC_TYPE:
if (ctx->enc)
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
else
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
break;
#if defined(WOLFSSL_DES_ECB)
case DES_ECB_TYPE:
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_ECB_TYPE:
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
break;
#endif /* WOLFSSL_DES_ECB */
#endif /* !NO_DES3 */
default:
return 0;
}
if (ret != 0)
return 0; /* failure */
(void)in;
(void)inl;
(void)out;
return 1; /* success */
}
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int blocks;
int fill;
if (ctx == NULL) return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
*outl = 0;
if (ctx->bufUsed > 0) { /* concatinate them if there is anything */
fill = fillBuff(ctx, in, inl);
inl -= fill;
in += fill;
}
if((ctx->enc == 0)&& (ctx->lastUsed == 1)){
PRINT_BUF(ctx->lastBlock, ctx->block_size);
XMEMCPY(out, ctx->lastBlock, ctx->block_size);
*outl+= ctx->block_size;
out += ctx->block_size;
}
if ((ctx->bufUsed == ctx->block_size) || (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING)){
/* the buff is full, flash out */
PRINT_BUF(ctx->buf, ctx->block_size);
if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0)
return 0;
PRINT_BUF(out, ctx->block_size);
if(ctx->enc == 0){
ctx->lastUsed = 1;
XMEMCPY(ctx->lastBlock, out, ctx->block_size);
} else {
*outl+= ctx->block_size;
out += ctx->block_size;
}
ctx->bufUsed = 0;
}
blocks = inl / ctx->block_size;
if (blocks > 0) {
/* process blocks */
if (evpCipherBlock(ctx, out, in, blocks*ctx->block_size) == 0)
return 0;
PRINT_BUF(ctx->buf, ctx->block_size);
PRINT_BUF(out, ctx->block_size);
inl -= ctx->block_size * blocks;
in += ctx->block_size * blocks;
if(ctx->enc == 0){
ctx->lastUsed = 1;
XMEMCPY(ctx->lastBlock, &out[ctx->block_size * (blocks-1)], ctx->block_size);
*outl+= ctx->block_size * (blocks-1);
} else {
*outl+= ctx->block_size * blocks;
}
}
if (inl > 0) {
/* put fraction into buff */
fillBuff(ctx, in, inl);
/* no increase of outl */
}
(void)out; /* silence warning in case not read */
return 1;
}
static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx)
{
int i;
for (i = ctx->bufUsed; i < ctx->block_size; i++)
ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed);
}
static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
{
int i;
int n;
n = buff[ctx->block_size-1];
if (n > ctx->block_size) return FALSE;
for (i = 0; i < n; i++){
if (buff[ctx->block_size-i-1] != n)
return FALSE;
}
return ctx->block_size - n;
}
WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
int fl ;
if (ctx == NULL || out == NULL) return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
*outl = 0;
return 1;
}
if (ctx->enc) {
if (ctx->bufUsed > 0) {
padBlock(ctx);
PRINT_BUF(ctx->buf, ctx->block_size);
if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0)
return 0;
PRINT_BUF(out, ctx->block_size);
*outl = ctx->block_size;
}
} else {
if (ctx->lastUsed){
PRINT_BUF(ctx->lastBlock, ctx->block_size);
if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) {
XMEMCPY(out, ctx->lastBlock, fl);
*outl = fl;
} else return 0;
}
}
return 1;
}
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL) return BAD_FUNC_ARG;
switch (ctx->cipherType) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
case AES_128_CTR_TYPE:
case AES_192_CTR_TYPE:
case AES_256_CTR_TYPE:
#endif
#if !defined(NO_AES)
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
case DES_ECB_TYPE:
case DES_EDE3_CBC_TYPE:
case DES_EDE3_ECB_TYPE:
#endif
return ctx->block_size;
default:
return 0;
}
}
static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
{
if (cipher == NULL) return 0; /* dummy for #ifdef */
#ifndef NO_DES3
else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0)
return DES_CBC_TYPE;
else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
return DES_EDE3_CBC_TYPE;
#if !defined(NO_DES3)
else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0)
return DES_ECB_TYPE;
else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)
return DES_EDE3_ECB_TYPE;
#endif /* NO_DES3 && HAVE_AES_ECB */
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
return AES_128_CBC_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
return AES_192_CBC_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
return AES_256_CBC_TYPE;
#endif /* !NO_AES && HAVE_AES_CBC */
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)
return AES_128_CTR_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)
return AES_192_CTR_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)
return AES_256_CTR_TYPE;
#endif /* !NO_AES && HAVE_AES_CBC */
#if !defined(NO_AES) && defined(HAVE_AES_ECB)
else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)
return AES_128_ECB_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)
return AES_192_ECB_TYPE;
else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)
return AES_256_ECB_TYPE;
#endif /* !NO_AES && HAVE_AES_CBC */
else return 0;
}
WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
{
if (cipher == NULL) return BAD_FUNC_ARG;
switch (cipherType(cipher)) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
return AES_BLOCK_SIZE;
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
case AES_128_CTR_TYPE:
case AES_192_CTR_TYPE:
case AES_256_CTR_TYPE:
return AES_BLOCK_SIZE;
#endif
#if !defined(NO_AES) && defined(HAVE_AES_ECB)
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
return AES_BLOCK_SIZE;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE: return 8;
case DES_EDE3_CBC_TYPE: return 8;
case DES_ECB_TYPE: return 8;
case DES_EDE3_ECB_TYPE: return 8;
#endif
default:
return 0;
}
}
unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
{
switch (cipherType(cipher)) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
return WOLFSSL_EVP_CIPH_CBC_MODE ;
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
case AES_128_CTR_TYPE:
case AES_192_CTR_TYPE:
case AES_256_CTR_TYPE:
return WOLFSSL_EVP_CIPH_CTR_MODE ;
#endif
#if !defined(NO_AES)
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE ;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
case DES_EDE3_CBC_TYPE:
return WOLFSSL_EVP_CIPH_CBC_MODE ;
case DES_ECB_TYPE:
case DES_EDE3_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE ;
#endif
default:
return 0;
}
}
WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
{
if (cipher == NULL) return 0;
return WOLFSSL_CIPHER_mode(cipher);
}
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags)
{
if (ctx != NULL) {
ctx->flags = flags;
}
}
WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher)
{
if (cipher == NULL) return 0;
return WOLFSSL_CIPHER_mode(cipher);
}
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding)
{
if (ctx == NULL) return BAD_FUNC_ARG;
if (padding) {
ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING;
}
else {
ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING;
}
return 1;
}
WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
{
(void)digest;
/* nothing to do */
return 0;
}

18
wolfcrypt/src/fe_low_mem.c
View File

@@ -183,7 +183,7 @@ static void raw_add(byte *x, const byte *p)
for (i = 0; i < F25519_SIZE; i++) {
c += ((word16)x[i]) + ((word16)p[i]);
x[i] = c;
x[i] = (byte)c;
c >>= 8;
}
}
@@ -197,11 +197,11 @@ static void raw_try_sub(byte *x, const byte *p)
for (i = 0; i < F25519_SIZE; i++) {
c = ((word16)x[i]) - ((word16)p[i]) - c;
minusp[i] = c;
minusp[i] = (byte)c;
c = (c >> 8) & 1;
}
fprime_select(x, minusp, x, c);
fprime_select(x, minusp, x, (byte)c);
}
@@ -271,7 +271,7 @@ void fprime_mul(byte *r, const byte *a, const byte *b,
for (j = 0; j < F25519_SIZE; j++) {
c |= ((word16)r[j]) << 1;
r[j] = c;
r[j] = (byte)c;
c >>= 8;
}
raw_try_sub(r, modulus);
@@ -310,7 +310,7 @@ void fe_normalize(byte *x)
for (i = 0; i < F25519_SIZE; i++) {
c += x[i];
x[i] = c;
x[i] = (byte)c;
c >>= 8;
}
@@ -322,12 +322,12 @@ void fe_normalize(byte *x)
for (i = 0; i + 1 < F25519_SIZE; i++) {
c += x[i];
minusp[i] = c;
minusp[i] = (byte)c;
c >>= 8;
}
c += ((word16)x[i]) - 128;
minusp[31] = c;
minusp[31] = (byte)c;
/* Load x-p if no underflow */
fe_select(x, minusp, x, (c >> 15) & 1);
@@ -355,7 +355,7 @@ void fe_add(fe r, const fe a, const fe b)
for (i = 0; i < F25519_SIZE; i++) {
c >>= 8;
c += ((word16)a[i]) + ((word16)b[i]);
r[i] = c;
r[i] = (byte)c;
}
/* Reduce with 2^255 = 19 mod p */
@@ -364,7 +364,7 @@ void fe_add(fe r, const fe a, const fe b)
for (i = 0; i < F25519_SIZE; i++) {
c += r[i];
r[i] = c;
r[i] = (byte)c;
c >>= 8;
}
}

8
wolfcrypt/src/fe_operations.c Normal file → Executable file
View File

@@ -41,6 +41,9 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifdef HAVE___UINT128_T
#include "fe_x25519_128.i"
#else
/*
fe means field element.
Here the field is \Z/(2^255-19).
@@ -942,7 +945,7 @@ replace (f,g) with (f,g) if b == 0.
Preconditions: b in {0,1}.
*/
void fe_cswap(fe f,fe g,unsigned int b)
void fe_cswap(fe f, fe g, int b)
{
int32_t f0 = f[0];
int32_t f1 = f[1];
@@ -1353,7 +1356,7 @@ replace (f,g) with (f,g) if b == 0.
Preconditions: b in {0,1}.
*/
void fe_cmov(fe f,const fe g,unsigned int b)
void fe_cmov(fe f, const fe g, int b)
{
int32_t f0 = f[0];
int32_t f1 = f[1];
@@ -1407,6 +1410,7 @@ void fe_cmov(fe f,const fe g,unsigned int b)
f[8] = f8 ^ x8;
f[9] = f9 ^ x9;
}
#endif
#endif /* HAVE ED25519 or CURVE25519 */
#endif /* not defined CURVED25519_SMALL */

612
wolfcrypt/src/fe_x25519_128.i Normal file
View File

@@ -0,0 +1,612 @@
/* fp_mont_small.i
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Convert a number represented as an array of bytes to an array of words with
* 51-bits of data in each word.
*
* in An array of bytes.
* out An array of words.
*/
void fe_frombytes(fe out, const unsigned char *in)
{
out[0] = (((int64_t)((in[ 0] ) )) )
| (((int64_t)((in[ 1] ) )) << 8)
| (((int64_t)((in[ 2] ) )) << 16)
| (((int64_t)((in[ 3] ) )) << 24)
| (((int64_t)((in[ 4] ) )) << 32)
| (((int64_t)((in[ 5] ) )) << 40)
| (((int64_t)((in[ 6] ) & 0x07)) << 48);
out[1] = (((int64_t)((in[ 6] >> 3) & 0x1f)) )
| (((int64_t)((in[ 7] ) )) << 5)
| (((int64_t)((in[ 8] ) )) << 13)
| (((int64_t)((in[ 9] ) )) << 21)
| (((int64_t)((in[10] ) )) << 29)
| (((int64_t)((in[11] ) )) << 37)
| (((int64_t)((in[12] ) & 0x3f)) << 45);
out[2] = (((int64_t)((in[12] >> 6) & 0x03)) )
| (((int64_t)((in[13] ) )) << 2)
| (((int64_t)((in[14] ) )) << 10)
| (((int64_t)((in[15] ) )) << 18)
| (((int64_t)((in[16] ) )) << 26)
| (((int64_t)((in[17] ) )) << 34)
| (((int64_t)((in[18] ) )) << 42)
| (((int64_t)((in[19] ) & 0x01)) << 50);
out[3] = (((int64_t)((in[19] >> 1) & 0x7f)) )
| (((int64_t)((in[20] ) )) << 7)
| (((int64_t)((in[21] ) )) << 15)
| (((int64_t)((in[22] ) )) << 23)
| (((int64_t)((in[23] ) )) << 31)
| (((int64_t)((in[24] ) )) << 39)
| (((int64_t)((in[25] ) & 0x0f)) << 47);
out[4] = (((int64_t)((in[25] >> 4) & 0x0f)) )
| (((int64_t)((in[26] ) )) << 4)
| (((int64_t)((in[27] ) )) << 12)
| (((int64_t)((in[28] ) )) << 20)
| (((int64_t)((in[29] ) )) << 28)
| (((int64_t)((in[30] ) )) << 36)
| (((int64_t)((in[31] ) & 0x7f)) << 44);
}
/* Convert a number represented as an array of words to an array of bytes.
* The array of words is normalized to an array of 51-bit data words and if
* greater than the mod, modulo reduced by the prime 2^255 - 1.
*
* n An array of words.
* out An array of bytes.
*/
void fe_tobytes(unsigned char *out, const fe n)
{
fe in;
int64_t c;
in[0] = n[0];
in[1] = n[1];
in[2] = n[2];
in[3] = n[3];
in[4] = n[4];
/* Normalize to 51-bits of data per word. */
in[0] += (in[4] >> 51) * 19; in[4] &= 0x7ffffffffffff;
in[1] += in[0] >> 51; in[0] &= 0x7ffffffffffff;
in[2] += in[1] >> 51; in[1] &= 0x7ffffffffffff;
in[3] += in[2] >> 51; in[2] &= 0x7ffffffffffff;
in[4] += in[3] >> 51; in[3] &= 0x7ffffffffffff;
in[0] += (in[4] >> 51) * 19;
in[4] &= 0x7ffffffffffff;
c = (in[0] + 19) >> 51;
c = (in[1] + c) >> 51;
c = (in[2] + c) >> 51;
c = (in[3] + c) >> 51;
c = (in[4] + c) >> 51;
in[0] += c * 19;
in[1] += in[0] >> 51; in[0] &= 0x7ffffffffffff;
in[2] += in[1] >> 51; in[1] &= 0x7ffffffffffff;
in[3] += in[2] >> 51; in[2] &= 0x7ffffffffffff;
in[4] += in[3] >> 51; in[3] &= 0x7ffffffffffff;
in[4] &= 0x7ffffffffffff;
out[ 0] = (((byte)((in[0] ) )) );
out[ 1] = (((byte)((in[0] >> 8) )) );
out[ 2] = (((byte)((in[0] >> 16) )) );
out[ 3] = (((byte)((in[0] >> 24) )) );
out[ 4] = (((byte)((in[0] >> 32) )) );
out[ 5] = (((byte)((in[0] >> 40) )) );
out[ 6] = (((byte)((in[0] >> 48) & 0x07)) )
| (((byte)((in[1] ) & 0x1f)) << 3);
out[ 7] = (((byte)((in[1] >> 5) )) );
out[ 8] = (((byte)((in[1] >> 13) )) );
out[ 9] = (((byte)((in[1] >> 21) )) );
out[10] = (((byte)((in[1] >> 29) )) );
out[11] = (((byte)((in[1] >> 37) )) );
out[12] = (((byte)((in[1] >> 45) & 0x3f)) )
| (((byte)((in[2] ) & 0x03)) << 6);
out[13] = (((byte)((in[2] >> 2) )) );
out[14] = (((byte)((in[2] >> 10) )) );
out[15] = (((byte)((in[2] >> 18) )) );
out[16] = (((byte)((in[2] >> 26) )) );
out[17] = (((byte)((in[2] >> 34) )) );
out[18] = (((byte)((in[2] >> 42) )) );
out[19] = (((byte)((in[2] >> 50) & 0x01)) )
| (((byte)((in[3] ) & 0x7f)) << 1);
out[20] = (((byte)((in[3] >> 7) )) );
out[21] = (((byte)((in[3] >> 15) )) );
out[22] = (((byte)((in[3] >> 23) )) );
out[23] = (((byte)((in[3] >> 31) )) );
out[24] = (((byte)((in[3] >> 39) )) );
out[25] = (((byte)((in[3] >> 47) & 0x0f)) )
| (((byte)((in[4] ) & 0x0f)) << 4);
out[26] = (((byte)((in[4] >> 4) )) );
out[27] = (((byte)((in[4] >> 12) )) );
out[28] = (((byte)((in[4] >> 20) )) );
out[29] = (((byte)((in[4] >> 28) )) );
out[30] = (((byte)((in[4] >> 36) )) );
out[31] = (((byte)((in[4] >> 44) & 0x7f)) );
}
/* Set the field element to 1.
*
* n The field element number.
*/
void fe_1(fe n)
{
n[0] = 0x0000000000001;
n[1] = 0x0000000000000;
n[2] = 0x0000000000000;
n[3] = 0x0000000000000;
n[4] = 0x0000000000000;
}
/* Set the field element to 0.
*
* n The field element number.
*/
void fe_0(fe n)
{
n[0] = 0x0000000000000;
n[1] = 0x0000000000000;
n[2] = 0x0000000000000;
n[3] = 0x0000000000000;
n[4] = 0x0000000000000;
}
/* Copy field element a into field element r.
*
* r Field element to copy into.
* a Field element to copy.
*/
void fe_copy(fe r, const fe a)
{
r[0] = a[0];
r[1] = a[1];
r[2] = a[2];
r[3] = a[3];
r[4] = a[4];
}
/* Constant time, conditional swap of field elements a and b.
*
* a A field element.
* b A field element.
* c If 1 then swap and if 0 then don't swap.
*/
void fe_cswap(fe a, fe b, int c)
{
int64_t m = c;
int64_t t0, t1, t2, t3, t4;
/* Convert conditional into mask. */
m = -m;
t0 = m & (a[0] ^ b[0]);
t1 = m & (a[1] ^ b[1]);
t2 = m & (a[2] ^ b[2]);
t3 = m & (a[3] ^ b[3]);
t4 = m & (a[4] ^ b[4]);
a[0] ^= t0;
a[1] ^= t1;
a[2] ^= t2;
a[3] ^= t3;
a[4] ^= t4;
b[0] ^= t0;
b[1] ^= t1;
b[2] ^= t2;
b[3] ^= t3;
b[4] ^= t4;
}
/* Subtract b from a into r. (r = a - b)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_sub(fe r, const fe a, const fe b)
{
r[0] = a[0] - b[0];
r[1] = a[1] - b[1];
r[2] = a[2] - b[2];
r[3] = a[3] - b[3];
r[4] = a[4] - b[4];
}
/* Add b to a into r. (r = a + b)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_add(fe r, const fe a, const fe b)
{
r[0] = a[0] + b[0];
r[1] = a[1] + b[1];
r[2] = a[2] + b[2];
r[3] = a[3] + b[3];
r[4] = a[4] + b[4];
}
/* Multiply a and b into r. (r = a * b)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_mul(fe r, const fe a, const fe b)
{
__int128_t t0 = ((__int128_t)a[0]) * b[0];
__int128_t t1 = ((__int128_t)a[0]) * b[1]
+ ((__int128_t)a[1]) * b[0];
__int128_t t2 = ((__int128_t)a[0]) * b[2]
+ ((__int128_t)a[1]) * b[1]
+ ((__int128_t)a[2]) * b[0];
__int128_t t3 = ((__int128_t)a[0]) * b[3]
+ ((__int128_t)a[1]) * b[2]
+ ((__int128_t)a[2]) * b[1]
+ ((__int128_t)a[3]) * b[0];
__int128_t t4 = ((__int128_t)a[0]) * b[4]
+ ((__int128_t)a[1]) * b[3]
+ ((__int128_t)a[2]) * b[2]
+ ((__int128_t)a[3]) * b[1]
+ ((__int128_t)a[4]) * b[0];
__int128_t t5 = ((__int128_t)a[1]) * b[4]
+ ((__int128_t)a[2]) * b[3]
+ ((__int128_t)a[3]) * b[2]
+ ((__int128_t)a[4]) * b[1];
__int128_t t6 = ((__int128_t)a[2]) * b[4]
+ ((__int128_t)a[3]) * b[3]
+ ((__int128_t)a[4]) * b[2];
__int128_t t7 = ((__int128_t)a[3]) * b[4]
+ ((__int128_t)a[4]) * b[3];
__int128_t t8 = ((__int128_t)a[4]) * b[4];
/* Modulo reduce double long word. */
t0 += t5 * 19;
t1 += t6 * 19;
t2 += t7 * 19;
t3 += t8 * 19;
/* Normalize to 51-bits of data per word. */
t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff;
t1 += t0 >> 51; r[0] = t0 & 0x7ffffffffffff;
t2 += t1 >> 51; r[1] = t1 & 0x7ffffffffffff;
t3 += t2 >> 51; r[2] = t2 & 0x7ffffffffffff;
t4 += t3 >> 51; r[3] = t3 & 0x7ffffffffffff;
r[0] += (t4 >> 51) * 19;
r[4] = t4 & 0x7ffffffffffff;
}
/* Square a and put result in r. (r = a * a)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_sq(fe r, const fe a)
{
__int128_t t0 = ((__int128_t)a[0]) * a[0];
__int128_t t1 = ((__int128_t)a[0]) * a[1] * 2;
__int128_t t2 = ((__int128_t)a[0]) * a[2] * 2
+ ((__int128_t)a[1]) * a[1];
__int128_t t3 = ((__int128_t)a[0]) * a[3] * 2
+ ((__int128_t)a[1]) * a[2] * 2;
__int128_t t4 = ((__int128_t)a[0]) * a[4] * 2
+ ((__int128_t)a[1]) * a[3] * 2
+ ((__int128_t)a[2]) * a[2];
__int128_t t5 = ((__int128_t)a[1]) * a[4] * 2
+ ((__int128_t)a[2]) * a[3] * 2;
__int128_t t6 = ((__int128_t)a[2]) * a[4] * 2
+ ((__int128_t)a[3]) * a[3];
__int128_t t7 = ((__int128_t)a[3]) * a[4] * 2;
__int128_t t8 = ((__int128_t)a[4]) * a[4];
/* Modulo reduce double long word. */
t0 += t5 * 19;
t1 += t6 * 19;
t2 += t7 * 19;
t3 += t8 * 19;
/* Normalize to 51-bits of data per word. */
t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff;
t1 += t0 >> 51; r[0] = t0 & 0x7ffffffffffff;
t2 += t1 >> 51; r[1] = t1 & 0x7ffffffffffff;
t3 += t2 >> 51; r[2] = t2 & 0x7ffffffffffff;
t4 += t3 >> 51; r[3] = t3 & 0x7ffffffffffff;
r[0] += (t4 >> 51) * 19;
r[4] = t4 & 0x7ffffffffffff;
}
/* Multiply a by 121666 and put result in r. (r = 121666 * a)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_mul121666(fe r, fe a)
{
__int128_t t0 = ((__int128_t)a[0]) * (int64_t)121666;
__int128_t t1 = ((__int128_t)a[1]) * (int64_t)121666;
__int128_t t2 = ((__int128_t)a[2]) * (int64_t)121666;
__int128_t t3 = ((__int128_t)a[3]) * (int64_t)121666;
__int128_t t4 = ((__int128_t)a[4]) * (int64_t)121666;
/* Normalize to 51-bits of data per word. */
t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff;
t1 += t0 >> 51; r[0] = t0 & 0x7ffffffffffff;
t2 += t1 >> 51; r[1] = t1 & 0x7ffffffffffff;
t3 += t2 >> 51; r[2] = t2 & 0x7ffffffffffff;
t4 += t3 >> 51; r[3] = t3 & 0x7ffffffffffff;
r[0] += (t4 >> 51) * 19;
r[4] = t4 & 0x7ffffffffffff;
}
/* Find the inverse of a modulo 2^255 - 1 and put result in r.
* (r * a) mod (2^255 - 1) = 1
* Implementation is constant time.
*
* r A field element.
* a A field element.
*/
void fe_invert(fe r, const fe a)
{
fe t0, t1, t2, t3;
int i;
/* a ^ (2^255 - 21) */
fe_sq(t0, a); for (i = 1; i < 1; ++i) fe_sq(t0, t0);
fe_sq(t1, t0); for (i = 1; i < 2; ++i) fe_sq(t1, t1); fe_mul(t1, a, t1);
fe_mul(t0, t0, t1);
fe_sq(t2, t0); for (i = 1; i < 1; ++i) fe_sq(t2, t2); fe_mul(t1, t1, t2);
fe_sq(t2, t1); for (i = 1; i < 5; ++i) fe_sq(t2, t2); fe_mul(t1, t2, t1);
fe_sq(t2, t1); for (i = 1; i < 10; ++i) fe_sq(t2, t2); fe_mul(t2, t2, t1);
fe_sq(t3, t2); for (i = 1; i < 20; ++i) fe_sq(t3, t3); fe_mul(t2, t3, t2);
fe_sq(t2, t2); for (i = 1; i < 10; ++i) fe_sq(t2, t2); fe_mul(t1, t2, t1);
fe_sq(t2, t1); for (i = 1; i < 50; ++i) fe_sq(t2, t2); fe_mul(t2, t2, t1);
fe_sq(t3, t2); for (i = 1; i < 100; ++i) fe_sq(t3, t3); fe_mul(t2, t3, t2);
fe_sq(t2, t2); for (i = 1; i < 50; ++i) fe_sq(t2, t2); fe_mul(t1, t2, t1);
fe_sq(t1, t1); for (i = 1; i < 5; ++i) fe_sq(t1, t1); fe_mul( r, t1, t0);
}
/* Scalar multiply the field element a by n using Montgomery Ladder and places
* result in r.
*
* r A field element as an array of bytes.
* n The scalar as an array of bytes.
* a A field element as an array of bytes.
*/
int curve25519(byte* r, byte* n, byte* a)
{
fe x1, x2, z2, x3, z3;
fe t0, t1;
int pos;
unsigned int swap;
unsigned int b;
fe_frombytes(x1, a);
fe_1(x2);
fe_0(z2);
fe_copy(x3, x1);
fe_1(z3);
swap = 0;
for (pos = 254;pos >= 0;--pos) {
b = n[pos / 8] >> (pos & 7);
b &= 1;
swap ^= b;
fe_cswap(x2, x3, swap);
fe_cswap(z2, z3, swap);
swap = b;
fe_sub(t0, x3, z3);
fe_sub(t1, x2, z2);
fe_add(x2, x2, z2);
fe_add(z2, x3, z3);
fe_mul(z3, t0, x2);
fe_mul(z2, z2, t1);
fe_sq(t0, t1);
fe_sq(t1, x2);
fe_add(x3, z3, z2);
fe_sub(z2, z3, z2);
fe_mul(x2, t1, t0);
fe_sub(t1, t1, t0);
fe_sq(z2, z2);
fe_mul121666(z3, t1);
fe_sq(x3, x3);
fe_add(t0, t0, z3);
fe_mul(z3, x1, z2);
fe_mul(z2, t1, t0);
}
fe_cswap(x2, x3, swap);
fe_cswap(z2, z3, swap);
fe_invert(z2, z2);
fe_mul(x2, x2, z2);
fe_tobytes(r, x2);
return 0;
}
/* The field element value 0 as an array of bytes. */
static const unsigned char zero[32] = {0};
/* Constant time check as to whether a is a not 0.
*
* a A field element.
*/
int fe_isnonzero(const fe a)
{
unsigned char s[32];
fe_tobytes(s, a);
return ConstantCompare(s, zero, 32);
}
/* Checks whether a is negative.
*
* a A field element.
*/
int fe_isnegative(const fe a)
{
unsigned char s[32];
fe_tobytes(s, a);
return s[0] & 1;
}
/* Negates field element a and stores the result in r.
*
* r A field element.
* a A field element.
*/
void fe_neg(fe r, const fe a)
{
r[0] = -a[0];
r[1] = -a[1];
r[2] = -a[2];
r[3] = -a[3];
r[4] = -a[4];
}
/* Constant time, conditional move of b into a.
* a is not changed if the condition is 0.
*
* a A field element.
* b A field element.
* c If 1 then copy and if 0 then don't copy.
*/
void fe_cmov(fe a, const fe b, int c)
{
int64_t m = c;
int64_t t0, t1, t2, t3, t4;
/* Convert conditional into mask. */
m = -m;
t0 = m & (a[0] ^ b[0]);
t1 = m & (a[1] ^ b[1]);
t2 = m & (a[2] ^ b[2]);
t3 = m & (a[3] ^ b[3]);
t4 = m & (a[4] ^ b[4]);
a[0] ^= t0;
a[1] ^= t1;
a[2] ^= t2;
a[3] ^= t3;
a[4] ^= t4;
}
void fe_pow22523(fe r, const fe a)
{
fe t0, t1, t2;
int i;
/* a ^ (2^255 - 23) */
fe_sq(t0, a); for (i = 1; i < 1; ++i) fe_sq(t0, t0);
fe_sq(t1, t0); for (i = 1; i < 2; ++i) fe_sq(t1, t1); fe_mul(t1, a, t1);
fe_mul(t0, t0, t1);
fe_sq(t0, t0); for (i = 1; i < 1; ++i) fe_sq(t0, t0); fe_mul(t0, t1, t0);
fe_sq(t1, t0); for (i = 1; i < 5; ++i) fe_sq(t1, t1); fe_mul(t0, t1, t0);
fe_sq(t1, t0); for (i = 1; i < 10; ++i) fe_sq(t1, t1); fe_mul(t1, t1, t0);
fe_sq(t2, t1); for (i = 1; i < 20; ++i) fe_sq(t2, t2); fe_mul(t1, t2, t1);
fe_sq(t1, t1); for (i = 1; i < 10; ++i) fe_sq(t1, t1); fe_mul(t0, t1, t0);
fe_sq(t1, t0); for (i = 1; i < 50; ++i) fe_sq(t1, t1); fe_mul(t1, t1, t0);
fe_sq(t2, t1); for (i = 1; i < 100; ++i) fe_sq(t2, t2); fe_mul(t1, t2, t1);
fe_sq(t1, t1); for (i = 1; i < 50; ++i) fe_sq(t1, t1); fe_mul(t0, t1, t0);
fe_sq(t0, t0); for (i = 1; i < 2; ++i) fe_sq(t0, t0); fe_mul( r, t0, a);
return;
}
/* Double the square of a and put result in r. (r = 2 * a * a)
*
* r A field element.
* a A field element.
* b A field element.
*/
void fe_sq2(fe r, const fe a)
{
__int128_t t0 = 2 * (((__int128_t)a[0]) * a[0]);
__int128_t t1 = 2 * (((__int128_t)a[0]) * a[1] * 2);
__int128_t t2 = 2 * (((__int128_t)a[0]) * a[2] * 2
+ ((__int128_t)a[1]) * a[1]);
__int128_t t3 = 2 * (((__int128_t)a[0]) * a[3] * 2
+ ((__int128_t)a[1]) * a[2] * 2);
__int128_t t4 = 2 * (((__int128_t)a[0]) * a[4] * 2
+ ((__int128_t)a[1]) * a[3] * 2
+ ((__int128_t)a[2]) * a[2]);
__int128_t t5 = 2 * (((__int128_t)a[1]) * a[4] * 2
+ ((__int128_t)a[2]) * a[3] * 2);
__int128_t t6 = 2 * (((__int128_t)a[2]) * a[4] * 2
+ ((__int128_t)a[3]) * a[3]);
__int128_t t7 = 2 * (((__int128_t)a[3]) * a[4] * 2);
__int128_t t8 = 2 * (((__int128_t)a[4]) * a[4]);
/* Modulo reduce double long word. */
t0 += t5 * 19;
t1 += t6 * 19;
t2 += t7 * 19;
t3 += t8 * 19;
/* Normalize to 51-bits of data per word. */
t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff;
t1 += t0 >> 51; r[0] = t0 & 0x7ffffffffffff;
t2 += t1 >> 51; r[1] = t1 & 0x7ffffffffffff;
t3 += t2 >> 51; r[2] = t2 & 0x7ffffffffffff;
t4 += t3 >> 51; r[3] = t3 & 0x7ffffffffffff;
r[0] += (t4 >> 51) * 19;
r[4] = t4 & 0x7ffffffffffff;
}
/* Load 3 little endian bytes into a 64-bit word.
*
* in An array of bytes.
* returns a 64-bit word.
*/
uint64_t load_3(const unsigned char *in)
{
uint64_t result;
result = ((((uint64_t)in[0]) ) |
(((uint64_t)in[1]) << 8) |
(((uint64_t)in[2]) << 16));
return result;
}
/* Load 4 little endian bytes into a 64-bit word.
*
* in An array of bytes.
* returns a 64-bit word.
*/
uint64_t load_4(const unsigned char *in)
{
uint64_t result;
result = ((((uint64_t)in[0]) ) |
(((uint64_t)in[1]) << 8) |
(((uint64_t)in[2]) << 16) |
(((uint64_t)in[3]) << 24));
return result;
}

1550
wolfcrypt/src/ge_operations.c
View File

File diff suppressed because it is too large Load Diff

380
wolfcrypt/src/hash.c
View File

@@ -166,7 +166,7 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
if (hash_len < dig_size) {
return BUFFER_E;
}
/* Suppress possible unused arg if all hashing is disabled */
(void)data;
(void)data_len;
@@ -236,41 +236,32 @@ int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type)
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
wc_InitMd5(&hash->md5);
ret = 0;
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
ret = wc_InitSha(&hash->sha);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
ret = wc_InitSha224(&hash->sha224);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
ret = wc_InitSha256(&hash->sha256);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
ret = wc_InitSha384(&hash->sha384);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_InitSha512(&hash->sha512);
if (ret != 0)
return ret;
#endif
break;
@@ -280,10 +271,10 @@ int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type)
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
return BAD_FUNC_ARG;
ret = BAD_FUNC_ARG;
};
return 0;
return ret;
}
int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
@@ -298,41 +289,34 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
wc_Md5Update(&hash->md5, data, dataSz);
ret = 0;
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
ret = wc_ShaUpdate(&hash->sha, data, dataSz);
if (ret != 0)
#endif
return ret;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
ret = wc_Sha224Update(&hash->sha224, data, dataSz);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
ret = wc_Sha256Update(&hash->sha256, data, dataSz);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
ret = wc_Sha384Update(&hash->sha384, data, dataSz);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Update(&hash->sha512, data, dataSz);
if (ret != 0)
return ret;
#endif
break;
@@ -342,10 +326,10 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
return BAD_FUNC_ARG;
ret = BAD_FUNC_ARG;
};
return 0;
return ret;
}
int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
@@ -359,41 +343,32 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
wc_Md5Final(&hash->md5, out);
ret = 0;
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
ret = wc_ShaFinal(&hash->sha, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
ret = wc_Sha224Final(&hash->sha224, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
ret = wc_Sha256Final(&hash->sha256, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
ret = wc_Sha384Final(&hash->sha384, out);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Final(&hash->sha512, out);
if (ret != 0)
return ret;
#endif
break;
@@ -403,92 +378,80 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
return BAD_FUNC_ARG;
ret = BAD_FUNC_ARG;
};
return 0;
return ret;
}
#if !defined(WOLFSSL_TI_HASH)
#if !defined(NO_MD5)
void wc_Md5GetHash(Md5* md5, byte* hash)
{
Md5 save = *md5 ;
wc_Md5Final(md5, hash) ;
*md5 = save ;
}
int wc_Md5Hash(const byte* data, word32 len, byte* hash)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
Md5* md5;
#else
Md5 md5[1];
#endif
WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
*m1 = *m2 ;
}
#ifdef WOLFSSL_SMALL_STACK
md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5 == NULL)
return MEMORY_E;
#endif
#endif
ret = wc_InitMd5(md5);
if (ret == 0) {
ret = wc_Md5Update(md5, data, len);
if (ret == 0) {
ret = wc_Md5Final(md5, hash);
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !NO_MD5 */
#if !defined(NO_SHA)
int wc_ShaGetHash(Sha* sha, byte* hash)
{
int ret ;
Sha save = *sha ;
ret = wc_ShaFinal(sha, hash) ;
*sha = save ;
return ret ;
}
int wc_ShaHash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha* sha;
#else
Sha sha[1];
#endif
void wc_ShaRestorePos(Sha* s1, Sha* s2) {
*s1 = *s2 ;
}
#ifdef WOLFSSL_SMALL_STACK
sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha == NULL)
return MEMORY_E;
#endif
int wc_ShaHash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha* sha;
#else
Sha sha[1];
#endif
if ((ret = wc_InitSha(sha)) != 0) {
WOLFSSL_MSG("wc_InitSha failed");
}
else {
wc_ShaUpdate(sha, data, len);
wc_ShaFinal(sha, hash);
}
#ifdef WOLFSSL_SMALL_STACK
sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha == NULL)
return MEMORY_E;
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if ((ret = wc_InitSha(sha)) != 0) {
WOLFSSL_MSG("wc_InitSha failed");
return ret;
}
else {
wc_ShaUpdate(sha, data, len);
wc_ShaFinal(sha, hash);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !defined(NO_SHA) */
#endif /* !NO_SHA */
#if defined(WOLFSSL_SHA224)
int wc_Sha224GetHash(Sha224* sha224, byte* hash)
{
int ret;
Sha224 save;
if (sha224 == NULL || hash == NULL)
return BAD_FUNC_ARG;
save= *sha224;
ret = wc_Sha224Final(sha224, hash);
*sha224 = save;
return ret;
}
int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
@@ -520,154 +483,109 @@ int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
return ret;
}
#endif /* defined(WOLFSSL_SHA224) */
#endif /* WOLFSSL_SHA224 */
#if !defined(NO_SHA256)
int wc_Sha256GetHash(Sha256* sha256, byte* hash)
{
int ret ;
Sha256 save = *sha256 ;
ret = wc_Sha256Final(sha256, hash) ;
*sha256 = save ;
return ret ;
}
int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha256* sha256;
#else
Sha256 sha256[1];
#endif
void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
*s1 = *s2 ;
}
#ifdef WOLFSSL_SMALL_STACK
sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
return MEMORY_E;
#endif
int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha256* sha256;
#else
Sha256 sha256[1];
#endif
if ((ret = wc_InitSha256(sha256)) != 0) {
WOLFSSL_MSG("InitSha256 failed");
}
else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
WOLFSSL_MSG("Sha256Update failed");
}
else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
WOLFSSL_MSG("Sha256Final failed");
}
#ifdef WOLFSSL_SMALL_STACK
sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
return MEMORY_E;
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if ((ret = wc_InitSha256(sha256)) != 0) {
WOLFSSL_MSG("InitSha256 failed");
return ret;
}
else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
WOLFSSL_MSG("Sha256Update failed");
}
else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
WOLFSSL_MSG("Sha256Final failed");
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !defined(NO_SHA256) */
#endif /* !NO_SHA256 */
#endif /* !defined(WOLFSSL_TI_HASH) */
#if defined(WOLFSSL_SHA512)
int wc_Sha512GetHash(Sha512* sha512, byte* hash)
{
int ret;
Sha512 save;
int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512;
#else
Sha512 sha512[1];
#endif
if (sha512 == NULL || hash == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL)
return MEMORY_E;
#endif
save= *sha512;
ret = wc_Sha512Final(sha512, hash);
*sha512 = save;
if ((ret = wc_InitSha512(sha512)) != 0) {
WOLFSSL_MSG("InitSha512 failed");
}
else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
WOLFSSL_MSG("Sha512Update failed");
}
else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
WOLFSSL_MSG("Sha512Final failed");
}
return ret;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha512* sha512;
#else
Sha512 sha512[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL)
return MEMORY_E;
#endif
if ((ret = wc_InitSha512(sha512)) != 0) {
WOLFSSL_MSG("InitSha512 failed");
}
else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
WOLFSSL_MSG("Sha512Update failed");
}
else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
WOLFSSL_MSG("Sha512Final failed");
return ret;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if defined(WOLFSSL_SHA384)
int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha384* sha384;
#else
Sha384 sha384[1];
#endif
return ret;
}
#ifdef WOLFSSL_SMALL_STACK
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha384 == NULL)
return MEMORY_E;
#endif
#if defined(WOLFSSL_SHA384)
int wc_Sha384GetHash(Sha384* sha384, byte* hash)
{
int ret;
Sha384 save;
if ((ret = wc_InitSha384(sha384)) != 0) {
WOLFSSL_MSG("InitSha384 failed");
}
else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
WOLFSSL_MSG("Sha384Update failed");
}
else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
WOLFSSL_MSG("Sha384Final failed");
}
if (sha384 == NULL || hash == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
save= *sha384;
ret = wc_Sha384Final(sha384, hash);
*sha384 = save;
return ret;
}
int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha384* sha384;
#else
Sha384 sha384[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha384 == NULL)
return MEMORY_E;
#endif
if ((ret = wc_InitSha384(sha384)) != 0) {
WOLFSSL_MSG("InitSha384 failed");
}
else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
WOLFSSL_MSG("Sha384Update failed");
}
else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
WOLFSSL_MSG("Sha384Final failed");
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* defined(WOLFSSL_SHA384) */
#endif /* defined(WOLFSSL_SHA512) */
return ret;
}
#endif /* WOLFSSL_SHA384 */
#endif /* WOLFSSL_SHA512 */

1012
wolfcrypt/src/hmac.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

12
wolfcrypt/src/include.am
View File

@@ -1,7 +1,9 @@
# vim:ft=automake
# All paths should be given relative to the root
EXTRA_DIST += src/bio.c
EXTRA_DIST += wolfcrypt/src/misc.c
EXTRA_DIST += wolfcrypt/src/evp.c
EXTRA_DIST += wolfcrypt/src/asm.c
EXTRA_DIST += wolfcrypt/src/aes_asm.asm
@@ -37,7 +39,8 @@ EXTRA_DIST += \
wolfcrypt/src/fp_sqr_comba_7.i \
wolfcrypt/src/fp_sqr_comba_8.i \
wolfcrypt/src/fp_sqr_comba_9.i \
wolfcrypt/src/fp_sqr_comba_small_set.i
wolfcrypt/src/fp_sqr_comba_small_set.i \
wolfcrypt/src/fe_x25519_128.i
EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/ti/ti-des3.c \
@@ -56,3 +59,10 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c
EXTRA_DIST += wolfcrypt/src/port/cavium/README.md
endif
if BUILD_INTEL_QA
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/intel/quickassist.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/intel/quickassist_mem.c
EXTRA_DIST += wolfcrypt/src/port/intel/README.md
endif

275
wolfcrypt/src/integer.c
View File

@@ -47,6 +47,9 @@
#include <wolfssl/wolfcrypt/integer.h>
#if defined(FREESCALE_LTC_TFM)
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#ifdef WOLFSSL_DEBUG_MATH
#include <stdio.h>
#endif
@@ -142,29 +145,21 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
/* init a new mp_int */
int mp_init (mp_int * a)
{
int i;
/* Safeguard against passing in a null pointer */
if (a == NULL)
return MP_VAL;
/* allocate memory required and clear it */
a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * MP_PREC, 0,
DYNAMIC_TYPE_BIGINT);
if (a->dp == NULL) {
return MP_MEM;
}
/* set the digits to zero */
for (i = 0; i < MP_PREC; i++) {
a->dp[i] = 0;
}
/* defer allocation until mp_grow */
a->dp = NULL;
/* set the used to zero, allocated digits to the default precision
* and sign to positive */
a->used = 0;
a->alloc = MP_PREC;
a->alloc = 0;
a->sign = MP_ZPOS;
#ifdef HAVE_WOLF_BIGINT
wc_bigint_init(&a->raw);
#endif
return MP_OKAY;
}
@@ -186,15 +181,28 @@ void mp_clear (mp_int * a)
}
/* free ram */
XFREE(a->dp, 0, DYNAMIC_TYPE_BIGINT);
mp_free(a);
/* reset members to make debugging easier */
a->dp = NULL;
a->alloc = a->used = 0;
a->sign = MP_ZPOS;
}
}
void mp_free (mp_int * a)
{
/* only do anything if a hasn't been freed previously */
if (a->dp != NULL) {
/* free ram */
XFREE(a->dp, 0, DYNAMIC_TYPE_BIGINT);
a->dp = NULL;
}
#ifdef HAVE_WOLF_BIGINT
wc_bigint_free(&a->raw);
#endif
}
void mp_forcezero(mp_int * a)
{
if (a == NULL)
@@ -206,10 +214,9 @@ void mp_forcezero(mp_int * a)
ForceZero(a->dp, a->used * sizeof(mp_digit));
/* free ram */
XFREE(a->dp, 0, DYNAMIC_TYPE_BIGINT);
mp_free(a);
/* reset members to make debugging easier */
a->dp = NULL;
a->alloc = a->used = 0;
a->sign = MP_ZPOS;
}
@@ -272,6 +279,22 @@ int mp_leading_bit (mp_int * a)
return bit;
}
int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b)
{
int res = 0;
while (mp_iszero(t) == MP_NO) {
#ifndef MP_8BIT
b[x++] = (unsigned char) (t->dp[0] & 255);
#else
b[x++] = (unsigned char) (t->dp[0] | ((t->dp[1] & 0x01) << 7));
#endif
if ((res = mp_div_2d (t, 8, t, NULL)) != MP_OKAY) {
return res;
}
res = x;
}
return res;
}
/* store in unsigned [big endian] format */
int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
@@ -283,21 +306,15 @@ int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
return res;
}
x = 0;
while (mp_iszero (&t) == MP_NO) {
#ifndef MP_8BIT
b[x++] = (unsigned char) (t.dp[0] & 255);
#else
b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7));
#endif
if ((res = mp_div_2d (&t, 8, &t, NULL)) != MP_OKAY) {
mp_clear (&t);
return res;
}
x = mp_to_unsigned_bin_at_pos(0, &t, b);
if (x < 0) {
mp_clear(&t);
return x;
}
bn_reverse (b, x);
mp_clear (&t);
return MP_OKAY;
return res;
}
@@ -328,7 +345,7 @@ int mp_copy (mp_int * a, mp_int * b)
}
/* grow dest */
if (b->alloc < a->used) {
if (b->alloc < a->used || b->alloc == 0) {
if ((res = mp_grow (b, a->used)) != MP_OKAY) {
return res;
}
@@ -352,7 +369,7 @@ int mp_copy (mp_int * a, mp_int * b)
}
/* clear high digits */
for (; n < b->used; n++) {
for (; n < b->used && b->dp; n++) {
*tmpb++ = 0;
}
}
@@ -371,7 +388,7 @@ int mp_grow (mp_int * a, int size)
mp_digit *tmp;
/* if the alloc size is smaller alloc more ram */
if (a->alloc < size) {
if (a->alloc < size || size == 0) {
/* ensure there are always at least MP_PREC digits extra on top */
size += (MP_PREC * 2) - (size % MP_PREC);
@@ -381,8 +398,8 @@ int mp_grow (mp_int * a, int size)
* in case the operation failed we don't want
* to overwrite the dp member of a.
*/
tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size, 0,
DYNAMIC_TYPE_BIGINT);
tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size, NULL,
DYNAMIC_TYPE_BIGINT);
if (tmp == NULL) {
/* reallocation failed but "a" is still valid [can be freed] */
return MP_MEM;
@@ -467,6 +484,9 @@ void mp_zero (mp_int * a)
a->sign = MP_ZPOS;
a->used = 0;
#ifdef HAVE_WOLF_BIGINT
wc_bigint_zero(&a->raw);
#endif
tmp = a->dp;
for (n = 0; n < a->alloc; n++) {
@@ -540,6 +560,7 @@ void mp_rshb (mp_int *c, int x)
/* set the carry to the carry bits of the current word found above */
r = rr;
}
mp_clamp(c);
}
@@ -781,7 +802,11 @@ int mp_lshd (mp_int * a, int b)
* embedded in the normal function but that wasted a lot of stack space
* for nothing (since 99% of the time the Montgomery code would be called)
*/
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
#else
int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
#endif
{
int dr;
@@ -892,7 +917,11 @@ int mp_abs (mp_int * a, mp_int * b)
/* hac 14.61, pp608 */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_invmod(mp_int * a, mp_int * b, mp_int * c)
#else
int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
#endif
{
/* b cannot be negative */
if (b->sign == MP_NEG || mp_iszero(b) == MP_YES) {
@@ -950,7 +979,9 @@ int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
if ((res = mp_copy (&y, &v)) != MP_OKAY) {
goto LBL_ERR;
}
mp_set (&D, 1);
if ((res = mp_set (&D, 1)) != MP_OKAY) {
goto LBL_ERR;
}
top:
/* 4. while u is even do */
@@ -1104,8 +1135,12 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
if ((res = mp_copy (&y, &v)) != MP_OKAY) {
goto LBL_ERR;
}
mp_set (&A, 1);
mp_set (&D, 1);
if ((res = mp_set (&A, 1)) != MP_OKAY) {
goto LBL_ERR;
}
if ((res = mp_set (&D, 1)) != MP_OKAY) {
goto LBL_ERR;
}
top:
/* 4. while u is even do */
@@ -1288,8 +1323,12 @@ int mp_cmp (mp_int * a, mp_int * b)
/* compare a digit */
int mp_cmp_d(mp_int * a, mp_digit b)
{
/* special case for zero*/
if (a->used == 0 && b == 0)
return MP_EQ;
/* compare based on sign */
if (a->sign == MP_NEG) {
if ((b && a->used == 0) || a->sign == MP_NEG) {
return MP_LT;
}
@@ -1310,11 +1349,16 @@ int mp_cmp_d(mp_int * a, mp_digit b)
/* set to a digit */
void mp_set (mp_int * a, mp_digit b)
int mp_set (mp_int * a, mp_digit b)
{
int res;
mp_zero (a);
a->dp[0] = (mp_digit)(b & MP_MASK);
a->used = (a->dp[0] != 0) ? 1 : 0;
res = mp_grow (a, 1);
if (res == MP_OKAY) {
a->dp[0] = (mp_digit)(b & MP_MASK);
a->used = (a->dp[0] != 0) ? 1 : 0;
}
return res;
}
/* chek if a bit is set */
@@ -1327,7 +1371,11 @@ int mp_is_bit_set (mp_int *a, mp_digit b)
}
/* c = a mod b, 0 <= c < b */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mod(mp_int * a, mp_int * b, mp_int * c)
#else
int mp_mod (mp_int * a, mp_int * b, mp_int * c)
#endif
{
mp_int t;
int res;
@@ -1382,8 +1430,9 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
return res;
}
mp_set(&tq, 1);
if ((res = mp_set(&tq, 1)) != MP_OKAY) {
return res;
}
n = mp_count_bits(a) - mp_count_bits(b);
if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
((res = mp_abs(b, &tb)) != MP_OKAY) ||
@@ -1509,31 +1558,31 @@ int mp_add (mp_int * a, mp_int * b, mp_int * c)
int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
{
mp_int *x;
int olduse, res, min, max;
int olduse, res, min_ab, max_ab;
/* find sizes, we let |a| <= |b| which means we have to sort
* them. "x" will point to the input with the most digits
*/
if (a->used > b->used) {
min = b->used;
max = a->used;
min_ab = b->used;
max_ab = a->used;
x = a;
} else {
min = a->used;
max = b->used;
min_ab = a->used;
max_ab = b->used;
x = b;
}
/* init result */
if (c->alloc < max + 1) {
if ((res = mp_grow (c, max + 1)) != MP_OKAY) {
if (c->alloc < max_ab + 1) {
if ((res = mp_grow (c, max_ab + 1)) != MP_OKAY) {
return res;
}
}
/* get old used digit count and set new one */
olduse = c->used;
c->used = max + 1;
c->used = max_ab + 1;
{
mp_digit u, *tmpa, *tmpb, *tmpc;
@@ -1552,7 +1601,7 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
/* zero the carry */
u = 0;
for (i = 0; i < min; i++) {
for (i = 0; i < min_ab; i++) {
/* Compute the sum at one digit, T[i] = A[i] + B[i] + U */
*tmpc = *tmpa++ + *tmpb++ + u;
@@ -1566,8 +1615,8 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
/* now copy higher words if any, that is in A+B
* if A or B has more digits add those in
*/
if (min != max) {
for (; i < max; i++) {
if (min_ab != max_ab) {
for (; i < max_ab; i++) {
/* T[i] = X[i] + U */
*tmpc = x->dp[i] + u;
@@ -1596,20 +1645,25 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
/* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */
int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
{
int olduse, res, min, max;
int olduse, res, min_b, max_a;
/* find sizes */
min = b->used;
max = a->used;
min_b = b->used;
max_a = a->used;
/* init result */
if (c->alloc < max) {
if ((res = mp_grow (c, max)) != MP_OKAY) {
if (c->alloc < max_a) {
if ((res = mp_grow (c, max_a)) != MP_OKAY) {
return res;
}
}
/* sanity check on destination */
if (c->dp == NULL)
return MP_VAL;
olduse = c->used;
c->used = max;
c->used = max_a;
{
mp_digit u, *tmpa, *tmpb, *tmpc;
@@ -1622,7 +1676,7 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
/* set carry to zero */
u = 0;
for (i = 0; i < min; i++) {
for (i = 0; i < min_b; i++) {
/* T[i] = A[i] - B[i] - U */
*tmpc = *tmpa++ - *tmpb++ - u;
@@ -1638,7 +1692,7 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
}
/* now copy higher words if any, e.g. if A has more digits than B */
for (; i < max; i++) {
for (; i < max_a; i++) {
/* T[i] = A[i] - U */
*tmpc = *tmpa++ - u;
@@ -1941,7 +1995,9 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
goto LBL_RES;
}
} else {
mp_set(&res, 1);
if ((err = mp_set(&res, 1)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) {
goto LBL_RES;
}
@@ -2169,7 +2225,7 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
}
#ifdef WOLFSSL_SMALL_STACK
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -2296,7 +2352,7 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
mp_clamp (x);
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
XFREE(W, NULL, DYNAMIC_TYPE_BIGINT);
#endif
/* if A >= m then A = A - m */
@@ -2647,7 +2703,11 @@ int mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
/* d = a * b (mod c) */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
#else
int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
#endif
{
int res;
mp_int t;
@@ -2732,7 +2792,11 @@ int mp_sqr (mp_int * a, mp_int * b)
/* high level multiplication (handles sign) */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mul(mp_int *a, mp_int *b, mp_int *c)
#else
int mp_mul (mp_int * a, mp_int * b, mp_int * c)
#endif
{
int res, neg;
neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
@@ -2893,7 +2957,7 @@ int mp_init_size (mp_int * a, int size)
size += (MP_PREC * 2) - (size % MP_PREC);
/* alloc mem */
a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, 0,
a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, NULL,
DYNAMIC_TYPE_BIGINT);
if (a->dp == NULL) {
return MP_MEM;
@@ -2903,6 +2967,9 @@ int mp_init_size (mp_int * a, int size)
a->used = 0;
a->alloc = size;
a->sign = MP_ZPOS;
#ifdef HAVE_WOLF_BIGINT
wc_bigint_init(&a->raw);
#endif
/* zero the digits */
for (x = 0; x < size; x++) {
@@ -2946,7 +3013,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -3019,7 +3086,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
mp_clamp (b);
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
XFREE(W, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return MP_OKAY;
@@ -3065,7 +3132,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -3123,7 +3190,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
mp_clamp (c);
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
XFREE(W, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return MP_OKAY;
@@ -3283,7 +3350,9 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b)
return res;
}
} else {
mp_set(a, 1);
if ((res = mp_set(a, 1)) != MP_OKAY) {
return res;
}
bits = 1;
}
@@ -3422,7 +3491,9 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
if ((err = mp_init (&res)) != MP_OKAY) {
goto LBL_MU;
}
mp_set (&res, 1);
if ((err = mp_set (&res, 1)) != MP_OKAY) {
goto LBL_MU;
}
/* set initial mode and bit cnt */
mode = 0;
@@ -3609,7 +3680,8 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
/* If x < 0, add b**(k+1) to it */
if (mp_cmp_d (x, 0) == MP_LT) {
mp_set (&q, 1);
if ((res = mp_set (&q, 1)) != MP_OKAY)
goto CLEANUP;
if ((res = mp_lshd (&q, um + 1)) != MP_OKAY)
goto CLEANUP;
if ((res = mp_add (x, &q, x)) != MP_OKAY)
@@ -3722,7 +3794,7 @@ int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
pa = a->used;
pb = b->used;
for (ix = 0; ix < pa; ix++) {
for (ix = 0; ix < pa && a->dp; ix++) {
/* clear the carry */
u = 0;
@@ -3787,7 +3859,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -3795,7 +3867,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* number of output digits to produce */
pa = a->used + b->used;
_W = 0;
for (ix = digs; ix < pa; ix++) {
for (ix = digs; ix < pa && a->dp; ix++) {
int tx, ty, iy;
mp_digit *tmpx, *tmpy;
@@ -3845,32 +3917,40 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
mp_clamp (c);
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
XFREE(W, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return MP_OKAY;
}
/* set a 32-bit const */
#ifndef MP_SET_CHUNK_BITS
#define MP_SET_CHUNK_BITS 4
#endif
int mp_set_int (mp_int * a, unsigned long b)
{
int x, res;
int x, res;
/* use direct mp_set if b is less than mp_digit max */
if (b < MP_DIGIT_MAX) {
return mp_set (a, (mp_digit)b);
}
mp_zero (a);
/* set four bits at a time */
for (x = 0; x < 8; x++) {
/* shift the number up four bits */
if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
/* set chunk bits at a time */
for (x = 0; x < (int)(sizeof(b) * 8) / MP_SET_CHUNK_BITS; x++) {
/* shift the number up chunk bits */
if ((res = mp_mul_2d (a, MP_SET_CHUNK_BITS, a)) != MP_OKAY) {
return res;
}
/* OR in the top four bits of the source */
a->dp[0] |= (b >> 28) & 15;
/* OR in the top bits of the source */
a->dp[0] |= (b >> ((sizeof(b) * 8) - MP_SET_CHUNK_BITS)) &
((1 << MP_SET_CHUNK_BITS) - 1);
/* shift the source up to the next four bits */
b <<= 4;
/* shift the source up to the next chunk bits */
b <<= MP_SET_CHUNK_BITS;
/* ensure that digits are not clamped off */
a->used += 1;
@@ -4083,7 +4163,7 @@ static const int lnz[16] = {
int mp_cnt_lsb(mp_int *a)
{
int x;
mp_digit q, qq;
mp_digit q = 0, qq;
/* easy out */
if (mp_iszero(a) == MP_YES) {
@@ -4092,7 +4172,8 @@ int mp_cnt_lsb(mp_int *a)
/* scan lower digits until non-zero */
for (x = 0; x < a->used && a->dp[x] == 0; x++) {}
q = a->dp[x];
if (a->dp)
q = a->dp[x];
x *= DIGIT_BIT;
/* now scan this digit until a 1 is found */
@@ -4172,12 +4253,18 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
/* no easy answer [c'est la vie]. Just division */
if (c != NULL) {
if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
return res;
return res;
}
q.used = a->used;
q.sign = a->sign;
}
else {
if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
}
w = 0;
for (ix = a->used - 1; ix >= 0; ix--) {
@@ -4200,8 +4287,8 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
if (c != NULL) {
mp_clamp(&q);
mp_exch(&q, c);
mp_clear(&q);
}
mp_clear(&q);
return res;
}
@@ -4476,7 +4563,9 @@ int mp_prime_is_prime (mp_int * a, int t, int *result)
for (ix = 0; ix < t; ix++) {
/* set the prime */
mp_set (&b, ltm_prime_tab[ix]);
if ((err = mp_set (&b, ltm_prime_tab[ix])) != MP_OKAY) {
goto LBL_B;
}
if ((err = mp_prime_miller_rabin (a, &b, &res)) != MP_OKAY) {
goto LBL_B;

341
wolfcrypt/src/logging.c
View File

@@ -38,14 +38,35 @@
WOLFSSL_API int wolfSSL_Debugging_ON(void);
WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#ifdef __cplusplus
}
}
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
static wolfSSL_Mutex debug_mutex; /* mutex for access to debug structure */
/* accessing any node from the queue should be wrapped in a lock of
* debug_mutex */
static void* wc_error_heap;
struct wc_error_queue {
void* heap; /* the heap hint used with nodes creation */
struct wc_error_queue* next;
struct wc_error_queue* prev;
char error[WOLFSSL_MAX_ERROR_SZ];
char file[WOLFSSL_MAX_ERROR_SZ];
int value;
int line;
};
volatile struct wc_error_queue* wc_errors;
static struct wc_error_queue* wc_last_node;
/* pointer to last node in queue to make insertion O(1) */
#endif
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL)
/* Set these to default values initially. */
static wolfSSL_Logging_cb log_function = 0;
static wolfSSL_Logging_cb log_function = NULL;
static int loggingEnabled = 0;
#endif /* DEBUG_WOLFSSL */
@@ -140,7 +161,7 @@ void WOLFSSL_MSG(const char* msg)
}
void WOLFSSL_BUFFER(byte* buffer, word32 length)
void WOLFSSL_BUFFER(const byte* buffer, word32 length)
{
#define LINE_LEN 16
@@ -196,15 +217,319 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
wolfssl_log(LEAVE_LOG , buffer);
}
}
#endif /* DEBUG_WOLFSSL */
/*
* When using OPENSSL_EXTRA or DEBUG_WOLFSSL_VERBOSE macro then WOLFSSL_ERROR is
* mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function
* name where WOLFSSL_ERROR is called at.
*/
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
#else
void WOLFSSL_ERROR(int error)
#endif
{
if (loggingEnabled) {
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_NGINX)
if (loggingEnabled && error != WC_PENDING_E)
#endif
{
char buffer[80];
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
(void)usrCtx; /* a user ctx for future flexibility */
(void)func;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
}
else {
if (error < 0) error = error - (2*error); /*get absolute value*/
sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s",
error, line, file);
if (wc_AddErrorNode(error, line, buffer, (char*)file) != 0) {
WOLFSSL_MSG("Error creating logging node");
/* with void function there is no return here, continue on
* to unlock mutex and log what buffer was created. */
}
wc_UnLockMutex(&debug_mutex);
}
#else
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
#endif
#ifdef DEBUG_WOLFSSL
wolfssl_log(ERROR_LOG , buffer);
#endif
}
}
#endif /* DEBUG_WOLFSSL */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Internal function that is called by wolfCrypt_Init() */
int wc_LoggingInit(void)
{
if (wc_InitMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Bad Init Mutex");
return BAD_MUTEX_E;
}
wc_errors = NULL;
wc_last_node = NULL;
return 0;
}
/* internal function that is called by wolfCrypt_Cleanup */
int wc_LoggingCleanup(void)
{
/* clear logging entries */
wc_ClearErrorNodes();
/* free mutex */
if (wc_FreeMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Bad Mutex free");
return BAD_MUTEX_E;
}
return 0;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* peek at an error node
*
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
* file : pointer to internal file string
* reason : pointer to internal error reason
* line : line number that error happened at
*
* Returns a negative value in error case, on success returns the nodes error
* value which is positve (absolute value)
*/
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
int *line)
{
struct wc_error_queue* err;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
if (idx < 0) {
err = wc_last_node;
if (err == NULL) {
WOLFSSL_MSG("No Errors in queue");
wc_UnLockMutex(&debug_mutex);
return BAD_STATE_E;
}
}
else {
int i;
err = (struct wc_error_queue*)wc_errors;
for (i = 0; i < idx; i++) {
if (err == NULL) {
WOLFSSL_MSG("Error node not found. Bad index?");
wc_UnLockMutex(&debug_mutex);
return BAD_FUNC_ARG;
}
err = err->next;
}
}
if (file != NULL) {
*file = err->file;
}
if (reason != NULL) {
*reason = err->error;
}
if (line != NULL) {
*line = err->line;
}
wc_UnLockMutex(&debug_mutex);
return err->value;
}
/* create new error node and add it to the queue
* buffers are assumed to be of size WOLFSSL_MAX_ERROR_SZ for this internal
* function. debug_mutex should be locked before a call to this function. */
int wc_AddErrorNode(int error, int line, char* buf, char* file)
{
struct wc_error_queue* err;
err = (struct wc_error_queue*)XMALLOC(
sizeof(struct wc_error_queue), wc_error_heap, DYNAMIC_TYPE_LOG);
if (err == NULL) {
WOLFSSL_MSG("Unable to create error node for log");
return MEMORY_E;
}
else {
int sz;
XMEMSET(err, 0, sizeof(struct wc_error_queue));
err->heap = wc_error_heap;
sz = (int)XSTRLEN(buf);
if (sz > WOLFSSL_MAX_ERROR_SZ - 1) {
sz = WOLFSSL_MAX_ERROR_SZ - 1;
}
if (sz > 0) {
XMEMCPY(err->error, buf, sz);
}
sz = (int)XSTRLEN(file);
if (sz > WOLFSSL_MAX_ERROR_SZ - 1) {
sz = WOLFSSL_MAX_ERROR_SZ - 1;
}
if (sz > 0) {
XMEMCPY(err->file, file, sz);
}
err->value = error;
err->line = line;
/* make sure is terminated */
err->error[WOLFSSL_MAX_ERROR_SZ - 1] = '\0';
err->file[WOLFSSL_MAX_ERROR_SZ - 1] = '\0';
/* since is queue place new node at last of the list */
if (wc_last_node == NULL) {
/* case of first node added to queue */
if (wc_errors != NULL) {
/* check for unexpected case before over writing wc_errors */
WOLFSSL_MSG("ERROR in adding new node to logging queue!!\n");
}
else {
wc_errors = err;
wc_last_node = err;
}
}
else {
wc_last_node->next = err;
err->prev = wc_last_node;
wc_last_node = err;
}
}
return 0;
}
/* Removes the error node at the specified index.
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
*/
void wc_RemoveErrorNode(int idx)
{
struct wc_error_queue* current;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
}
if (idx == -1)
current = wc_last_node;
else {
current = (struct wc_error_queue*)wc_errors;
for (; current != NULL && idx > 0; idx--)
current = current->next;
}
if (current != NULL) {
if (current->prev != NULL)
current->prev->next = current->next;
if (wc_last_node == current)
wc_last_node = current->prev;
if (wc_errors == current)
wc_errors = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
}
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
/* Clears out the list of error nodes.
*/
void wc_ClearErrorNodes(void)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
}
/* free all nodes from error queue */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
}
wc_errors = NULL;
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
int wc_SetLoggingHeap(void* h)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
wc_error_heap = h;
wc_UnLockMutex(&debug_mutex);
return 0;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* empties out the error queue into the file */
void wc_ERR_print_errors_fp(FILE* fp)
{
WOLFSSL_ENTER("wc_ERR_print_errors_fp");
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
}
else {
/* free all nodes from error queue and print them to file */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
fprintf(fp, "%s\n", current->error);
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
/* set global pointers to match having been freed */
wc_errors = NULL;
wc_last_node = NULL;
}
wc_UnLockMutex(&debug_mutex);
}
}
#endif /* !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) */
#endif /* defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) */

11
wolfcrypt/src/md4.c
View File

@@ -37,17 +37,6 @@
#endif
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
void wc_InitMd4(Md4* md4)
{
md4->digest[0] = 0x67452301L;

433
wolfcrypt/src/md5.c Normal file → Executable file
View File

@@ -31,13 +31,8 @@
#if defined(WOLFSSL_TI_HASH)
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
#else
#ifdef WOLFSSL_PIC32MZ_HASH
#define wc_InitMd5 wc_InitMd5_sw
#define wc_Md5Update wc_Md5Update_sw
#define wc_Md5Final wc_Md5Final_sw
#endif
#else
#include <wolfssl/wolfcrypt/md5.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
@@ -49,22 +44,21 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifdef FREESCALE_MMCAU_SHA
#include "fsl_mmcau.h"
#define XTRANSFORM(S,B) Transform((S), (B))
#else
#define XTRANSFORM(S,B) Transform((S))
#endif
/* Hardware Acceleration */
#if defined(STM32F2_HASH) || defined(STM32F4_HASH)
/*
* STM32F2/F4 hardware MD5 support through the standard peripheral
* library. (See note in README).
*/
void wc_InitMd5(Md5* md5)
#define HAVE_MD5_CUST_API
int wc_InitMd5_ex(Md5* md5, void* heap, int devId)
{
(void)heap;
(void)devId;
/* STM32 struct notes:
* md5->buffer = first 4 bytes used to hold partial block if needed
* md5->buffLen = num bytes currently stored in md5->buffer
@@ -85,9 +79,11 @@
/* reset HASH processor */
HASH->CR |= HASH_CR_INIT;
return 0;
}
void wc_Md5Update(Md5* md5, const byte* data, word32 len)
int wc_Md5Update(Md5* md5, const byte* data, word32 len)
{
word32 i = 0;
word32 fill = 0;
@@ -110,7 +106,7 @@
/* append partial to existing stored block */
XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
md5->buffLen += len;
return;
return 0;
}
}
@@ -131,9 +127,11 @@
/* keep track of total data length thus far */
md5->loLen += (len - md5->buffLen);
return 0;
}
void wc_Md5Final(Md5* md5, byte* hash)
int wc_Md5Final(Md5* md5, byte* hash)
{
__IO uint16_t nbvalidbitsdata = 0;
@@ -165,23 +163,148 @@
XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
wc_InitMd5(md5); /* reset state */
return wc_InitMd5(md5); /* reset state */
}
#else /* Begin wolfCrypt software implementation */
#elif defined(FREESCALE_MMCAU_SHA)
#include "cau_api.h"
#define XTRANSFORM(S,B) Transform((S), (B))
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
static int Transform(Md5* md5, byte* data)
{
return a > b ? b : a;
int ret = wolfSSL_CryptHwMutexLock();
if(ret == 0) {
MMCAU_MD5_HashN(data, 1, (uint32_t*)md5->digest);
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
#endif /* WOLFSSL_HAVE_MIN */
#elif defined(WOLFSSL_PIC32MZ_HASH)
#define wc_InitMd5 wc_InitMd5_sw
#define wc_Md5Update wc_Md5Update_sw
#define wc_Md5Final wc_Md5Final_sw
void wc_InitMd5(Md5* md5)
#define NEED_SOFT_MD5
#else
#define NEED_SOFT_MD5
#endif /* End Hardware Acceleration */
#ifdef NEED_SOFT_MD5
#define XTRANSFORM(S,B) Transform((S))
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
#define MD5STEP(f, w, x, y, z, data, s) \
w = rotlFixed(w + f(x, y, z) + data, s) + x
static int Transform(Md5* md5)
{
/* Copy context->state[] to working vars */
word32 a = md5->digest[0];
word32 b = md5->digest[1];
word32 c = md5->digest[2];
word32 d = md5->digest[3];
MD5STEP(F1, a, b, c, d, md5->buffer[0] + 0xd76aa478, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[1] + 0xe8c7b756, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[2] + 0x242070db, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[3] + 0xc1bdceee, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[4] + 0xf57c0faf, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[5] + 0x4787c62a, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[6] + 0xa8304613, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[7] + 0xfd469501, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[8] + 0x698098d8, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[9] + 0x8b44f7af, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
MD5STEP(F2, a, b, c, d, md5->buffer[1] + 0xf61e2562, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[6] + 0xc040b340, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[0] + 0xe9b6c7aa, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[5] + 0xd62f105d, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[4] + 0xe7d3fbc8, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[9] + 0x21e1cde6, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[3] + 0xf4d50d87, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[8] + 0x455a14ed, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[2] + 0xfcefa3f8, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[7] + 0x676f02d9, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
MD5STEP(F3, a, b, c, d, md5->buffer[5] + 0xfffa3942, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[8] + 0x8771f681, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[1] + 0xa4beea44, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[4] + 0x4bdecfa9, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[7] + 0xf6bb4b60, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[0] + 0xeaa127fa, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[3] + 0xd4ef3085, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[6] + 0x04881d05, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[9] + 0xd9d4d039, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[2] + 0xc4ac5665, 23);
MD5STEP(F4, a, b, c, d, md5->buffer[0] + 0xf4292244, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[7] + 0x432aff97, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[5] + 0xfc93a039, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[3] + 0x8f0ccc92, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[1] + 0x85845dd1, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[8] + 0x6fa87e4f, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[6] + 0xa3014314, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[4] + 0xf7537e82, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[2] + 0x2ad7d2bb, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[9] + 0xeb86d391, 21);
/* Add the working vars back into digest state[] */
md5->digest[0] += a;
md5->digest[1] += b;
md5->digest[2] += c;
md5->digest[3] += d;
return 0;
}
#endif /* NEED_SOFT_MD5 */
#ifndef HAVE_MD5_CUST_API
static INLINE void AddMd5Length(Md5* md5, word32 len)
{
word32 tmp = md5->loLen;
if ((md5->loLen += len) < tmp) {
md5->hiLen++; /* carry low to high */
}
}
static int _InitMd5(Md5* md5)
{
int ret = 0;
md5->digest[0] = 0x67452301L;
md5->digest[1] = 0xefcdab89L;
md5->digest[2] = 0x98badcfeL;
@@ -190,128 +313,55 @@ void wc_InitMd5(Md5* md5)
md5->buffLen = 0;
md5->loLen = 0;
md5->hiLen = 0;
}
#ifdef FREESCALE_MMCAU_SHA
static int Transform(Md5* md5, byte* data)
{
int ret = wolfSSL_CryptHwMutexLock();
if(ret == 0) {
MMCAU_MD5_HashN(data, 1, (uint32_t*)(md5->digest));
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
#endif /* FREESCALE_MMCAU_SHA */
#ifndef FREESCALE_MMCAU_SHA
static void Transform(Md5* md5)
int wc_InitMd5_ex(Md5* md5, void* heap, int devId)
{
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
int ret = 0;
#define MD5STEP(f, w, x, y, z, data, s) \
w = rotlFixed(w + f(x, y, z) + data, s) + x
if (md5 == NULL)
return BAD_FUNC_ARG;
/* Copy context->state[] to working vars */
word32 a = md5->digest[0];
word32 b = md5->digest[1];
word32 c = md5->digest[2];
word32 d = md5->digest[3];
md5->heap = heap;
MD5STEP(F1, a, b, c, d, md5->buffer[0] + 0xd76aa478, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[1] + 0xe8c7b756, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[2] + 0x242070db, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[3] + 0xc1bdceee, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[4] + 0xf57c0faf, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[5] + 0x4787c62a, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[6] + 0xa8304613, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[7] + 0xfd469501, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[8] + 0x698098d8, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[9] + 0x8b44f7af, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122, 7);
MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
ret = _InitMd5(md5);
if (ret != 0)
return ret;
MD5STEP(F2, a, b, c, d, md5->buffer[1] + 0xf61e2562, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[6] + 0xc040b340, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[0] + 0xe9b6c7aa, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[5] + 0xd62f105d, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[4] + 0xe7d3fbc8, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[9] + 0x21e1cde6, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[3] + 0xf4d50d87, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[8] + 0x455a14ed, 20);
MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905, 5);
MD5STEP(F2, d, a, b, c, md5->buffer[2] + 0xfcefa3f8, 9);
MD5STEP(F2, c, d, a, b, md5->buffer[7] + 0x676f02d9, 14);
MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
MD5STEP(F3, a, b, c, d, md5->buffer[5] + 0xfffa3942, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[8] + 0x8771f681, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[1] + 0xa4beea44, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[4] + 0x4bdecfa9, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[7] + 0xf6bb4b60, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[0] + 0xeaa127fa, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[3] + 0xd4ef3085, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[6] + 0x04881d05, 23);
MD5STEP(F3, a, b, c, d, md5->buffer[9] + 0xd9d4d039, 4);
MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
MD5STEP(F3, b, c, d, a, md5->buffer[2] + 0xc4ac5665, 23);
MD5STEP(F4, a, b, c, d, md5->buffer[0] + 0xf4292244, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[7] + 0x432aff97, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[5] + 0xfc93a039, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[3] + 0x8f0ccc92, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[1] + 0x85845dd1, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[8] + 0x6fa87e4f, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[6] + 0xa3014314, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
MD5STEP(F4, a, b, c, d, md5->buffer[4] + 0xf7537e82, 6);
MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
MD5STEP(F4, c, d, a, b, md5->buffer[2] + 0x2ad7d2bb, 15);
MD5STEP(F4, b, c, d, a, md5->buffer[9] + 0xeb86d391, 21);
/* Add the working vars back into digest state[] */
md5->digest[0] += a;
md5->digest[1] += b;
md5->digest[2] += c;
md5->digest[3] += d;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5)
ret = wolfAsync_DevCtxInit(&md5->asyncDev, WOLFSSL_ASYNC_MARKER_MD5,
md5->heap, devId);
#else
(void)devId;
#endif
return ret;
}
#endif /* End Software implementation */
static INLINE void AddLength(Md5* md5, word32 len)
int wc_Md5Update(Md5* md5, const byte* data, word32 len)
{
word32 tmp = md5->loLen;
if ( (md5->loLen += len) < tmp)
md5->hiLen++; /* carry low to high */
}
int ret = 0;
byte* local;
if (md5 == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5)
if (md5->asyncDev.marker == WOLFSSL_ASYNC_MARKER_MD5) {
#if defined(HAVE_INTEL_QA)
return IntelQaSymMd5(&md5->asyncDev, NULL, data, len);
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
void wc_Md5Update(Md5* md5, const byte* data, word32 len)
{
/* do block size increments */
byte* local = (byte*)md5->buffer;
local = (byte*)md5->buffer;
/* check that internal buffLen is valid */
if (md5->buffLen >= MD5_BLOCK_SIZE)
return BUFFER_E;
while (len) {
word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
@@ -322,23 +372,36 @@ void wc_Md5Update(Md5* md5, const byte* data, word32 len)
len -= add;
if (md5->buffLen == MD5_BLOCK_SIZE) {
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
XTRANSFORM(md5, local);
AddLength(md5, MD5_BLOCK_SIZE);
AddMd5Length(md5, MD5_BLOCK_SIZE);
md5->buffLen = 0;
}
}
return ret;
}
void wc_Md5Final(Md5* md5, byte* hash)
int wc_Md5Final(Md5* md5, byte* hash)
{
byte* local = (byte*)md5->buffer;
byte* local;
AddLength(md5, md5->buffLen); /* before adding pads */
if (md5 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5)
if (md5->asyncDev.marker == WOLFSSL_ASYNC_MARKER_MD5) {
#if defined(HAVE_INTEL_QA)
return IntelQaSymMd5(&md5->asyncDev, hash, NULL, MD5_DIGEST_SIZE);
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
local = (byte*)md5->buffer;
AddMd5Length(md5, md5->buffLen); /* before adding pads */
local[md5->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
@@ -346,9 +409,9 @@ void wc_Md5Final(Md5* md5, byte* hash)
XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
XTRANSFORM(md5, local);
md5->buffLen = 0;
}
@@ -360,50 +423,72 @@ void wc_Md5Final(Md5* md5, byte* hash)
md5->loLen = md5->loLen << 3;
/* store lengths */
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
XTRANSFORM(md5, local);
#ifdef BIG_ENDIAN_ORDER
ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
#endif
#ifdef BIG_ENDIAN_ORDER
ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
#endif
XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
wc_InitMd5(md5); /* reset state */
return _InitMd5(md5); /* reset state */
}
#endif /* !HAVE_MD5_CUST_API */
int wc_InitMd5(Md5* md5)
{
if (md5 == NULL) {
return BAD_FUNC_ARG;
}
return wc_InitMd5_ex(md5, NULL, INVALID_DEVID);
}
#endif /* End wolfCrypt software implementation */
int wc_Md5Hash(const byte* data, word32 len, byte* hash)
void wc_Md5Free(Md5* md5)
{
#ifdef WOLFSSL_SMALL_STACK
Md5* md5;
#else
Md5 md5[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5 == NULL)
return MEMORY_E;
return;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5)
wolfAsync_DevCtxFree(&md5->asyncDev, WOLFSSL_ASYNC_MARKER_MD5);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
int wc_Md5GetHash(Md5* md5, byte* hash)
{
int ret;
Md5 tmpMd5;
if (md5 == NULL || hash == NULL)
return BAD_FUNC_ARG;
ret = wc_Md5Copy(md5, &tmpMd5);
if (ret == 0) {
ret = wc_Md5Final(&tmpMd5, hash);
}
return ret;
}
int wc_Md5Copy(Md5* src, Md5* dst)
{
int ret = 0;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
XMEMCPY(dst, src, sizeof(Md5));
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
wc_InitMd5(md5);
wc_Md5Update(md5, data, len);
wc_Md5Final(md5, hash);
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
return ret;
}
#endif /* WOLFSSL_TI_HASH */
#endif /* NO_MD5 */

58
wolfcrypt/src/memory.c
View File

@@ -74,6 +74,16 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf,
return res;
}
int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
wolfSSL_Free_cb* ff,
wolfSSL_Realloc_cb* rf)
{
if (mf) *mf = malloc_function;
if (ff) *ff = free_function;
if (rf) *rf = realloc_function;
return 0;
}
#ifndef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line)
@@ -389,10 +399,19 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag)
/* creating only IO buffers from memory passed in, max TLS is 16k */
if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
ava = sz % (memSz + padSz + WOLFMEM_IO_SZ);
if (ava < (memSz + padSz + WOLFMEM_IO_SZ)) {
return 0; /* not enough room for even one bucket */
}
ava = ava % (memSz + padSz + WOLFMEM_IO_SZ);
}
else {
int i, k;
if (ava < (bucketSz[0] + padSz + memSz)) {
return 0; /* not enough room for even one bucket */
}
while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) {
/* start at largest and move to smaller buckets */
for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
@@ -530,7 +549,9 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
}
/* case of using fixed IO buffers */
if (mem->flag & WOLFMEM_IO_POOL_FIXED) {
if (mem->flag & WOLFMEM_IO_POOL_FIXED &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
if (type == DYNAMIC_TYPE_OUT_BUFFER) {
pt = hint->outBuf;
}
@@ -538,25 +559,26 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
pt = hint->inBuf;
}
}
/* check if using IO pool flag */
if (mem->flag & WOLFMEM_IO_POOL && pt == NULL &&
else {
/* check if using IO pool flag */
if (mem->flag & WOLFMEM_IO_POOL &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
if (mem->io != NULL) {
pt = mem->io;
mem->io = pt->next;
if (mem->io != NULL) {
pt = mem->io;
mem->io = pt->next;
}
}
}
/* general static memory */
if (pt == NULL) {
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;
break;
/* general static memory */
if (pt == NULL) {
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;
break;
}
}
}
}
@@ -663,7 +685,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
/* fixed IO pools are free'd at the end of SSL lifetime
using FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) */
}
else if (mem->flag & WOLFMEM_IO_POOL &&
else if (mem->flag & WOLFMEM_IO_POOL && pt->sz == WOLFMEM_IO_SZ &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
pt->next = mem->io;

41
wolfcrypt/src/misc.c
View File

@@ -31,7 +31,7 @@
#include <wolfssl/wolfcrypt/misc.h>
/* inlining these functions is a huge speed increase and a small size decrease,
/* inlining these functions is a huge speed increase and a small size decrease,
because the functions are smaller than function call setup/cleanup, e.g.,
md5 benchmark is twice as fast with inline. If you don't want it, then
define NO_INLINE and compile this file into wolfssl, otherwise it's used as
@@ -50,6 +50,12 @@
#else
#if defined(__ICCARM__)
#include <intrinsics.h>
#endif
#ifdef INTEL_INTRINSICS
#include <stdlib.h> /* get intrinsic definitions */
@@ -73,7 +79,7 @@
STATIC INLINE word32 rotlFixed(word32 x, word32 y)
{
return (x << y) | (x >> (sizeof(y) * 8 - y));
}
}
STATIC INLINE word32 rotrFixed(word32 x, word32 y)
@@ -122,7 +128,7 @@ STATIC INLINE void ByteReverseWords(word32* out, const word32* in,
STATIC INLINE word64 rotlFixed64(word64 x, word64 y)
{
return (x << y) | (x >> (sizeof(y) * 8 - y));
}
}
STATIC INLINE word64 rotrFixed64(word64 x, word64 y)
@@ -133,8 +139,8 @@ STATIC INLINE word64 rotrFixed64(word64 x, word64 y)
STATIC INLINE word64 ByteReverseWord64(word64 value)
{
#ifdef WOLFCRYPT_SLOW_WORD64
return (word64)(ByteReverseWord32((word32)value)) << 32 |
#if defined(WOLFCRYPT_SLOW_WORD64)
return (word64)(ByteReverseWord32((word32)value)) << 32 |
ByteReverseWord32((word32)(value>>32));
#else
value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) |
@@ -210,8 +216,31 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length)
return compareSum;
}
#undef STATIC
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
#if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
#define min min
#endif
STATIC INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* !WOLFSSL_HAVE_MIN */
#ifndef WOLFSSL_HAVE_MAX
#define WOLFSSL_HAVE_MAX
#if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
#define max max
#endif
STATIC INLINE word32 max(word32 a, word32 b)
{
return a > b ? a : b;
}
#endif /* !WOLFSSL_HAVE_MAX */
#undef STATIC
#endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */

34
wolfcrypt/src/pkcs12.c
View File

@@ -200,7 +200,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
freeSafe(safe, pkcs12->heap);
return ASN_PARSE_E;
}
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) < 0) {
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap);
return ret;
}
@@ -218,7 +218,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
freeSafe(safe, pkcs12->heap);
return ASN_PARSE_E;
}
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) < 0) {
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap);
return ret;
}
@@ -367,7 +367,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
return ASN_PARSE_E;
}
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) < 0) {
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret;
}
@@ -398,7 +398,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
return ASN_PARSE_E;
}
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) < 0) {
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret;
@@ -527,15 +527,19 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
}
/* now that key has been created use it to get HMAC hash on data */
if ((ret = wc_HmacSetKey(&hmac, typeH, key, kLen)) != 0) {
if ((ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID)) != 0) {
return ret;
}
if ((ret = wc_HmacUpdate(&hmac, data, dataSz)) != 0) {
ret = wc_HmacSetKey(&hmac, typeH, key, kLen);
if (ret == 0)
ret = wc_HmacUpdate(&hmac, data, dataSz);
if (ret == 0)
ret = wc_HmacFinal(&hmac, digest);
wc_HmacFree(&hmac);
if (ret != 0)
return ret;
}
if ((ret = wc_HmacFinal(&hmac, digest)) != 0) {
return ret;
}
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
@@ -709,6 +713,10 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
}
if (pkcs12->safe == NULL) {
WOLFSSL_MSG("No PKCS12 safes to parse");
return BAD_FUNC_ARG;
}
/* Decode content infos */
ci = pkcs12->safe->CI;
@@ -800,7 +808,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
@@ -851,7 +859,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
@@ -987,7 +995,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
return ASN_PARSE_E;
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz))
< 0) {
<= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;

1264
wolfcrypt/src/pkcs7.c
View File

File diff suppressed because it is too large Load Diff

24
wolfcrypt/src/poly1305.c
View File

@@ -592,26 +592,28 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
return BAD_FUNC_ARG;
}
if (additional == NULL && addSz > 0) {
return BAD_FUNC_ARG;
}
/* additional allowed to be 0 */
if (addSz > 0) {
if (additional == NULL)
return BAD_FUNC_ARG;
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -addSz & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
return ret;
}
}
}
/* input plus padding */
if ((ret = wc_Poly1305Update(ctx, input, sz)) != 0) {
return ret;
}
paddingLen = -sz & (WC_POLY1305_PAD_SZ - 1);
paddingLen = -((int)sz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
return ret;

60
wolfcrypt/src/port/arm/armv8-aes.c
View File

@@ -301,16 +301,22 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* set the heap hint for aes struct */
int wc_InitAes_h(Aes* aes, void* h)
int wc_AesInit(Aes* aes, void* heap, int devId)
{
if (aes == NULL)
return BAD_FUNC_ARG;
aes->heap = h;
aes->heap = heap;
(void)devId;
return 0;
}
void wc_AesFree(Aes* aes)
{
(void)aes;
}
#ifdef __aarch64__
/* AES CCM/GCM use encrypt direct but not decrypt */
@@ -2532,6 +2538,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
return BAD_FUNC_ARG;
}
if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
WOLFSSL_MSG("GcmEncrypt authTagSz too small error");
return BAD_FUNC_ARG;
}
switch (aes->rounds) {
case 10:
return Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz,
@@ -4547,26 +4558,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AESCCM */
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Aes for use with Nitrox device */
int wc_AesAsyncInit(Aes* aes, int devId)
{
WOLFSSL_STUB("wc_AesAsyncInit");
(void)aes;
(void)devId;
return 0;
}
/* Free Aes from use with Nitrox device */
void wc_AesAsyncFree(Aes* aes)
{
WOLFSSL_STUB("wc_AesAsyncFree");
(void)aes;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_AESGCM /* common GCM functions 32 and 64 bit */
WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
@@ -4653,5 +4645,31 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_DIRECT */
int wc_AesGetKeySize(Aes* aes, word32* keySize)
{
int ret = 0;
if (aes == NULL || keySize == NULL) {
return BAD_FUNC_ARG;
}
switch (aes->rounds) {
case 10:
*keySize = 16;
break;
case 12:
*keySize = 24;
break;
case 14:
*keySize = 32;
break;
default:
*keySize = 0;
ret = BAD_FUNC_ARG;
}
return ret;
}
#endif /* NO_AES */

66
wolfcrypt/src/port/arm/armv8-sha256.c
View File

@@ -38,27 +38,6 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
#if !defined (ALIGN32)
#if defined (__GNUC__)
#define ALIGN32 __attribute__ ( (aligned (32)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN32 __declspec (align (32))
#else
#define ALIGN32
#endif
#endif
static const ALIGN32 word32 K[64] = {
0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
@@ -76,7 +55,8 @@ static const ALIGN32 word32 K[64] = {
0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
};
int wc_InitSha256(Sha256* sha256)
int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
{
int ret = 0;
@@ -97,9 +77,21 @@ int wc_InitSha256(Sha256* sha256)
sha256->loLen = 0;
sha256->hiLen = 0;
(void)heap;
(void)devId;
return ret;
}
int wc_InitSha256(Sha256* sha256)
{
return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
}
void wc_Sha256Free(Sha256* sha256)
{
(void)sha256;
}
static INLINE void AddLength(Sha256* sha256, word32 len)
{
@@ -1308,7 +1300,35 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
return wc_InitSha256(sha256); /* reset state */
}
#endif /* __aarch64__ */
#endif /* NO_SHA256 and WOLFSSL_ARMASM */
int wc_Sha256GetHash(Sha256* sha256, byte* hash)
{
int ret;
Sha256 tmpSha256;
if (sha256 == NULL || hash == NULL)
return BAD_FUNC_ARG;
ret = wc_Sha256Copy(sha256, &tmpSha256);
if (ret == 0) {
ret = wc_Sha256Final(&tmpSha256, hash);
}
return ret;
}
int wc_Sha256Copy(Sha256* src, Sha256* dst)
{
int ret = 0;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
XMEMCPY(dst, src, sizeof(Sha256));
return ret;
}
#endif /* NO_SHA256 and WOLFSSL_ARMASM */

33
wolfcrypt/src/port/cavium/README.md
View File

@@ -1,32 +1,3 @@
# Cavium Nitrox V Support
# Cavium Nitrox III/V Support
## Directory Structure:
`/`
`/CNN55XX-SDK`
`/wolfssl`
## Cavium Driver
Tested again `CNN55XX-Driver-Linux-KVM-XEN-PF-SDK-0.2-04.tar`
From inside `CNN55XX-SDK`:
1. `make`
Note: To resolve warnings in `CNN55XX-SDK/include/vf_defs.h`:
a. Changed `vf_config_mode_str` to return `const char*` and modify `vf_mode_str` to be `const char*`.
b. In `vf_config_mode_to_num_vfs` above `default:` add `case PF:`.
2. `sudo make load`
## wolfSSL
Currently the AES and DES3 benchmark tests causes the kernel to crash, so they are disabled for now, even though the wolfCrypt tests pass for those.
From inside `wolfssl`:
1. `./configure --with-cavium-v=../CNN55XX-SDK --enable-asynccrypt --enable-aesni --enable-intelasm --disable-aes --disable-aesgcm --disable-des3`
2. `make`
## Usage
Note: Must run applications with sudo to access device.
`sudo ./wolfcrypt/benchmark/benchmark`
`sudo ./wolfcrypt/test/testwolfcrypt`
Please contact wolfSSL at info@wolfssl.com to request an evaluation.

778
wolfcrypt/src/port/cavium/cavium_nitrox.c
View File

@@ -1,778 +0,0 @@
/* cavium-nitrox.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
#endif
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
#include <netinet/in.h> /* For ntohs */
static CspHandle mLastDevHandle = INVALID_DEVID;
int NitroxTranslateResponseCode(int ret)
{
switch (ret) {
case EAGAIN:
case ERR_REQ_PENDING:
ret = WC_PENDING_E;
break;
case ERR_REQ_TIMEOUT:
ret = WC_TIMEOUT_E;
break;
case 0:
/* leave as-is */
break;
default:
printf("NitroxTranslateResponseCode Unknown ret=%x\n", ret);
ret = ASYNC_INIT_E;
}
return ret;
}
CspHandle NitroxGetDeviceHandle(void)
{
return mLastDevHandle;
}
CspHandle NitroxOpenDevice(int dma_mode, int dev_id)
{
mLastDevHandle = INVALID_DEVID;
#ifdef HAVE_CAVIUM_V
(void)dma_mode;
if (CspInitialize(dev_id, &mLastDevHandle)) {
return -1;
}
#else
Csp1CoreAssignment core_assign;
Uint32 device;
if (CspInitialize(CAVIUM_DIRECT, CAVIUM_DEV_ID)) {
return -1;
}
if (Csp1GetDevType(&device)) {
return -1;
}
if (device != NPX_DEVICE) {
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
(Uint32 *)&core_assign)!= 0) {
return -1;
}
}
CspShutdown(CAVIUM_DEV_ID);
mLastDevHandle = CspInitialize(dma_mode, dev_id);
if (mLastDevHandle == 0) {
mLastDevHandle = dev_id;
}
#endif /* HAVE_CAVIUM_V */
return mLastDevHandle;
}
int NitroxAllocContext(CaviumNitroxDev* nitrox, CspHandle devId,
ContextType type)
{
int ret;
if (nitrox == NULL) {
return -1;
}
/* If invalid handle provided, use last open one */
if (devId == INVALID_DEVID) {
devId = NitroxGetDeviceHandle();
}
#ifdef HAVE_CAVIUM_V
ret = CspAllocContext(devId, type, &nitrox->contextHandle);
#else
ret = CspAllocContext(type, &nitrox->contextHandle, devId);
#endif
if (ret != 0) {
return -1;
}
nitrox->type = type;
nitrox->devId = devId;
return 0;
}
void NitroxFreeContext(CaviumNitroxDev* nitrox)
{
if (nitrox == NULL) {
return;
}
#ifdef HAVE_CAVIUM_V
CspFreeContext(nitrox->devId, nitrox->type, nitrox->contextHandle);
#else
CspFreeContext(nitrox->type, nitrox->contextHandle, nitrox->devId);
#endif
}
void NitroxCloseDevice(CspHandle devId)
{
if (devId >= 0) {
CspShutdown(devId);
}
}
#if defined(WOLFSSL_ASYNC_CRYPT)
int NitroxCheckRequest(CspHandle devId, CavReqId reqId)
{
int ret = CspCheckForCompletion(devId, reqId);
return NitroxTranslateResponseCode(ret);
}
int NitroxCheckRequests(CspHandle devId, CspMultiRequestStatusBuffer* req_stat_buf)
{
int ret = CspGetAllResults(req_stat_buf, devId);
return NitroxTranslateResponseCode(ret);
}
#ifndef NO_RSA
int NitroxRsaExptMod(const byte* in, word32 inLen,
byte* exponent, word32 expLen,
byte* modulus, word32 modLen,
byte* out, word32* outLen, RsaKey* key)
{
int ret;
if (key == NULL || in == NULL || inLen == 0 || exponent == NULL ||
modulus == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
(void)outLen;
#ifdef HAVE_CAVIUM_V
ret = CspMe(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP,
CAVIUM_DPORT, modLen, expLen, inLen,
modulus, exponent, (Uint8*)in, out,
&key->asyncDev.dev.reqId);
#if 0
/* TODO: Try MeCRT */
ret = CspMeCRT();
#endif
#else
/* Not implemented/supported */
ret = NOT_COMPILED_IN;
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return ret;
}
int NitroxRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15Enc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT2, key->n.used, key->e.used,
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
&key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15Enc(CAVIUM_REQ_MODE, BT2, key->n.used, key->e.used,
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return key->n.used;
}
static INLINE void ato16(const byte* c, word16* u16)
{
*u16 = (c[0] << 8) | (c[1]);
}
int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL ||
inLen != (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15CrtDec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT2, key->n.used, key->q.dpraw,
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15CrtDec(CAVIUM_REQ_MODE, BT2, key->n.used, key->q.dpraw,
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId,
key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
ato16((const byte*)&outSz, &outSz);
return outSz;
}
int NitroxRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
(word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15CrtEnc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT1, key->n.used, (word16)inLen,
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, out, &key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15CrtEnc(CAVIUM_REQ_MODE, BT1, key->n.used, (word16)inLen,
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, out, &key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return key->n.used;
}
int NitroxRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15Dec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT1, key->n.used, key->e.used,
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
&key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15Dec(CAVIUM_REQ_MODE, BT1, key->n.used, key->e.used,
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
outSz = ntohs(outSz);
return outSz;
}
#endif /* !NO_RSA */
#ifndef NO_AES
int NitroxAesSetKey(Aes* aes, const byte* key, word32 length, const byte* iv)
{
if (aes == NULL)
return BAD_FUNC_ARG;
XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */
if (length == 16)
aes->type = AES_128_BIT;
else if (length == 24)
aes->type = AES_192_BIT;
else if (length == 32)
aes->type = AES_256_BIT;
return wc_AesSetIV(aes, iv);
}
#ifdef HAVE_AES_CBC
int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
int ret;
wolfssl_word offset = 0;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
#ifdef HAVE_CAVIUM_V
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
}
return 0;
}
#ifdef HAVE_AES_DECRYPT
int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
}
return 0;
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */
#if !defined(NO_ARC4) && !defined(HAVE_CAVIUM_V)
void NitroxArc4SetKey(Arc4* arc4, const byte* key, word32 length)
{
if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle, length,
(byte*)key, &arc4->asyncDev.dev.reqId, arc4->devId) != 0) {
WOLFSSL_MSG("Bad Cavium Arc4 Init");
}
}
void NitroxArc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
{
int ret;
wolfssl_word offset = 0;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
&arc4->asyncDev.dev.reqId, arc4->devId);
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (length) {
word16 slen = (word16)length;
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
&arc4->asyncDev.dev.reqId, arc4->devId);
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
}
}
#endif /* !NO_ARC4 && !HAVE_CAVIUM_V */
#ifndef NO_DES3
int NitroxDes3SetKey(Des3* des3, const byte* key, const byte* iv)
{
if (des3 == NULL)
return BAD_FUNC_ARG;
/* key[0] holds key, iv in reg */
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
return wc_Des3_SetIV(des3, iv);
}
int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0],
(byte*)des3->reg, slen, (byte*)in + offset,
out + offset, &des3->asyncDev.dev.reqId);
#else
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
#ifdef HAVE_CAVIUM_V
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return 0;
}
int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
return 0;
}
#endif /* !NO_DES3 */
#ifndef NO_HMAC
int NitroxHmacFinal(Hmac* hmac, byte* hash)
{
int ret = -1;
#ifdef HAVE_CAVIUM_V
word16 hashLen = wc_HmacSizeByType(hmac->macType);
ret = CspHmac(hmac->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, hmac->type, hmac->keyLen,
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hashLen,
hash, &hmac->asyncDev.dev.reqId);
#else
ret = CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash,
&hmac->asyncDev.dev.reqId, hmac->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
return 0;
}
int NitroxHmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
word16 add = (word16)length;
word32 total;
byte* tmp;
if (length > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
if (hmac->innerHashKeyed == 0) { /* starting new */
hmac->dataLen = 0;
hmac->innerHashKeyed = 1;
}
total = add + hmac->dataLen;
if (total > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
tmp = XMALLOC(hmac->dataLen + add, NULL, DYNAMIC_TYPE_ASYNC_TMP);
if (tmp == NULL) {
WOLFSSL_MSG("Out of memory for cavium update");
return -1;
}
if (hmac->dataLen)
XMEMCPY(tmp, hmac->data, hmac->dataLen);
XMEMCPY(tmp + hmac->dataLen, msg, add);
hmac->dataLen += add;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_ASYNC_TMP);
hmac->data = tmp;
return 0;
}
int NitroxHmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
hmac->macType = (byte)type;
/* Determine Cavium HashType */
switch(type) {
#ifndef NO_MD5
case MD5:
hmac->type = MD5_TYPE;
break;
#endif
#ifndef NO_SHA
case SHA:
hmac->type = SHA1_TYPE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
#ifdef HAVE_CAVIUM_V
hmac->type = SHA2_SHA256;
#else
hmac->type = SHA256_TYPE;
#endif
break;
#endif
#ifdef HAVE_CAVIUM_V
#ifndef WOLFSSL_SHA512
case SHA512:
hmac->type = SHA2_SHA512;
break;
#endif
#ifndef WOLFSSL_SHA384
case SHA384:
hmac->type = SHA2_SHA384;
break;
#endif
#endif /* HAVE_CAVIUM_V */
default:
WOLFSSL_MSG("unsupported cavium hmac type");
break;
}
hmac->innerHashKeyed = 0; /* should we key Startup flag */
hmac->keyLen = (word16)length;
/* store key in ipad */
XMEMCPY(hmac->ipad, key, length);
return 0;
}
#endif /* !NO_HMAC */
#if !defined(HAVE_HASHDRBG) && !defined(NO_RC4)
void NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
wolfssl_word offset = 0;
word32 requestId;
while (sz > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
#else
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
sz -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (sz) {
word16 slen = (word16)sz;
#ifdef HAVE_CAVIUM_V
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
#else
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
}
}
#endif /* !defined(HAVE_HASHDRBG) && !defined(NO_RC4) */
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* HAVE_CAVIUM */

3
wolfcrypt/src/port/intel/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Intel QuickAssist Adapter Asynchronous Support
Please contact wolfSSL at info@wolfssl.com to request an evaluation.

374
wolfcrypt/src/port/nxp/ksdk_port.c
View File

@@ -23,7 +23,6 @@
#include <config.h>
#endif
/* in case user set USE_FAST_MATH there */
#include <wolfssl/wolfcrypt/settings.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@@ -33,8 +32,7 @@
#endif
/* If FREESCALE_LTC_TFM or FREESCALE_LTC_ECC */
#if (defined(USE_FAST_MATH) && defined(FREESCALE_LTC_TFM)) ||\
defined(FREESCALE_LTC_ECC)
#if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#include <wolfssl/wolfcrypt/random.h>
@@ -42,12 +40,12 @@
#include <wolfssl/wolfcrypt/logging.h>
#include <stdint.h>
#define ERROR_OUT(err) { ret = (err); goto done; }
#define ERROR_OUT(res) { ret = (res); goto done; }
int ksdk_port_init(void)
{
#if defined(USE_FAST_MATH) && defined(FREESCALE_LTC_TFM)
#if defined(FREESCALE_LTC_TFM)
LTC_Init(LTC0);
#endif
@@ -56,8 +54,7 @@ int ksdk_port_init(void)
/* LTC TFM */
#if defined(USE_FAST_MATH) && defined(FREESCALE_LTC_TFM)
#include <wolfssl/wolfcrypt/tfm.h>
#if defined(FREESCALE_LTC_TFM)
/* Reverse array in memory (in place) */
static void ltc_reverse_array(uint8_t *src, size_t src_len)
@@ -73,39 +70,52 @@ static void ltc_reverse_array(uint8_t *src, size_t src_len)
}
}
/* same as fp_to_unsigned_bin() with fp_reverse() skipped */
static void fp_to_unsigned_lsb_bin(fp_int *a, unsigned char *b)
/* same as mp_to_unsigned_bin() with mp_reverse() skipped */
static int mp_to_unsigned_lsb_bin(mp_int *a, unsigned char *b)
{
fp_int t;
int res;
mp_int t;
fp_init_copy(&t, a);
res = mp_init_copy(&t, a);
if (res == MP_OKAY) {
res = mp_to_unsigned_bin_at_pos(0, &t, b);
if (res >= 0)
res = 0;
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
}
(void)fp_to_unsigned_bin_at_pos(0, &t, b);
return res;
}
static void ltc_get_lsb_bin_from_mp_int(uint8_t *dst, mp_int *A, uint16_t *psz)
static int ltc_get_lsb_bin_from_mp_int(uint8_t *dst, mp_int *A, uint16_t *psz)
{
int res;
uint16_t sz;
sz = mp_unsigned_bin_size(A);
fp_to_unsigned_lsb_bin(A, dst); /* result is lsbyte at lowest addr as required by LTC */
res = mp_to_unsigned_lsb_bin(A, dst); /* result is lsbyte at lowest addr as required by LTC */
*psz = sz;
return res;
}
/* these function are used by wolfSSL upper layers (like RSA) */
/* c = a * b */
void fp_mul(fp_int *A, fp_int *B, fp_int *C)
int mp_mul(mp_int *A, mp_int *B, mp_int *C)
{
int res = MP_OKAY;
int szA, szB;
szA = fp_unsigned_bin_size(A);
szB = fp_unsigned_bin_size(B);
szA = mp_unsigned_bin_size(A);
szB = mp_unsigned_bin_size(B);
/* if unsigned mul can fit into LTC PKHA let's use it, otherwise call software mul */
if ((szA <= LTC_MAX_INT_BYTES / 2) && (szB <= LTC_MAX_INT_BYTES / 2)) {
int neg;
neg = (A->sign == B->sign) ? FP_ZPOS : FP_NEG;
neg = (A->sign == B->sign) ? MP_ZPOS : MP_NEG;
/* unsigned multiply */
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
@@ -115,16 +125,19 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB;
ltc_get_lsb_bin_from_mp_int(ptrA, A, &sizeA);
ltc_get_lsb_bin_from_mp_int(ptrB, B, &sizeB);
XMEMSET(ptrC, 0xFF, LTC_MAX_INT_BYTES);
res = ltc_get_lsb_bin_from_mp_int(ptrA, A, &sizeA);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrB, B, &sizeB);
if (res == MP_OKAY) {
XMEMSET(ptrC, 0xFF, LTC_MAX_INT_BYTES);
LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, LTC_MAX_INT_BYTES, ptrB, &sizeB,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, kLTC_PKHA_NormalValue,
kLTC_PKHA_TimingEqualized);
LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, LTC_MAX_INT_BYTES, ptrB, &sizeB,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, kLTC_PKHA_NormalValue,
kLTC_PKHA_TimingEqualized);
ltc_reverse_array(ptrB, sizeB);
mp_read_unsigned_bin(C, ptrB, sizeB);
ltc_reverse_array(ptrB, sizeB);
res = mp_read_unsigned_bin(C, ptrB, sizeB);
}
}
/* fix sign */
@@ -138,52 +151,53 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
return;
}
else {
wolfcrypt_fp_mul(A, B, C);
res = wolfcrypt_mp_mul(A, B, C);
}
return res;
}
/* c = a mod b, 0 <= c < b */
int fp_mod(fp_int *a, fp_int *b, fp_int *c)
int mp_mod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = fp_unsigned_bin_size(a);
szB = fp_unsigned_bin_size(b);
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES))
{
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
int res = FP_OKAY;
int neg;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
/* get sign for the result */
neg = (a->sign == b->sign) ? FP_ZPOS : FP_NEG;
neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
/* get remainder of unsigned a divided by unsigned b */
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB, sizeC;
ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
if (kStatus_Success ==
LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, &sizeC, kLTC_PKHA_IntegerArith))
{
ltc_reverse_array(ptrC, sizeC);
mp_read_unsigned_bin(c, ptrC, sizeC);
}
else {
res = FP_VAL;
res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
if (res == MP_OKAY) {
if (kStatus_Success ==
LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, &sizeC, kLTC_PKHA_IntegerArith))
{
ltc_reverse_array(ptrC, sizeC);
res = mp_read_unsigned_bin(c, ptrC, sizeC);
}
else {
res = MP_VAL;
}
}
}
else {
res = FP_MEM;
res = MP_MEM;
}
/* fix sign */
@@ -198,26 +212,25 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
return res;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
return wolfcrypt_fp_mod(a, b, c);
res = wolfcrypt_mp_mod(a, b, c);
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
/* c = 1/a (mod b) for odd b only */
int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = fp_unsigned_bin_size(a);
szB = fp_unsigned_bin_size(b);
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES)) {
#endif
int res = FP_OKAY;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
@@ -225,21 +238,23 @@ int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB, sizeC;
ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
if (kStatus_Success ==
LTC_PKHA_ModInv(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, &sizeC, kLTC_PKHA_IntegerArith))
{
ltc_reverse_array(ptrC, sizeC);
mp_read_unsigned_bin(c, ptrC, sizeC);
}
else {
res = FP_VAL;
res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
if (res == MP_OKAY) {
if (kStatus_Success ==
LTC_PKHA_ModInv(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, &sizeC, kLTC_PKHA_IntegerArith))
{
ltc_reverse_array(ptrC, sizeC);
res = mp_read_unsigned_bin(c, ptrC, sizeC);
}
else {
res = MP_VAL;
}
}
}
else {
res = FP_MEM;
res = MP_MEM;
}
c->sign = a->sign;
@@ -252,85 +267,91 @@ int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
return res;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
return wolfcrypt_fp_invmod(a, b, c);
res = wolfcrypt_mp_invmod(a, b, c);
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
/* d = a * b (mod c) */
int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
szA = fp_unsigned_bin_size(a);
szB = fp_unsigned_bin_size(b);
szC = fp_unsigned_bin_size(c);
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
szC = mp_unsigned_bin_size(c);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
int res = FP_OKAY;
fp_int t;
mp_int t;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrD = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
/* if A or B is negative, substracta abs(A) or abs(B) from modulus to get positive integer representation of the
/* if A or B is negative, subtract abs(A) or abs(B) from modulus to get positive integer representation of the
* same number */
fp_init(&t);
res = mp_init(&t);
if (a->sign) {
fp_add(a, c, &t);
fp_copy(&t, a);
if (res == MP_OKAY)
res = mp_add(a, c, &t);
if (res == MP_OKAY)
res = mp_copy(&t, a);
}
if (b->sign) {
fp_add(b, c, &t);
fp_copy(&t, b);
if (res == MP_OKAY)
res = mp_add(b, c, &t);
if (res == MP_OKAY)
res = mp_copy(&t, b);
}
if (ptrA && ptrB && ptrC && ptrD) {
if (res == MP_OKAY && ptrA && ptrB && ptrC && ptrD) {
uint16_t sizeA, sizeB, sizeC, sizeD;
ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
ltc_get_lsb_bin_from_mp_int(ptrC, c, &sizeC);
res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrC, c, &sizeC);
/* (A*B)mod C = ((A mod C) * (B mod C)) mod C */
if (LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrC, sizeC) >= 0) {
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrC, sizeC) >= 0) {
if (kStatus_Success !=
LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrC, sizeC, ptrA, &sizeA, kLTC_PKHA_IntegerArith))
{
res = FP_VAL;
res = MP_VAL;
}
}
if ((FP_OKAY == res) && (LTC_PKHA_CompareBigNum(ptrB, sizeB, ptrC, sizeC) >= 0))
if (res == MP_OKAY && (LTC_PKHA_CompareBigNum(ptrB, sizeB, ptrC, sizeC) >= 0))
{
if (kStatus_Success !=
LTC_PKHA_ModRed(LTC_BASE, ptrB, sizeB, ptrC, sizeC, ptrB, &sizeB, kLTC_PKHA_IntegerArith))
{
res = FP_VAL;
res = MP_VAL;
}
}
if (FP_OKAY == res) {
if (res == MP_OKAY) {
if (kStatus_Success != LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, sizeC, ptrD, &sizeD,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue,
kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized))
{
res = FP_VAL;
res = MP_VAL;
}
}
if (FP_OKAY == res) {
if (res == MP_OKAY) {
ltc_reverse_array(ptrD, sizeD);
mp_read_unsigned_bin(d, ptrD, sizeD);
res = mp_read_unsigned_bin(d, ptrD, sizeD);
}
}
else {
res = FP_MEM;
res = MP_MEM;
}
if (ptrA) {
@@ -345,41 +366,45 @@ int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
if (ptrD) {
XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT);
}
return res;
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
return wolfcrypt_fp_mulmod(a, b, c, d);
res = wolfcrypt_mp_mulmod(a, b, c, d);
}
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
/* Y = G^X mod P */
int _fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y)
int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
{
int res = MP_OKAY;
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
fp_int tmp;
int err;
mp_int tmp;
/* if G cannot fit into LTC_PKHA, reduce it */
szA = fp_unsigned_bin_size(G);
szA = mp_unsigned_bin_size(G);
if (szA > LTC_MAX_INT_BYTES) {
fp_init(&tmp);
if ((err = fp_mod(G, P, &tmp)) != FP_OKAY) {
return err;
res = mp_init(&tmp);
if (res != MP_OKAY)
return res;
if ((res = mp_mod(G, P, &tmp)) != MP_OKAY) {
return res;
}
G = &tmp;
szA = fp_unsigned_bin_size(G);
szA = mp_unsigned_bin_size(G);
}
szB = fp_unsigned_bin_size(X);
szC = fp_unsigned_bin_size(P);
szB = mp_unsigned_bin_size(X);
szC = mp_unsigned_bin_size(P);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
int res = FP_OKAY;
fp_int t;
mp_int t;
uint16_t sizeG, sizeX, sizeP;
uint8_t *ptrG = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
@@ -387,16 +412,20 @@ int _fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y)
uint8_t *ptrP = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
/* if G is negative, add modulus to convert to positive number for LTC */
fp_init(&t);
res = mp_init(&t);
if (G->sign) {
fp_add(G, P, &t);
fp_copy(&t, G);
if (res == MP_OKAY)
res = mp_add(G, P, &t);
if (res == MP_OKAY)
res = mp_copy(&t, G);
}
if (ptrG && ptrX && ptrP) {
ltc_get_lsb_bin_from_mp_int(ptrG, G, &sizeG);
ltc_get_lsb_bin_from_mp_int(ptrX, X, &sizeX);
ltc_get_lsb_bin_from_mp_int(ptrP, P, &sizeP);
if (res == MP_OKAY && ptrG && ptrX && ptrP) {
res = ltc_get_lsb_bin_from_mp_int(ptrG, G, &sizeG);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrX, X, &sizeX);
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrP, P, &sizeP);
/* if number if greater that modulo, we must first reduce due to LTC requirement on modular exponentiaton */
/* it needs number less than modulus. */
@@ -405,29 +434,29 @@ int _fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y)
and then the modular exponentiation.
*/
/* if G >= P then */
if (LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) {
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) {
res = (int)LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrG, &sizeG, kLTC_PKHA_IntegerArith);
if (res != kStatus_Success) {
res = FP_VAL;
res = MP_VAL;
}
}
if (FP_OKAY == res) {
if (res == MP_OKAY) {
res = (int)LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrX, sizeX, ptrP, &sizeP,
kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized);
if (res != kStatus_Success) {
res = FP_VAL;
res = MP_VAL;
}
else {
ltc_reverse_array(ptrP, sizeP);
mp_read_unsigned_bin(Y, ptrP, sizeP);
res = mp_read_unsigned_bin(Y, ptrP, sizeP);
}
}
}
else {
res = FP_MEM;
res = MP_MEM;
}
if (ptrG) {
@@ -439,16 +468,24 @@ int _fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y)
if (ptrP) {
XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT);
}
return res;
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
return _wolfcrypt_fp_exptmod(G, X, P, Y);
res = wolfcrypt_mp_exptmod(G, X, P, Y);
}
#ifndef USE_FAST_MATH
if (szA > LTC_MAX_INT_BYTES)
mp_clear(&tmp);
#endif
#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
#endif /* USE_FAST_MATH && FREESCALE_LTC_TFM */
#endif /* FREESCALE_LTC_TFM */
/* ECC */
@@ -457,11 +494,12 @@ int _fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y)
/* convert from mp_int to LTC integer, as array of bytes of size sz.
* if mp_int has less bytes than sz, add zero bytes at most significant byte positions.
* This is when for example modulus is 32 bytes (P-256 curve)
* and mp_int has only 31 bytes, we add leading zeroes
* and mp_int has only 31 bytes, we add leading zeros
* so that result array has 32 bytes, same as modulus (sz).
*/
static void ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz)
static int ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz)
{
int res;
int szbin;
int offset;
@@ -480,10 +518,14 @@ static void ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz)
XMEMSET(dst, 0, offset);
/* convert mp_int to array of bytes */
mp_to_unsigned_bin(a, dst + offset);
res = mp_to_unsigned_bin(a, dst + offset);
/* reverse array for LTC direct use */
ltc_reverse_array(dst, sz);
if (res == MP_OKAY) {
/* reverse array for LTC direct use */
ltc_reverse_array(dst, sz);
}
return res;
}
/* ECC specs in lsbyte at lowest address format for direct use by LTC PKHA driver functions */
@@ -636,8 +678,10 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
int szkbin;
bool point_of_infinity;
status_t status;
int res;
(void)a;
(void)heap;
uint8_t Gxbin[LTC_MAX_ECC_BITS / 8];
uint8_t Gybin[LTC_MAX_ECC_BITS / 8];
@@ -655,9 +699,14 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
szModulus = mp_unsigned_bin_size(modulus);
szkbin = mp_unsigned_bin_size(k);
ltc_get_from_mp_int(kbin, k, szkbin);
ltc_get_from_mp_int(Gxbin, G->x, szModulus);
ltc_get_from_mp_int(Gybin, G->y, szModulus);
res = ltc_get_from_mp_int(kbin, k, szkbin);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gxbin, G->x, szModulus);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gybin, G->y, szModulus);
if (res != MP_OKAY)
return res;
size = szModulus;
/* find LTC friendly parameters for the selected curve */
@@ -671,25 +720,28 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
status = LTC_PKHA_ECC_PointMul(LTC_BASE, &B, kbin, szkbin, modbin, r2modn, aCurveParam, bCurveParam, size,
kLTC_PKHA_TimingEqualized, kLTC_PKHA_IntegerArith, &B, &point_of_infinity);
if (status != kStatus_Success) {
return FP_VAL;
return MP_VAL;
}
ltc_reverse_array(Gxbin, size);
ltc_reverse_array(Gybin, size);
mp_read_unsigned_bin(R->x, Gxbin, size);
mp_read_unsigned_bin(R->y, Gybin, size);
/* if k is negative, we compute the multiplication with abs(-k)
* with result (x, y) and modify the result to (x, -y)
*/
R->y->sign = k->sign;
mp_set(R->z, 1);
res = mp_read_unsigned_bin(R->x, Gxbin, size);
if (res == MP_OKAY) {
res = mp_read_unsigned_bin(R->y, Gybin, size);
/* if k is negative, we compute the multiplication with abs(-k)
* with result (x, y) and modify the result to (x, -y)
*/
R->y->sign = k->sign;
}
if (res == MP_OKAY)
res = mp_set(R->z, 1);
return MP_OKAY;
return res;
}
int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
{
int err;
int res;
ltc_pkha_ecc_point_t A, B;
int size;
status_t status;
@@ -704,15 +756,22 @@ int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
const uint8_t *r2modn;
size = mp_unsigned_bin_size(m);
/* find LTC friendly parameters for the selected curve */
if (0 != ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size)) {
err = ECC_BAD_ARG_E;
if (ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size) != 0) {
res = ECC_BAD_ARG_E;
}
else {
ltc_get_from_mp_int(Gxbin, mG->x, size);
ltc_get_from_mp_int(Gybin, mG->y, size);
ltc_get_from_mp_int(Qxbin, mQ->x, size);
ltc_get_from_mp_int(Qybin, mQ->y, size);
res = ltc_get_from_mp_int(Gxbin, mG->x, size);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gybin, mG->y, size);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Qxbin, mQ->x, size);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Qybin, mQ->y, size);
if (res != MP_OKAY)
return res;
A.X = Gxbin;
A.Y = Gybin;
@@ -723,18 +782,19 @@ int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
status = LTC_PKHA_ECC_PointAdd(LTC_BASE, &A, &B, modbin, r2modn, aCurveParam, bCurveParam, size,
kLTC_PKHA_IntegerArith, &A);
if (status != kStatus_Success) {
err = FP_VAL;
res = MP_VAL;
}
else {
ltc_reverse_array(Gxbin, size);
ltc_reverse_array(Gybin, size);
mp_read_unsigned_bin(mR->x, Gxbin, size);
mp_read_unsigned_bin(mR->y, Gybin, size);
mp_set(mR->z, 1);
err = MP_OKAY;
res = mp_read_unsigned_bin(mR->x, Gxbin, size);
if (res == MP_OKAY)
res = mp_read_unsigned_bin(mR->y, Gybin, size);
if (res == MP_OKAY)
res = mp_set(mR->z, 1);
}
}
return err;
return res;
}
#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
@@ -852,7 +912,7 @@ status_t LTC_PKHA_Prime25519SquareRootMod(const uint8_t *A, size_t sizeA,
*
* X mod 2 get from LSB bit0
*/
if ((status == kStatus_Success) &&
if ((status == kStatus_Success) &&
((bool)sign != (bool)(res[0] & 0x01u)))
{
status = LTC_PKHA_ModSub1(LTC_BASE, modbin, sizeof(modbin), res,
@@ -1036,7 +1096,7 @@ int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_
ltcPoint.X = &pIn.point[0];
ltcPoint.Y = &pIn.pointY[0];
/* if input point P is on Curve25519 Montgomery curve, transform
/* if input point P is on Curve25519 Montgomery curve, transform
it to Weierstrass equivalent */
if (type == kLTC_Curve25519) {
LTC_PKHA_Curve25519ToWeierstrass(&ltcPoint, &ltcPoint);
@@ -1197,7 +1257,7 @@ status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn,
Mx = (1 + Ey) * ModularArithmetic.invert(1 - Ey, prime) % prime
My = (1 + Ey) * ModularArithmetic.invert((1 - Ey)*Ex, prime) % prime */
/* Gx = ((Mx * ModularArithmetic.invert(B, prime)) +
/* Gx = ((Mx * ModularArithmetic.invert(B, prime)) +
(A * ModularArithmetic.invert(3*B, prime))) % prime
Gy = (My * ModularArithmetic.invert(B, prime)) % prime */
@@ -1497,7 +1557,7 @@ status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a,
uint8_t tempB[32] = {0};
status_t status;
/* Assume only b can be larger than modulus. It is called durind
/* Assume only b can be larger than modulus. It is called durind
* wc_ed25519_sign_msg() where hram (=a) and nonce(=c)
* have been reduced by LTC_PKHA_sc_reduce()
* Thus reducing b only.
@@ -1622,4 +1682,4 @@ status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn,
#undef ERROR_OUT
#endif /* (USE_FAST_MATH && FREESCALE_LTC_TFM) || FREESCALE_LTC_ECC */
#endif /* FREESCALE_LTC_TFM || FREESCALE_LTC_ECC */

3
wolfcrypt/src/port/ti/ti-aes.c
View File

@@ -490,6 +490,9 @@ WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
return BAD_FUNC_ARG;
}
return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
}

55
wolfcrypt/src/port/ti/ti-ccm.c
View File

@@ -32,52 +32,63 @@
#include <stdbool.h>
#include <stdint.h>
#ifndef TI_DUMMY_BUILD
#include "driverlib/sysctl.h"
#include "driverlib/rom_map.h"
#include "driverlib/rom.h"
#ifndef SINGLE_THREADED
#include <wolfssl/wolfcrypt/wc_port.h>
static wolfSSL_Mutex TI_CCM_Mutex ;
static wolfSSL_Mutex TI_CCM_Mutex;
#endif
#endif /* TI_DUMMY_BUILD */
#define TIMEOUT 500000
#define WAIT(stat) { volatile int i ; for(i=0; i<TIMEOUT; i++)if(stat)break ; if(i==TIMEOUT)return(false) ; }
#define WAIT(stat) { volatile int i; for(i=0; i<TIMEOUT; i++)if(stat)break; if(i==TIMEOUT)return(false); }
static bool ccm_init = false ;
static bool ccm_init = false;
int wolfSSL_TI_CCMInit(void)
{
if(ccm_init)return true ;
ccm_init = true ;
if (ccm_init)
return true;
ccm_init = true;
#ifndef TI_DUMMY_BUILD
SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
SYSCTL_OSC_MAIN |
SYSCTL_USE_PLL |
SYSCTL_CFG_VCO_480), 120000000);
if(!ROM_SysCtlPeripheralPresent(SYSCTL_PERIPH_CCM0))
return false ;
if (!ROM_SysCtlPeripheralPresent(SYSCTL_PERIPH_CCM0))
return false;
ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_CCM0);
WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0)) ;
WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0));
ROM_SysCtlPeripheralReset(SYSCTL_PERIPH_CCM0);
WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0)) ;
#ifndef SINGLE_THREADED
if(wc_InitMutex(&TI_CCM_Mutex))return false ;
#endif
WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0));
return true ;
#ifndef SINGLE_THREADED
if (wc_InitMutex(&TI_CCM_Mutex))
return false;
#endif
#endif /* !TI_DUMMY_BUILD */
return true;
}
#ifndef SINGLE_THREADED
void wolfSSL_TI_lockCCM(void) {
wc_LockMutex(&TI_CCM_Mutex) ;
void wolfSSL_TI_lockCCM(void)
{
#ifndef TI_DUMMY_BUILD
wc_LockMutex(&TI_CCM_Mutex);
#endif
}
void wolfSSL_TI_unlockCCM(void) {
wc_UnLockMutex(&TI_CCM_Mutex) ;
void wolfSSL_TI_unlockCCM(void){
#ifndef TI_DUMMY_BUILD
wc_UnLockMutex(&TI_CCM_Mutex);
#endif
}
#endif
#endif /* !SINGLE_THREADED */
#endif
#endif /* WOLFSSL_TI_CRYPT || WOLFSSL_TI_HASH */

206
wolfcrypt/src/port/ti/ti-hash.c
View File

@@ -39,9 +39,9 @@
#include <stdint.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/md5.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/md5.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/port/ti/ti-hash.h>
#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
#include <wolfssl/wolfcrypt/logging.h>
@@ -59,67 +59,68 @@
#define SHAMD5_ALGO_MD5 1
#define SHAMD5_ALGO_SHA1 2
#define SHAMD5_ALGO_SHA256 3
bool wolfSSL_TI_CCMInit(void) { return true ; }
#define SHAMD5_ALGO_SHA224 4
#endif
static int hashInit(wolfssl_TI_Hash *hash) {
if(!wolfSSL_TI_CCMInit())return 1 ;
hash->used = 0 ;
hash->msg = 0 ;
hash->len = 0 ;
return 0 ;
if (!wolfSSL_TI_CCMInit())return 1;
hash->used = 0;
hash->msg = 0;
hash->len = 0;
return 0;
}
static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
{
void *p ;
void *p;
if((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
if ((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
if(hash->len < hash->used+len) {
if(hash->msg == NULL) {
if (hash->len < hash->used+len) {
if (hash->msg == NULL) {
p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
} else {
p = XREALLOC(hash->msg, hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if(p == 0)return 1 ;
hash->msg = p ;
hash->len = hash->used+len ;
}
XMEMCPY(hash->msg+hash->used, data, len) ;
hash->used += len ;
return 0 ;
if (p == 0)return 1;
hash->msg = p;
hash->len = hash->used+len;
}
XMEMCPY(hash->msg+hash->used, data, len);
hash->used += len;
return 0;
}
static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
{
uint32_t h[16] ;
{
uint32_t h[16];
#ifndef TI_DUMMY_BUILD
wolfSSL_TI_lockCCM() ;
wolfSSL_TI_lockCCM();
ROM_SHAMD5Reset(SHAMD5_BASE);
ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
ROM_SHAMD5DataProcess(SHAMD5_BASE,
ROM_SHAMD5DataProcess(SHAMD5_BASE,
(uint32_t *)hash->msg, hash->used, h);
wolfSSL_TI_unlockCCM() ;
wolfSSL_TI_unlockCCM();
#else
(void) hash ;
(void) algo ;
(void) hash;
(void) algo;
#endif
XMEMCPY(result, h, hsize) ;
XMEMCPY(result, h, hsize);
return 0 ;
return 0;
}
static void hashRestorePos(wolfssl_TI_Hash *h1, wolfssl_TI_Hash *h2) {
h1->used = h2->used ;
static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst) {
XMEMCPY(dst, src, sizeof(wolfssl_TI_Hash));
return 0;
}
static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
{
hashGetHash(hash, result, algo, hsize) ;
{
hashGetHash(hash, result, algo, hsize);
XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
hashInit(hash) ;
return 0 ;
hashInit(hash);
return 0;
}
static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize)
@@ -153,166 +154,183 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
}
static int hashFree(wolfssl_TI_Hash *hash)
{
{
XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
hashInit(hash) ;
return 0 ;
hashInit(hash);
return 0;
}
#if !defined(NO_MD5)
WOLFSSL_API void wc_InitMd5(Md5* md5)
WOLFSSL_API int wc_InitMd5_ex(Md5* md5, void* heap, int devId)
{
if (md5 == NULL)
return ;
hashInit((wolfssl_TI_Hash *)md5) ;
return 1;
(void)heap;
(void)devId;
return hashInit((wolfssl_TI_Hash *)md5);
}
WOLFSSL_API void wc_Md5Update(Md5* md5, const byte* data, word32 len)
WOLFSSL_API int wc_InitMd5(Md5* md5)
{
hashUpdate((wolfssl_TI_Hash *)md5, data, len) ;
return wc_InitMd5_ex(md5, NULL, INVALID_DEVID);
}
WOLFSSL_API void wc_Md5Final(Md5* md5, byte* hash)
WOLFSSL_API int wc_Md5Update(Md5* md5, const byte* data, word32 len)
{
hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
return hashUpdate((wolfssl_TI_Hash *)md5, data, len);
}
WOLFSSL_API void wc_Md5GetHash(Md5* md5, byte* hash)
WOLFSSL_API int wc_Md5Final(Md5* md5, byte* hash)
{
hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
return hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE);
}
WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
hashRestorePos((wolfssl_TI_Hash *)m1, (wolfssl_TI_Hash *)m2) ;
WOLFSSL_API int wc_Md5GetHash(Md5* md5, byte* hash)
{
return hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE);
}
WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst) {
return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
}
WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
{
return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
{
return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE);
}
WOLFSSL_API void wc_Md5Free(Md5* md5)
{
hashFree((wolfssl_TI_Hash *)md5) ;
hashFree((wolfssl_TI_Hash *)md5);
}
#endif /* NO_MD5 */
#endif /* !NO_MD5 */
#if !defined(NO_SHA)
WOLFSSL_API int wc_InitSha(Sha* sha)
WOLFSSL_API int wc_InitSha_ex(Md5* sha, void* heap, int devId)
{
if (sha == NULL)
return 1 ;
return hashInit((wolfssl_TI_Hash *)sha) ;
return 1;
(void)heap;
(void)devId;
return hashInit((wolfssl_TI_Hash *)sha);
}
WOLFSSL_API int wc_InitSha(Sha* sha)
{
return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
}
WOLFSSL_API int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
{
return hashUpdate((wolfssl_TI_Hash *)sha, data, len) ;
return hashUpdate((wolfssl_TI_Hash *)sha, data, len);
}
WOLFSSL_API int wc_ShaFinal(Sha* sha, byte* hash)
{
return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE);
}
WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
{
return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE);
}
WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst) {
return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
}
WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
{
return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
{
return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE);
}
WOLFSSL_API void wc_ShaFree(Sha* sha)
{
hashFree((wolfssl_TI_Hash *)sha) ;
hashFree((wolfssl_TI_Hash *)sha);
}
#endif /* NO_SHA */
#endif /* !NO_SHA */
#if defined(HAVE_SHA224)
WOLFSSL_API int wc_InitSha224(Sha224* sha224)
#if defined(WOLFSSL_SHA224)
WOLFSSL_API int wc_InitSha224_ex(Sha224* sha224, void* heap, int devId)
{
if (sha224 == NULL)
return 1 ;
return hashInit((wolfssl_TI_Hash *)sha224) ;
return 1;
(void)heap;
(void)devId;
return hashInit((wolfssl_TI_Hash *)sha224);
}
WOLFSSL_API int wc_InitSha224(Sha224* sha224)
{
return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
}
WOLFSSL_API int wc_Sha224Update(Sha224* sha224, const byte* data, word32 len)
{
return hashUpdate((wolfssl_TI_Hash *)sha224, data, len) ;
return hashUpdate((wolfssl_TI_Hash *)sha224, data, len);
}
WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash)
{
return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE);
}
WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
{
return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
}
WOLFSSL_API void wc_Sha224RestorePos(Sha224* s1, Sha224* s2) {
hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE);
}
WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
{
return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
{
return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE);
}
WOLFSSL_API void wc_Sha224Free(Sha224* sha224)
{
hashFree((wolfssl_TI_Hash *)sha224) ;
hashFree((wolfssl_TI_Hash *)sha224);
}
#endif /* HAVE_SHA224 */
#endif /* WOLFSSL_SHA224 */
#if !defined(NO_SHA256)
WOLFSSL_API int wc_InitSha256(Sha256* sha256)
WOLFSSL_API int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
{
if (sha256 == NULL)
return 1 ;
return hashInit((wolfssl_TI_Hash *)sha256) ;
return 1;
(void)heap;
(void)devId;
return hashInit((wolfssl_TI_Hash *)sha256);
}
WOLFSSL_API int wc_InitSha256(Sha256* sha256)
{
return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
}
WOLFSSL_API int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
{
return hashUpdate((wolfssl_TI_Hash *)sha256, data, len) ;
return hashUpdate((wolfssl_TI_Hash *)sha256, data, len);
}
WOLFSSL_API int wc_Sha256Final(Sha256* sha256, byte* hash)
{
return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE);
}
WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
{
return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
}
WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE);
}
WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
{
return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE);
}
WOLFSSL_API void wc_Sha256Free(Sha256* sha256)
{
hashFree((wolfssl_TI_Hash *)sha256) ;
hashFree((wolfssl_TI_Hash *)sha256);
}
#endif
#endif /* !NO_SHA256 */
#endif

101
wolfcrypt/src/pwdbased.c
View File

@@ -59,16 +59,6 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
#ifndef NO_SHA
/* PBKDF1 needs at least SHA available */
@@ -100,10 +90,22 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
switch (hashType) {
#ifndef NO_MD5
case MD5:
wc_InitMd5(&md5);
wc_Md5Update(&md5, passwd, pLen);
wc_Md5Update(&md5, salt, sLen);
wc_Md5Final(&md5, buffer);
ret = wc_InitMd5(&md5);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, passwd, pLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, salt, sLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
break;
#endif /* NO_MD5 */
case SHA:
@@ -124,8 +126,14 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
}
#ifndef NO_MD5
else {
wc_Md5Update(&md5, buffer, hLen);
wc_Md5Final(&md5, buffer);
ret = wc_Md5Update(&md5, buffer, hLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
}
#endif
}
@@ -192,10 +200,11 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
return MEMORY_E;
#endif
ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen);
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret == 0) {
while (kLen) {
ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen);
while (ret == 0 && kLen) {
int currentLen;
ret = wc_HmacUpdate(&hmac, salt, sLen);
@@ -240,6 +249,7 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
kLen -= currentLen;
i++;
}
wc_HmacFree(&hmac);
}
#ifdef WOLFSSL_SMALL_STACK
@@ -310,13 +320,28 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
case MD5:
{
Md5 md5;
wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen);
wc_Md5Final(&md5, Ai);
ret = wc_InitMd5(&md5);
if (ret != 0) {
break;
}
ret = wc_Md5Update(&md5, buffer, totalLen);
if (ret != 0) {
break;
}
ret = wc_Md5Final(&md5, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai);
ret = wc_Md5Update(&md5, Ai, u);
if (ret != 0) {
break;
}
ret = wc_Md5Final(&md5, Ai);
if (ret != 0) {
break;
}
}
}
break;
@@ -328,12 +353,24 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
ret = wc_InitSha(&sha);
if (ret != 0)
break;
wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai);
ret = wc_ShaUpdate(&sha, buffer, totalLen);
if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai);
ret = wc_ShaUpdate(&sha, Ai, u);
if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
}
}
break;
@@ -619,7 +656,7 @@ static void scryptSalsa(word32* out, word32* in)
out[i] = in[i] + x[i];
#else
for (i = 0; i < 16; i++)
out[i] = ByteReverseWord32(in[i] + x[i]);
out[i] = ByteReverseWord32(ByteReverseWord32(in[i]) + x[i]);
#endif
}
@@ -769,15 +806,15 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
bSz = 128 * blockSize;
blocksSz = bSz * parallel;
blocks = XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (blocks == NULL)
goto end;
/* Temporary for scryptROMix. */
v = XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (v == NULL)
goto end;
/* Temporary for scryptBlockMix. */
y = XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (y == NULL)
goto end;

1157
wolfcrypt/src/random.c Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

40
wolfcrypt/src/ripemd.c
View File

@@ -37,19 +37,14 @@
#include <wolfcrypt/src/misc.c>
#endif
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
int wc_InitRipeMd(RipeMd* ripemd)
{
if (ripemd == NULL) {
return BAD_FUNC_ARG;
}
#endif /* WOLFSSL_HAVE_MIN */
void wc_InitRipeMd(RipeMd* ripemd)
{
ripemd->digest[0] = 0x67452301L;
ripemd->digest[1] = 0xEFCDAB89L;
ripemd->digest[2] = 0x98BADCFEL;
@@ -59,6 +54,8 @@ void wc_InitRipeMd(RipeMd* ripemd)
ripemd->buffLen = 0;
ripemd->loLen = 0;
ripemd->hiLen = 0;
return 0;
}
@@ -282,10 +279,16 @@ static INLINE void AddLength(RipeMd* ripemd, word32 len)
}
void wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
{
/* do block size increments */
byte* local = (byte*)ripemd->buffer;
byte* local;
if (ripemd == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
local = (byte*)ripemd->buffer;
while (len) {
word32 add = min(len, RIPEMD_BLOCK_SIZE - ripemd->buffLen);
@@ -305,12 +308,19 @@ void wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
ripemd->buffLen = 0;
}
}
return 0;
}
void wc_RipeMdFinal(RipeMd* ripemd, byte* hash)
int wc_RipeMdFinal(RipeMd* ripemd, byte* hash)
{
byte* local = (byte*)ripemd->buffer;
byte* local;
if (ripemd == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
local = (byte*)ripemd->buffer;
AddLength(ripemd, ripemd->buffLen); /* before adding pads */
@@ -349,7 +359,7 @@ void wc_RipeMdFinal(RipeMd* ripemd, byte* hash)
#endif
XMEMCPY(hash, ripemd->digest, RIPEMD_DIGEST_SIZE);
wc_InitRipeMd(ripemd); /* reset state */
return wc_InitRipeMd(ripemd); /* reset state */
}

675
wolfcrypt/src/rsa.c Normal file → Executable file
View File

@@ -148,11 +148,6 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
#define ERROR_OUT(x) { ret = (x); goto done;}
#ifdef WOLFSSL_ASYNC_CRYPT
static int InitAsyncRsaKey(RsaKey* key);
static int FreeAsyncRsaKey(RsaKey* key);
#endif /* WOLFSSL_ASYNC_CRYPT */
enum {
RSA_STATE_NONE = 0,
@@ -167,18 +162,18 @@ enum {
static void wc_RsaCleanup(RsaKey* key)
{
if (key && key->tmp) {
if (key && key->data) {
/* make sure any allocated memory is free'd */
if (key->tmpIsAlloc) {
if (key->dataIsAlloc) {
if (key->type == RSA_PRIVATE_DECRYPT ||
key->type == RSA_PRIVATE_ENCRYPT) {
ForceZero(key->tmp, key->tmpLen);
ForceZero(key->data, key->dataLen);
}
XFREE(key->tmp, key->heap, DYNAMIC_TYPE_RSA);
key->tmpIsAlloc = 0;
XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
key->dataIsAlloc = 0;
}
key->tmp = NULL;
key->tmpLen = 0;
key->data = NULL;
key->dataLen = 0;
}
}
@@ -190,46 +185,41 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
return BAD_FUNC_ARG;
}
(void)devId;
key->type = RSA_TYPE_UNKNOWN;
key->state = RSA_STATE_NONE;
key->heap = heap;
key->tmp = NULL;
key->tmpLen = 0;
key->tmpIsAlloc = 0;
key->data = NULL;
key->dataLen = 0;
key->dataIsAlloc = 0;
#ifdef WC_RSA_BLINDING
key->rng = NULL;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
#ifdef WOLFSSL_CERT_GEN
XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx));
#endif
#ifdef WC_ASYNC_ENABLE_RSA
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
devId);
if (ret == 0) {
ret = InitAsyncRsaKey(key);
}
}
else
#endif
{
/* For normal math defer the memory allocations */
#ifndef USE_FAST_MATH
key->n.dp = key->e.dp = 0; /* public alloc parts */
key->d.dp = key->p.dp = 0; /* private alloc parts */
key->q.dp = key->dP.dp = 0;
key->u.dp = key->dQ.dp = 0;
#else
mp_init(&key->n);
mp_init(&key->e);
mp_init(&key->d);
mp_init(&key->p);
mp_init(&key->q);
mp_init(&key->dP);
mp_init(&key->dQ);
mp_init(&key->u);
#endif /* USE_FAST_MATH */
key->heap, devId);
if (ret != 0)
return ret;
#endif /* WC_ASYNC_ENABLE_RSA */
#else
(void)devId;
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
if (ret != MP_OKAY)
return ret;
ret = mp_init_multi(&key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u);
if (ret != MP_OKAY) {
mp_clear(&key->n);
mp_clear(&key->e);
return ret;
}
return ret;
@@ -250,31 +240,35 @@ int wc_FreeRsaKey(RsaKey* key)
wc_RsaCleanup(key);
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
ret = FreeAsyncRsaKey(key);
wolfAsync_DevCtxFree(&key->asyncDev);
}
else
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA)
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA);
#endif
{
if (key->type == RSA_PRIVATE) {
mp_forcezero(&key->u);
mp_forcezero(&key->dQ);
mp_forcezero(&key->dP);
mp_forcezero(&key->q);
mp_forcezero(&key->p);
mp_forcezero(&key->d);
}
mp_clear(&key->e);
mp_clear(&key->n);
if (key->type == RSA_PRIVATE) {
mp_forcezero(&key->u);
mp_forcezero(&key->dQ);
mp_forcezero(&key->dP);
mp_forcezero(&key->q);
mp_forcezero(&key->p);
mp_forcezero(&key->d);
}
/* private part */
mp_clear(&key->u);
mp_clear(&key->dQ);
mp_clear(&key->dP);
mp_clear(&key->q);
mp_clear(&key->p);
mp_clear(&key->d);
/* public part */
mp_clear(&key->e);
mp_clear(&key->n);
return ret;
}
#ifndef WC_NO_RSA_OAEP
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
/* Uses MGF1 standard as a mask generation function
hType: hash type used
seed: seed to use for generating mask
@@ -585,6 +579,50 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
#endif /* !WC_NO_RSA_OAEP */
#ifdef WC_RSA_PSS
static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, WC_RNG* rng, enum wc_HashType hType, int mgf,
void* heap)
{
int ret;
int hLen, i;
byte* s;
byte* m;
byte* h;
byte salt[WC_MAX_DIGEST_SIZE];
hLen = wc_HashGetDigestSize(hType);
if (hLen < 0)
return hLen;
s = m = pkcsBlock;
XMEMSET(m, 0, 8);
m += 8;
XMEMCPY(m, input, inputLen);
m += inputLen;
if ((ret = wc_RNG_GenerateBlock(rng, salt, hLen)) != 0)
return ret;
XMEMCPY(m, salt, hLen);
m += hLen;
h = pkcsBlock + pkcsBlockLen - 1 - hLen;
if ((ret = wc_Hash(hType, s, (word32)(m - s), h, hLen)) != 0)
return ret;
pkcsBlock[pkcsBlockLen - 1] = 0xbc;
ret = RsaMGF(mgf, h, hLen, pkcsBlock, pkcsBlockLen - hLen - 1, heap);
if (ret != 0)
return ret;
pkcsBlock[0] &= 0x7f;
m = pkcsBlock + pkcsBlockLen - 1 - hLen - hLen - 1;
*(m++) ^= 0x01;
for (i = 0; i < hLen; i++)
m[i] ^= salt[i];
return 0;
}
#endif
static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
@@ -646,18 +684,27 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
switch (padType)
{
case WC_RSA_PKCSV15_PAD:
//WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
padValue, rng);
padValue, rng);
break;
#ifndef WC_NO_RSA_OAEP
case WC_RSA_OAEP_PAD:
//WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
ret = RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen,
padValue, rng, hType, mgf, optLabel, labelLen, heap);
padValue, rng, hType, mgf, optLabel, labelLen, heap);
break;
#endif
#ifdef WC_RSA_PSS
case WC_RSA_PSS_PAD:
WOLFSSL_MSG("wolfSSL Using RSA PSS padding");
ret = RsaPad_PSS(input, inputLen, pkcsBlock, pkcsBlockLen,
rng, hType, mgf, heap);
break;
#endif
default:
WOLFSSL_MSG("Unknown RSA Pad Type");
ret = RSA_PAD_E;
@@ -707,7 +754,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* find seedMask value */
if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -761,6 +808,53 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
#endif /* WC_NO_RSA_OAEP */
#ifdef WC_RSA_PSS
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, enum wc_HashType hType, int mgf,
void* heap)
{
int ret;
byte* tmp;
int hLen, i;
hLen = wc_HashGetDigestSize(hType);
if (hLen < 0)
return hLen;
if (pkcsBlock[pkcsBlockLen - 1] != 0xbc)
return BAD_PADDING_E;
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen,
tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
tmp[0] &= 0x7f;
for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) {
if (tmp[i] != pkcsBlock[i]) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_PADDING_E;
}
}
if (tmp[i] != (pkcsBlock[i] ^ 0x01)) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_PADDING_E;
}
for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++)
pkcsBlock[i] ^= tmp[i];
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
*output = pkcsBlock + i;
return hLen;
}
#endif
/* UnPad plaintext, set start to *output, return length of plaintext,
* < 0 on error */
@@ -792,7 +886,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
}
if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
WOLFSSL_MSG("RsaUnPad error, bad formatting");
return RSA_PAD_E;
}
@@ -801,7 +895,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
invalid = (outputLen > maxOutputLen) || invalid;
if (invalid) {
WOLFSSL_MSG("RsaUnPad error, bad formatting");
WOLFSSL_MSG("RsaUnPad error, invalid formatting");
return RSA_PAD_E;
}
@@ -816,21 +910,28 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
{
int ret;
switch (padType)
{
switch (padType) {
case WC_RSA_PKCSV15_PAD:
WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 un-padding");*/
ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue);
break;
#ifndef WC_NO_RSA_OAEP
case WC_RSA_OAEP_PAD:
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
WOLFSSL_MSG("wolfSSL Using RSA OAEP un-padding");
ret = RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out,
hType, mgf, optLabel, labelLen, heap);
break;
#endif
#ifdef WC_RSA_PSS
case WC_RSA_PSS_PAD:
WOLFSSL_MSG("wolfSSL Using RSA PSS un-padding");
ret = RsaUnPad_PSS((byte*)pkcsBlock, pkcsBlockLen, out, hType, mgf,
heap);
break;
#endif
default:
WOLFSSL_MSG("Unknown RSA UnPad Type");
ret = RSA_PAD_E;
@@ -846,72 +947,6 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
return ret;
}
#ifdef WC_RSA_BLINDING
/* helper for either lib */
static int get_digit_count(mp_int* a)
{
if (a == NULL)
return 0;
return a->used;
}
static int get_rand_digit(WC_RNG* rng, mp_digit* d)
{
return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
}
static int mp_rand(mp_int* a, int digits, WC_RNG* rng)
{
int ret;
mp_digit d;
if (rng == NULL)
return MISSING_RNG_E;
if (a == NULL)
return BAD_FUNC_ARG;
mp_zero(a);
if (digits <= 0) {
return MP_OKAY;
}
/* first place a random non-zero digit */
do {
ret = get_rand_digit(rng, &d);
if (ret != 0) {
return ret;
}
} while (d == 0);
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
return ret;
}
while (--digits > 0) {
if ((ret = mp_lshd(a, 1)) != MP_OKAY) {
return ret;
}
if ((ret = get_rand_digit(rng, &d)) != 0) {
return ret;
}
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
return ret;
}
}
return ret;
}
#endif /* WC_RSA_BLINGING */
static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
@@ -947,7 +982,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
/* blind */
ret = mp_rand(&rnd, get_digit_count(&key->n), rng);
if (ret != MP_OKAY)
ERROR_OUT(ret);
goto done;
/* rndi = 1/rnd mod n */
if (mp_invmod(&rnd, &key->n, &rndi) != MP_OKAY)
@@ -973,7 +1008,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
*/
#define RET_ERR(ret, r, e) \
((ret) | (COND_N((ret) == 0, COND_N((r) != MP_OKAY, (e)))))
{ /* tmpa/b scope */
mp_int tmpa, tmpb;
int r;
@@ -1063,20 +1098,19 @@ done:
mp_clear(&rnd);
}
#endif
if (ret == MP_EXPTMOD_E) {
WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
}
return ret;
}
#ifdef WOLFSSL_ASYNC_CRYPT
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA)
static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = 0;
(void)rng;
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_RSA_FUNC;
testDev->rsaFunc.in = in;
@@ -1094,11 +1128,22 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef HAVE_CAVIUM
ret = NitroxRsaExptMod(in, inLen, key->d.dpraw, key->d.used,
key->n.dpraw, key->n.used, out, outLen, key);
ret = NitroxRsaExptMod(in, inLen,
key->d.raw.buf, key->d.raw.len,
key->n.raw.buf, key->n.raw.len,
out, outLen, key);
#elif defined(HAVE_INTEL_QA)
/* TODO: Add support for Intel Quick Assist */
ret = -1;
#ifdef RSA_LOW_MEM
ret = IntelQaRsaPrivate(&key->asyncDev, in, inLen,
&key->d.raw, &key->n.raw,
out, outLen);
#else
ret = IntelQaRsaCrtPrivate(&key->asyncDev, in, inLen,
&key->p.raw, &key->q.raw,
&key->dP.raw, &key->dQ.raw,
&key->u.raw,
out, outLen);
#endif
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
#endif
@@ -1107,11 +1152,14 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef HAVE_CAVIUM
ret = NitroxRsaExptMod(in, inLen, key->e.dpraw, key->e.used,
key->n.dpraw, key->n.used, out, outLen, key);
ret = NitroxRsaExptMod(in, inLen,
key->e.raw.buf, key->e.raw.len,
key->n.raw.buf, key->n.raw.len,
out, outLen, key);
#elif defined(HAVE_INTEL_QA)
/* TODO: Add support for Intel Quick Assist */
ret = -1;
ret = IntelQaRsaPublic(&key->asyncDev, in, inLen,
&key->e.raw, &key->n.raw,
out, outLen);
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
#endif
@@ -1123,7 +1171,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
@@ -1135,8 +1183,9 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
key->n.raw.len > 0) {
ret = wc_RsaFunctionAsync(in, inLen, out, outLen, type, key, rng);
}
else
@@ -1145,10 +1194,17 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
}
if (ret == MP_EXPTMOD_E) {
/* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */
WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
/* handle error */
if (ret < 0 && ret != WC_PENDING_E) {
if (ret == MP_EXPTMOD_E) {
/* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */
WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
}
key->state = RSA_STATE_NONE;
wc_RsaCleanup(key);
}
return ret;
}
@@ -1164,7 +1220,8 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD or
WC_RSA_PSS_PAD
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
mgf : type of mask generation function to use
label : optional label
@@ -1175,10 +1232,10 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
enum wc_HashType hash, int mgf,
byte* label, word32 labelSz, WC_RNG* rng)
{
int ret = BAD_FUNC_ARG, sz;
int ret, sz;
if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
return ret;
return BAD_FUNC_ARG;
}
sz = wc_RsaEncryptSize(key);
@@ -1197,46 +1254,58 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
switch (key->state) {
case RSA_STATE_NONE:
case RSA_STATE_ENCRYPT_PAD:
key->state = RSA_STATE_ENCRYPT_PAD;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && key->n.raw.buf) {
/* Async operations that include padding */
if (rsa_type == RSA_PUBLIC_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_ENCRYPT_RES;
key->tmpLen = key->n.used;
key->dataLen = key->n.raw.len;
return NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
}
else if (rsa_type == RSA_PRIVATE_ENCRYPT && pad_value == RSA_BLOCK_TYPE_1) {
else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
key->state = RSA_STATE_ENCRYPT_RES;
key->tmpLen = key->n.used;
key->dataLen = key->n.raw.len;
return NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
}
}
#endif
ret = wc_RsaPad_ex(in, inLen, out, sz, pad_value, rng, pad_type, hash,
mgf, label, labelSz, key->heap);
if (ret < 0) {
break;
}
key->state = RSA_STATE_ENCRYPT_EXPTMOD;
ret = wc_RsaPad_ex(in, inLen, out, sz, pad_value, rng,
pad_type, hash, mgf, label, labelSz, key->heap);
if (ret < 0) {
break;
}
/* fall through */
case RSA_STATE_ENCRYPT_EXPTMOD:
key->state = RSA_STATE_ENCRYPT_RES;
FALL_THROUGH;
key->tmpLen = outLen;
ret = wc_RsaFunction(out, sz, out, &key->tmpLen, rsa_type, key, rng);
case RSA_STATE_ENCRYPT_EXPTMOD:
key->dataLen = outLen;
ret = wc_RsaFunction(out, sz, out, &key->dataLen, rsa_type, key, rng);
if (ret >= 0 || ret == WC_PENDING_E) {
key->state = RSA_STATE_ENCRYPT_RES;
}
if (ret < 0) {
break;
}
/* fall through */
FALL_THROUGH;
case RSA_STATE_ENCRYPT_RES:
key->state = RSA_STATE_NONE;
ret = key->tmpLen;
ret = key->dataLen;
break;
default:
ret = BAD_STATE_E;
break;
}
/* if async pending then return and skip done cleanup below */
@@ -1245,6 +1314,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
}
key->state = RSA_STATE_NONE;
wc_RsaCleanup(key);
return ret;
}
@@ -1259,7 +1329,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD
WC_RSA_PSS_PAD
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
mgf : type of mask generation function to use
label : optional label
@@ -1270,68 +1341,75 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
enum wc_HashType hash, int mgf,
byte* label, word32 labelSz, WC_RNG* rng)
{
int ret = BAD_FUNC_ARG;
int ret = RSA_WRONG_TYPE_E;
if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
return ret;
return BAD_FUNC_ARG;
}
switch (key->state) {
case RSA_STATE_NONE:
case RSA_STATE_DECRYPT_EXPTMOD:
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
key->state = RSA_STATE_DECRYPT_EXPTMOD;
key->dataLen = inLen;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
/* Async operations that include padding */
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
key->tmpLen = 0;
if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
if (rsa_type == RSA_PRIVATE_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_DECRYPT_RES;
key->tmp = NULL;
ret = NitroxRsaPrivateDecrypt(in, inLen, out, outLen, key);
if (ret > 0) {
if (outPtr)
*outPtr = in;
}
return ret;
key->data = NULL;
if (outPtr)
*outPtr = in;
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen, key);
}
else if (rsa_type == RSA_PUBLIC_DECRYPT && pad_value == RSA_BLOCK_TYPE_1) {
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
key->state = RSA_STATE_DECRYPT_RES;
key->tmp = NULL;
return NitroxRsaSSL_Verify(in, inLen, out, outLen, key);
key->data = NULL;
return NitroxRsaSSL_Verify(in, inLen, out, &key->dataLen, key);
}
}
#endif
key->state = RSA_STATE_DECRYPT_UNPAD;
/* verify the tmp ptr is NULL, otherwise indicates bad state */
if (key->tmp != NULL) {
ERROR_OUT(BAD_STATE_E);
if (key->data != NULL) {
ret = BAD_STATE_E;
break;
}
/* if not doing this inline then allocate a buffer for it */
key->tmpLen = inLen;
if (outPtr == NULL) {
key->tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
key->tmpIsAlloc = 1;
if (key->tmp == NULL) {
ERROR_OUT(MEMORY_E);
key->data = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
key->dataIsAlloc = 1;
if (key->data == NULL) {
ret = MEMORY_E;
break;
}
XMEMCPY(key->tmp, in, inLen);
XMEMCPY(key->data, in, inLen);
}
else {
key->tmp = out;
key->data = out;
}
ret = wc_RsaFunction(key->data, inLen, key->data, &key->dataLen, rsa_type,
key, rng);
if (ret >= 0 || ret == WC_PENDING_E) {
key->state = RSA_STATE_DECRYPT_UNPAD;
}
ret = wc_RsaFunction(key->tmp, inLen, key->tmp, &key->tmpLen,
rsa_type, key, rng);
if (ret < 0) {
break;
}
/* fall through */
FALL_THROUGH;
case RSA_STATE_DECRYPT_UNPAD:
{
byte* pad = NULL;
key->state = RSA_STATE_DECRYPT_RES;
ret = wc_RsaUnPad_ex(key->tmp, key->tmpLen, &pad, pad_value, pad_type,
hash, mgf, label, labelSz, key->heap);
ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type,
hash, mgf, label, labelSz, key->heap);
if (ret > 0 && ret <= (int)outLen && pad != NULL) {
/* only copy output if not inline */
if (outPtr == NULL) {
@@ -1347,18 +1425,29 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
if (ret < 0) {
break;
}
/* fall through */
key->state = RSA_STATE_DECRYPT_RES;
FALL_THROUGH;
}
case RSA_STATE_DECRYPT_RES:
key->state = RSA_STATE_NONE;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
ret = key->tmpLen;
/* return event ret */
ret = key->asyncDev.event.ret;
if (ret == 0) {
/* convert result */
byte* dataLen = (byte*)&key->dataLen;
ret = (dataLen[0] << 8) | (dataLen[1]);
}
}
#endif
break;
default:
ret = BAD_STATE_E;
break;
}
/* if async pending then return and skip done cleanup below */
@@ -1366,8 +1455,6 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
return ret;
}
done:
key->state = RSA_STATE_NONE;
wc_RsaCleanup(key);
@@ -1478,6 +1565,19 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
}
#ifdef WC_RSA_PSS
int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf, RsaKey* key)
{
WC_RNG* rng = NULL;
#ifdef WC_RSA_BLINDING
rng = key->rng;
#endif
return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD,
hash, mgf, NULL, 0, rng);
}
#endif
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, WC_RNG* rng)
@@ -1490,11 +1590,6 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
int wc_RsaEncryptSize(RsaKey* key)
{
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
return key->n.used;
}
#endif
return mp_unsigned_bin_size(&key->n);
}
@@ -1544,10 +1639,30 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
if (e < 3 || (e & 1) == 0)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#elif defined(HAVE_INTEL_QA)
/* TODO: Not implemented */
#else
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_RSA_MAKE;
testDev->rsaMake.rng = rng;
testDev->rsaMake.key = key;
testDev->rsaMake.size = size;
testDev->rsaMake.e = e;
return WC_PENDING_E;
}
#endif
}
#endif
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
return err;
err = mp_set_int(&tmp3, (mp_digit)e);
err = mp_set_int(&tmp3, e);
/* make p */
if (err == MP_OKAY) {
@@ -1652,116 +1767,6 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
#endif /* WC_RSA_BLINDING */
#ifdef WOLFSSL_ASYNC_CRYPT
int wc_RsaAsyncHandle(RsaKey* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{
int ret;
if (key == NULL || queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
/* make sure this rsa context had "wc_RsaAsyncInit" called on it */
if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_RSA) {
return ASYNC_INIT_E;
}
/* setup the event and push to queue */
ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
if (ret == 0) {
ret = wolfEventQueue_Push(queue, event);
}
/* check for error (helps with debugging) */
if (ret != 0) {
WOLFSSL_MSG("wc_RsaAsyncHandle failed");
}
return ret;
}
int wc_RsaAsyncWait(int ret, RsaKey* key)
{
if (ret == WC_PENDING_E) {
WOLF_EVENT event;
XMEMSET(&event, 0, sizeof(event));
ret = wolfAsync_EventInit(&event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
if (ret == 0) {
ret = wolfAsync_EventWait(&event);
if (ret == 0 && event.ret >= 0) {
ret = event.ret;
}
}
}
return ret;
}
/* Initialize async RSA key */
static int InitAsyncRsaKey(RsaKey* key)
{
XMEMSET(&key->n, 0, sizeof(key->n));
XMEMSET(&key->e, 0, sizeof(key->e));
XMEMSET(&key->d, 0, sizeof(key->d));
XMEMSET(&key->p, 0, sizeof(key->p));
XMEMSET(&key->q, 0, sizeof(key->q));
XMEMSET(&key->dP, 0, sizeof(key->dP));
XMEMSET(&key->dQ, 0, sizeof(key->dQ));
XMEMSET(&key->u, 0, sizeof(key->u));
return 0;
}
/* Free async RSA key */
static int FreeAsyncRsaKey(RsaKey* key)
{
if (key->type == RSA_PRIVATE) {
if (key->d.dpraw) {
ForceZero(key->d.dpraw, key->d.used);
#ifndef USE_FAST_MATH
XFREE(key->d.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
if (key->p.dpraw) {
ForceZero(key->p.dpraw, key->p.used);
#ifndef USE_FAST_MATH
XFREE(key->p.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
if (key->q.dpraw) {
ForceZero(key->q.dpraw, key->q.used);
#ifndef USE_FAST_MATH
XFREE(key->q.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
if (key->dP.dpraw) {
ForceZero(key->dP.dpraw, key->dP.used);
#ifndef USE_FAST_MATH
XFREE(key->dP.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
if (key->dQ.dpraw) {
ForceZero(key->dQ.dpraw, key->dQ.used);
#ifndef USE_FAST_MATH
XFREE(key->dQ.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
if (key->u.dpraw) {
ForceZero(key->u.dpraw, key->u.used);
#ifndef USE_FAST_MATH
XFREE(key->u.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
}
}
#ifndef USE_FAST_MATH
XFREE(key->n.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
XFREE(key->e.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
return InitAsyncRsaKey(key); /* reset pointers */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#undef ERROR_OUT
#endif /* HAVE_FIPS */

212
wolfcrypt/src/sha.c Normal file → Executable file
View File

@@ -26,13 +26,60 @@
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_SHA)
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* fips wrapper calls, user can call direct */
#ifdef HAVE_FIPS
int wc_InitSha(Sha* sha)
{
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha_fips(sha);
}
int wc_InitSha_ex(Sha* sha, void* heap, int devId)
{
(void)heap;
(void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha_fips(sha);
}
int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
{
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return ShaUpdate_fips(sha, data, len);
}
int wc_ShaFinal(Sha* sha, byte* out)
{
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return ShaFinal_fips(sha,out);
}
void wc_ShaFree(Sha* sha)
{
(void)sha;
/* Not supported in FIPS */
}
#else /* else build without fips */
#if defined(WOLFSSL_TI_HASH)
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
#else
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@@ -41,33 +88,8 @@
#endif
/* fips wrapper calls, user can call direct */
#ifdef HAVE_FIPS
int wc_InitSha(Sha* sha)
{
return InitSha_fips(sha);
}
int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
{
return ShaUpdate_fips(sha, data, len);
}
int wc_ShaFinal(Sha* sha, byte* out)
{
return ShaFinal_fips(sha,out);
}
#else /* else build without fips */
/****************************************/
/* SHA Hardware Variations */
/****************************************/
#if defined(WOLFSSL_TI_HASH)
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
#elif defined(WOLFSSL_PIC32MZ_HASH)
/* Hardware Acceleration */
#if defined(WOLFSSL_PIC32MZ_HASH)
#define USE_SHA_SOFTWARE_IMPL
#define wc_InitSha wc_InitSha_sw
#define wc_ShaUpdate wc_ShaUpdate_sw
@@ -80,7 +102,7 @@
* library. (See note in README).
*/
int wc_InitSha(Sha* sha)
static int InitSha(Sha* sha)
{
/* STM32 struct notes:
* sha->buffer = first 4 bytes used to hold partial block if needed
@@ -193,7 +215,7 @@
#elif defined(FREESCALE_LTC_SHA)
#include "fsl_ltc.h"
int wc_InitSha(Sha* sha)
static int InitSha(Sha* sha)
{
LTC_HASH_Init(LTC_BASE, &sha->ctx, kLTC_Sha1, NULL, 0);
return 0;
@@ -219,7 +241,7 @@
#define USE_SHA_SOFTWARE_IMPL /* Only for API's, actual transform is here */
#define XSHATRANSFORM ShaTransform
int wc_InitSha(Sha* sha)
static int InitSha(Sha* sha)
{
int ret = 0;
ret = wolfSSL_CryptHwMutexLock();
@@ -251,7 +273,7 @@
/* Software implementation */
#define USE_SHA_SOFTWARE_IMPL
int wc_InitSha(Sha* sha)
static int InitSha(Sha* sha)
{
int ret = 0;
@@ -268,7 +290,7 @@
return ret;
}
#endif
#endif /* End Hardware Acceleration */
/* Software implementation */
@@ -378,13 +400,6 @@
#endif /* !USE_CUSTOM_SHA_TRANSFORM */
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b) {
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
static INLINE void AddLength(Sha* sha, word32 len)
{
word32 tmp = sha->loLen;
@@ -392,11 +407,51 @@ static INLINE void AddLength(Sha* sha, word32 len)
sha->hiLen++; /* carry low to high */
}
int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
int wc_InitSha_ex(Sha* sha, void* heap, int devId)
{
int ret = 0;
if (sha == NULL)
return BAD_FUNC_ARG;
sha->heap = heap;
ret = InitSha(sha);
if (ret != 0)
return ret;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
ret = wolfAsync_DevCtxInit(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA,
sha->heap, devId);
#else
(void)devId;
#endif /* WOLFSSL_ASYNC_CRYPT */
return ret;
}
int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
{
byte* local;
if (sha == NULL ||(data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
/* do block size increments */
byte* local = (byte*)sha->buffer;
local = (byte*)sha->buffer;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {
#if defined(HAVE_INTEL_QA)
return IntelQaSymSha(&sha->asyncDev, NULL, data, len);
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
/* check that internal buffLen is valid */
if (sha->buffLen >= SHA_BLOCK_SIZE)
return BUFFER_E;
while (len) {
word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
@@ -421,7 +476,21 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
int wc_ShaFinal(Sha* sha, byte* hash)
{
byte* local = (byte*)sha->buffer;
byte* local;
if (sha == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
local = (byte*)sha->buffer;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {
#if defined(HAVE_INTEL_QA)
return IntelQaSymSha(&sha->asyncDev, hash, NULL, SHA_DIGEST_SIZE);
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
AddLength(sha, sha->buffLen); /* before adding pads */
@@ -466,10 +535,61 @@ int wc_ShaFinal(Sha* sha, byte* hash)
#endif
XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
return wc_InitSha(sha); /* reset state */
return InitSha(sha); /* reset state */
}
#endif /* USE_SHA_SOFTWARE_IMPL */
int wc_InitSha(Sha* sha)
{
return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
}
void wc_ShaFree(Sha* sha)
{
if (sha == NULL)
return;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
wolfAsync_DevCtxFree(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
#endif /* !WOLFSSL_TI_HASH */
#endif /* HAVE_FIPS */
#ifndef WOLFSSL_TI_HASH
int wc_ShaGetHash(Sha* sha, byte* hash)
{
int ret;
Sha tmpSha;
if (sha == NULL || hash == NULL)
return BAD_FUNC_ARG;
ret = wc_ShaCopy(sha, &tmpSha);
if (ret == 0) {
ret = wc_ShaFinal(&tmpSha, hash);
}
return ret;
}
int wc_ShaCopy(Sha* src, Sha* dst)
{
int ret = 0;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
XMEMCPY(dst, src, sizeof(Sha));
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
return ret;
}
#endif /* !WOLFSSL_TI_HASH */
#endif /* !NO_SHA */

2588
wolfcrypt/src/sha256.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

1687
wolfcrypt/src/sha512.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

44
wolfcrypt/src/signature.c
View File

@@ -175,7 +175,15 @@ int wc_SignatureVerify(
int is_valid_sig = 0;
/* Perform verification of signature using provided ECC key */
ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, &is_valid_sig, (ecc_key*)key);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len,
&is_valid_sig, (ecc_key*)key);
} while (ret == WC_PENDING_E);
if (ret != 0 || is_valid_sig != 1) {
ret = SIG_VERIFY_E;
}
@@ -198,6 +206,7 @@ int wc_SignatureVerify(
/* Otherwise fall-through and perform normal RSA verify against updated
* DER encoding + hash */
#endif
FALL_THROUGH;
case WC_SIGNATURE_TYPE_RSA:
{
@@ -212,8 +221,15 @@ int wc_SignatureVerify(
plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain_data) {
/* Perform verification of signature using provided RSA key */
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, plain_len,
(RsaKey*)key);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data,
plain_len, (RsaKey*)key);
} while (ret == WC_PENDING_E);
if (ret >= 0) {
if ((word32)ret == hash_len &&
XMEMCMP(plain_data, hash_data, hash_len) == 0) {
@@ -296,7 +312,15 @@ int wc_SignatureGenerate(
case WC_SIGNATURE_TYPE_ECC:
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
/* Create signature using provided ECC key */
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len,
rng, (ecc_key*)key);
} while (ret == WC_PENDING_E);
#else
ret = SIG_TYPE_E;
#endif
@@ -315,11 +339,19 @@ int wc_SignatureGenerate(
/* Otherwise fall-through and perform normal RSA sign against updated
* DER encoding + hash */
#endif
FALL_THROUGH;
case WC_SIGNATURE_TYPE_RSA:
#ifndef NO_RSA
/* Create signature using provided RSA key */
ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, (RsaKey*)key, rng);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
(RsaKey*)key, rng);
} while (ret == WC_PENDING_E);
if (ret >= 0) {
*sig_len = ret;
ret = 0; /* Success */

18
wolfcrypt/src/srp.c
View File

@@ -310,7 +310,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
byte digest1[SRP_MAX_DIGEST_SIZE];
byte digest2[SRP_MAX_DIGEST_SIZE];
byte pad = 0;
int i, j, r;
int i, r;
int j = 0;
if (!srp || !N || !g || !salt || nSz < gSz)
return BAD_FUNC_ARG;
@@ -348,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
/* Set k = H(N, g) */
r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
for (i = 0; (word32)i < nSz - gSz; i++)
SrpHashUpdate(&hash, &pad, 1);
for (i = 0; (word32)i < nSz - gSz; i++) {
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
}
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
if (!r) r = SrpHashFinal(&hash, srp->k);
@@ -454,12 +456,12 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
return mp_read_unsigned_bin(&srp->auth, verifier, size);
}
int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
{
mp_int p;
int r;
if (!srp || !private || !size)
if (!srp || !priv || !size)
return BAD_FUNC_ARG;
if (mp_iszero(&srp->auth) == MP_YES)
@@ -468,7 +470,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
r = mp_init(&p);
if (r != MP_OKAY)
return MP_INIT_E;
if (!r) r = mp_read_unsigned_bin(&p, private, size);
if (!r) r = mp_read_unsigned_bin(&p, priv, size);
if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0;
@@ -551,6 +553,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
byte counter[4];
int r = BAD_FUNC_ARG;
XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->key == NULL)
return MEMORY_E;
@@ -567,7 +571,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
if (!r) r = SrpHashUpdate(&hash, secret, size);
if (!r) r = SrpHashUpdate(&hash, counter, 4);
if(j + digestSz > srp->keySz) {
if (j + digestSz > srp->keySz) {
if (!r) r = SrpHashFinal(&hash, digest);
XMEMCPY(srp->key + j, digest, srp->keySz - j);
j = srp->keySz;

345
wolfcrypt/src/tfm.c
View File

@@ -49,6 +49,7 @@
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/tfm.h>
#include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */
#include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */
#if defined(FREESCALE_LTC_TFM)
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
@@ -197,11 +198,7 @@ void s_fp_sub(fp_int *a, fp_int *b, fp_int *c)
}
/* c = a * b */
#if defined(FREESCALE_LTC_TFM)
void wolfcrypt_fp_mul(fp_int *A, fp_int *B, fp_int *C)
#else
void fp_mul(fp_int *A, fp_int *B, fp_int *C)
#endif
{
int y, yy, oldused;
@@ -479,12 +476,11 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
pa = FP_SIZE-1;
}
if (A == C || B == C) {
/* Always take branch to use tmp variable. This avoids a cache attack for
* determining if C equals A */
if (1) {
fp_init(&tmp);
dst = &tmp;
} else {
fp_zero(C);
dst = C;
}
for (ix = 0; ix < pa; ix++) {
@@ -742,11 +738,7 @@ void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d)
}
/* c = a mod b, 0 <= c < b */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_fp_mod(fp_int *a, fp_int *b, fp_int *c)
#else
int fp_mod(fp_int *a, fp_int *b, fp_int *c)
#endif
{
fp_int t;
int err;
@@ -897,11 +889,7 @@ top:
}
/* c = 1/a (mod b) for odd b only */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_fp_invmod(fp_int *a, fp_int *b, fp_int *c)
#else
int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
#endif
{
fp_int x, y, u, v, B, D;
int neg;
@@ -993,23 +981,22 @@ top:
}
/* d = a * b (mod c) */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
#else
int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
#endif
{
int err;
fp_int t;
fp_init(&t);
fp_mul(a, b, &t);
#ifdef ALT_ECC_SIZE
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
#else
err = fp_mod(&t, c, d);
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
if (d->size < FP_SIZE) {
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
} else
#endif
{
err = fp_mod(&t, c, d);
}
return err;
}
@@ -1022,12 +1009,15 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
fp_init(&t);
fp_sub(a, b, &t);
#ifdef ALT_ECC_SIZE
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
#else
err = fp_mod(&t, c, d);
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
if (d->size < FP_SIZE) {
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
} else
#endif
{
err = fp_mod(&t, c, d);
}
return err;
}
@@ -1040,47 +1030,26 @@ int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
fp_init(&t);
fp_add(a, b, &t);
#ifdef ALT_ECC_SIZE
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
#else
err = fp_mod(&t, c, d);
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
if (d->size < FP_SIZE) {
err = fp_mod(&t, c, &t);
fp_copy(&t, d);
} else
#endif
{
err = fp_mod(&t, c, d);
}
return err;
}
#ifdef TFM_TIMING_RESISTANT
#ifndef WC_NO_CACHE_RESISTANT
/* all off / all on pointer addresses for constant calculations */
/* ecc.c uses same table */
const wolfssl_word wc_off_on_addr[2] =
{
#if defined(WC_64BIT_CPU)
W64LIT(0x0000000000000000),
W64LIT(0xffffffffffffffff)
#elif defined(WC_16BIT_CPU)
0x0000U,
0xffffU
#else
/* 32 bit */
0x00000000U,
0xffffffffU
#endif
};
#endif /* WC_NO_CACHE_RESISTANT */
/* timing resistant montgomery ladder based exptmod
Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
Cryptographic Hardware and Embedded Systems, CHES 2002
*/
#if defined(FREESCALE_LTC_TFM)
int _wolfcrypt_fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#else
static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#endif
{
#ifdef WC_NO_CACHE_RESISTANT
fp_int R[2];
@@ -1983,6 +1952,41 @@ void fp_set(fp_int *a, fp_digit b)
a->used = a->dp[0] ? 1 : 0;
}
#ifndef MP_SET_CHUNK_BITS
#define MP_SET_CHUNK_BITS 4
#endif
void fp_set_int(fp_int *a, unsigned long b)
{
int x;
/* use direct fp_set if b is less than fp_digit max */
if (b < FP_DIGIT_MAX) {
fp_set (a, b);
return;
}
fp_zero (a);
/* set chunk bits at a time */
for (x = 0; x < (int)(sizeof(b) * 8) / MP_SET_CHUNK_BITS; x++) {
fp_mul_2d (a, MP_SET_CHUNK_BITS, a);
/* OR in the top bits of the source */
a->dp[0] |= (b >> ((sizeof(b) * 8) - MP_SET_CHUNK_BITS)) &
((1 << MP_SET_CHUNK_BITS) - 1);
/* shift the source up to the next chunk bits */
b <<= MP_SET_CHUNK_BITS;
/* ensure that digits are not clamped off */
a->used += 1;
}
/* clamp digits */
fp_clamp(a);
}
/* check if a bit is set */
int fp_is_bit_set (fp_int *a, fp_digit b)
{
@@ -2063,26 +2067,26 @@ int fp_leading_bit(fp_int *a)
void fp_lshd(fp_int *a, int x)
{
int y;
int y;
/* move up and truncate as required */
y = MIN(a->used + x - 1, (int)(FP_SIZE-1));
/* move up and truncate as required */
y = MIN(a->used + x - 1, (int)(FP_SIZE-1));
/* store new size */
a->used = y + 1;
/* store new size */
a->used = y + 1;
/* move digits */
for (; y >= x; y--) {
a->dp[y] = a->dp[y-x];
}
/* move digits */
for (; y >= x; y--) {
a->dp[y] = a->dp[y-x];
}
/* zero lower digits */
for (; y >= 0; y--) {
a->dp[y] = 0;
}
/* zero lower digits */
for (; y >= 0; y--) {
a->dp[y] = 0;
}
/* clamp digits */
fp_clamp(a);
/* clamp digits */
fp_clamp(a);
}
@@ -2115,6 +2119,9 @@ void fp_rshb(fp_int *c, int x)
/* set the carry to the carry bits of the current word found above */
r = rr;
}
/* clamp digits */
fp_clamp(c);
}
@@ -2167,12 +2174,15 @@ void fp_sub_d(fp_int *a, fp_digit b, fp_int *c)
fp_int tmp;
fp_init(&tmp);
fp_set(&tmp, b);
#ifdef ALT_ECC_SIZE
fp_sub(a, &tmp, &tmp);
fp_copy(&tmp, c);
#else
fp_sub(a, &tmp, c);
#endif
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
if (c->size < FP_SIZE) {
fp_sub(a, &tmp, &tmp);
fp_copy(&tmp, c);
} else
#endif
{
fp_sub(a, &tmp, c);
}
}
@@ -2186,33 +2196,81 @@ int mp_init (mp_int * a)
return MP_OKAY;
}
#ifdef ALT_ECC_SIZE
void fp_init(fp_int *a)
{
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
a->size = FP_SIZE;
#endif
#ifdef HAVE_WOLF_BIGINT
wc_bigint_init(&a->raw);
#endif
fp_zero(a);
}
void fp_zero(fp_int *a)
{
int size = FP_SIZE;
a->used = 0;
a->sign = FP_ZPOS;
XMEMSET(a->dp, 0, a->size * sizeof(fp_digit));
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
size = a->size;
#endif
XMEMSET(a->dp, 0, size * sizeof(fp_digit));
}
void fp_clear(fp_int *a)
{
int size = FP_SIZE;
a->used = 0;
a->sign = FP_ZPOS;
ForceZero(a->dp, a->size * sizeof(fp_digit));
}
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
size = a->size;
#endif
XMEMSET(a->dp, 0, size * sizeof(fp_digit));
fp_free(a);
}
void fp_forcezero (mp_int * a)
{
int size = FP_SIZE;
a->used = 0;
a->sign = FP_ZPOS;
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
size = a->size;
#endif
ForceZero(a->dp, size * sizeof(fp_digit));
#ifdef HAVE_WOLF_BIGINT
wc_bigint_zero(&a->raw);
#endif
fp_free(a);
}
void mp_forcezero (mp_int * a)
{
fp_forcezero(a);
}
void fp_free(fp_int* a)
{
#ifdef HAVE_WOLF_BIGINT
wc_bigint_free(&a->raw);
#else
(void)a;
#endif
}
/* clear one (frees) */
void mp_clear (mp_int * a)
{
fp_zero(a);
if (a == NULL)
return;
fp_clear(a);
}
void mp_free(mp_int* a)
{
fp_free(a);
}
/* handle up to 6 inits */
@@ -2250,14 +2308,28 @@ int mp_sub (mp_int * a, mp_int * b, mp_int * c)
}
/* high level multiplication (handles sign) */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mul(mp_int * a, mp_int * b, mp_int * c)
#else
int mp_mul (mp_int * a, mp_int * b, mp_int * c)
#endif
{
fp_mul(a, b, c);
return MP_OKAY;
}
int mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
{
fp_mul_d(a, b, c);
return MP_OKAY;
}
/* d = a * b (mod c) */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
#else
int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
#endif
{
return fp_mulmod(a, b, c, d);
}
@@ -2275,13 +2347,21 @@ int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
}
/* c = a mod b, 0 <= c < b */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_mod (mp_int * a, mp_int * b, mp_int * c)
#else
int mp_mod (mp_int * a, mp_int * b, mp_int * c)
#endif
{
return fp_mod (a, b, c);
}
/* hac 14.61, pp608 */
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
#else
int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
#endif
{
return fp_invmod(a, b, c);
}
@@ -2291,7 +2371,11 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
* embedded in the normal function but that wasted alot of stack space
* for nothing (since 99% of the time the Montgomery code would be called)
*/
#if defined(FREESCALE_LTC_TFM)
int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
#else
int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
#endif
{
return fp_exptmod(G, X, P, Y);
}
@@ -2314,6 +2398,11 @@ int mp_unsigned_bin_size (mp_int * a)
return fp_unsigned_bin_size(a);
}
int mp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b)
{
return fp_to_unsigned_bin_at_pos(x, t, b);
}
/* store in unsigned [big endian] format */
int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
{
@@ -2341,27 +2430,45 @@ int mp_mul_2d(fp_int *a, int b, fp_int *c)
return MP_OKAY;
}
int mp_div(fp_int * a, fp_int * b, fp_int * c, fp_int * d)
{
return fp_div(a, b, c, d);
}
int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
{
fp_div_2d(a, b, c, d);
return MP_OKAY;
}
#ifdef ALT_ECC_SIZE
void fp_copy(fp_int *a, fp_int *b)
{
if (a != b && b->size >= a->used) {
int x, oldused;
oldused = b->used;
/* if source and destination are different */
if (a != b) {
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
/* verify a will fit in b */
if (b->size >= a->used) {
int x, oldused;
oldused = b->used;
b->used = a->used;
b->sign = a->sign;
XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit));
/* zero any excess digits on the destination that we didn't write to */
for (x = b->used; x < oldused; x++) {
b->dp[x] = 0;
}
}
else {
/* TODO: Handle error case */
}
#else
/* all dp's are same size, so do straight copy */
b->used = a->used;
b->sign = a->sign;
XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit));
/* zero any excess digits on the destination that we didn't write to */
for (x = b->used; x < oldused; x++) {
b->dp[x] = 0;
}
XMEMCPY(b->dp, a->dp, FP_SIZE * sizeof(fp_digit));
#endif
}
}
@@ -2372,7 +2479,6 @@ void fp_init_copy(fp_int *a, fp_int* b)
fp_copy(b, a);
}
}
#endif
/* fast math wrappers */
int mp_copy(fp_int* a, fp_int* b)
@@ -2406,9 +2512,14 @@ void mp_rshb (mp_int* a, int x)
fp_rshb(a, x);
}
int mp_set_int(mp_int *a, mp_digit b)
void mp_rshd (mp_int* a, int x)
{
fp_set(a, b);
fp_rshd(a, x);
}
int mp_set_int(mp_int *a, unsigned long b)
{
fp_set_int(a, b);
return MP_OKAY;
}
@@ -2432,12 +2543,17 @@ int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c)
fp_init(&t);
fp_sqr(a, &t);
#ifdef ALT_ECC_SIZE
err = fp_mod(&t, b, &t);
fp_copy(&t, c);
#else
err = fp_mod(&t, b, c);
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
if (c->size < FP_SIZE) {
err = fp_mod(&t, b, &t);
fp_copy(&t, c);
}
else
#endif
{
err = fp_mod(&t, b, c);
}
return err;
}
@@ -2645,10 +2761,8 @@ int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
switch(err) {
case FP_VAL:
return MP_VAL;
break;
case FP_MEM:
return MP_MEM;
break;
default:
break;
}
@@ -2850,7 +2964,7 @@ int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap)
XMEMSET(buf, 0, len);
XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
return FP_OKAY;
}
@@ -3008,12 +3122,6 @@ int mp_read_radix(mp_int *a, const char *str, int radix)
return fp_read_radix(a, str, radix);
}
/* fast math conversion */
void mp_set(fp_int *a, fp_digit b)
{
fp_set(a,b);
}
/* fast math conversion */
int mp_sqr(fp_int *A, fp_int *B)
{
@@ -3059,6 +3167,15 @@ int mp_cnt_lsb(fp_int* a)
#endif /* HAVE_ECC */
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA)
/* fast math conversion */
int mp_set(fp_int *a, fp_digit b)
{
fp_set(a,b);
return MP_OKAY;
}
#endif
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
defined(WOLFSSL_DEBUG_MATH)
@@ -3174,7 +3291,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose)
char buffer[FP_SIZE * sizeof(fp_digit) * 2];
int size = FP_SIZE;
#ifdef ALT_ECC_SIZE
#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
size = a->size;
#endif

2
wolfcrypt/src/wc_encrypt.c
View File

@@ -32,6 +32,7 @@
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef HAVE_AES_DECRYPT
int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz, const byte* iv)
{
@@ -58,6 +59,7 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
return ret;
}
#endif /* HAVE_AES_DECRYPT */
int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz, const byte* iv)

1452
wolfcrypt/src/wc_port.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

31
wolfcrypt/src/wolfevent.c
View File

@@ -103,16 +103,7 @@ int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
event->next = NULL;
event->pending = 1;
if (queue->tail == NULL) {
queue->head = event;
}
else {
queue->tail->next = event;
event->prev = queue->tail;
}
queue->tail = event; /* add to the end either way */
queue->count++;
ret = 0;
ret = wolfEventQueue_Add(queue, event);
#ifndef SINGLE_THREADED
wc_UnLockMutex(&queue->lock);
@@ -147,6 +138,26 @@ int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event)
return ret;
}
/* assumes queue is locked by caller */
int wolfEventQueue_Add(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{
if (queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
if (queue->tail == NULL) {
queue->head = event;
}
else {
queue->tail->next = event;
event->prev = queue->tail;
}
queue->tail = event; /* add to the end either way */
queue->count++;
return 0;
}
/* assumes queue is locked by caller */
int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{

272
wolfcrypt/src/wolfmath.c Normal file
View File

@@ -0,0 +1,272 @@
/* wolfmath.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* common functions for either math library */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
/* in case user set USE_FAST_MATH there */
#include <wolfssl/wolfcrypt/settings.h>
#ifdef USE_FAST_MATH
#include <wolfssl/wolfcrypt/tfm.h>
#else
#include <wolfssl/wolfcrypt/integer.h>
#endif
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#if defined(USE_FAST_MATH) || !defined(NO_BIG_INT)
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(WC_NO_CACHE_RESISTANT) && \
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
/* all off / all on pointer addresses for constant calculations */
/* ecc.c uses same table */
const wolfssl_word wc_off_on_addr[2] =
{
#if defined(WC_64BIT_CPU)
W64LIT(0x0000000000000000),
W64LIT(0xffffffffffffffff)
#elif defined(WC_16BIT_CPU)
0x0000U,
0xffffU
#else
/* 32 bit */
0x00000000U,
0xffffffffU
#endif
};
#endif
int get_digit_count(mp_int* a)
{
if (a == NULL)
return 0;
return a->used;
}
mp_digit get_digit(mp_int* a, int n)
{
if (a == NULL)
return 0;
return (n >= a->used || n < 0) ? 0 : a->dp[n];
}
int get_rand_digit(WC_RNG* rng, mp_digit* d)
{
return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
}
#ifdef WC_RSA_BLINDING
int mp_rand(mp_int* a, int digits, WC_RNG* rng)
{
int ret;
mp_digit d;
if (rng == NULL)
return MISSING_RNG_E;
if (a == NULL)
return BAD_FUNC_ARG;
mp_zero(a);
if (digits <= 0) {
return MP_OKAY;
}
/* first place a random non-zero digit */
do {
ret = get_rand_digit(rng, &d);
if (ret != 0) {
return ret;
}
} while (d == 0);
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
return ret;
}
while (--digits > 0) {
if ((ret = mp_lshd(a, 1)) != MP_OKAY) {
return ret;
}
if ((ret = get_rand_digit(rng, &d)) != 0) {
return ret;
}
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
return ret;
}
}
return ret;
}
#endif /* WC_RSA_BLINDING */
#ifdef HAVE_WOLF_BIGINT
void wc_bigint_init(WC_BIGINT* a)
{
if (a != NULL) {
a->buf = NULL;
a->len = 0;
a->heap = NULL;
}
}
int wc_bigint_alloc(WC_BIGINT* a, word32 sz)
{
int err = MP_OKAY;
if (a == NULL)
return BAD_FUNC_ARG;
if (sz > 0) {
if (a->buf && sz > a->len) {
wc_bigint_free(a);
}
if (a->buf == NULL) {
a->buf = (byte*)XMALLOC(sz, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
}
if (a->buf == NULL) {
err = MP_MEM;
}
else {
XMEMSET(a->buf, 0, sz);
}
}
a->len = sz;
return err;
}
/* assumes input is big endian format */
int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen)
{
int err;
if (a == NULL || in == NULL || inlen == 0)
return BAD_FUNC_ARG;
err = wc_bigint_alloc(a, inlen);
if (err == 0) {
XMEMCPY(a->buf, in, inlen);
}
return err;
}
int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen)
{
word32 sz;
if (a == NULL || out == NULL || outlen == NULL || *outlen == 0)
return BAD_FUNC_ARG;
/* trim to fit into output buffer */
sz = a->len;
if (a->len > *outlen) {
WOLFSSL_MSG("wc_bigint_export: Truncating output");
sz = *outlen;
}
if (a->buf) {
XMEMCPY(out, a->buf, sz);
}
*outlen = sz;
return MP_OKAY;
}
void wc_bigint_zero(WC_BIGINT* a)
{
if (a && a->buf) {
ForceZero(a->buf, a->len);
}
}
void wc_bigint_free(WC_BIGINT* a)
{
if (a) {
if (a->buf) {
XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
}
a->buf = NULL;
a->len = 0;
}
}
int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst)
{
int err;
word32 sz;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
sz = mp_unsigned_bin_size(src);
err = wc_bigint_alloc(dst, sz);
if (err == MP_OKAY)
err = mp_to_unsigned_bin(src, dst->buf);
return err;
}
int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst)
{
int err;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
if (src->buf == NULL)
return BAD_FUNC_ARG;
err = mp_read_unsigned_bin(dst, src->buf, src->len);
wc_bigint_free(src);
return err;
}
#endif /* HAVE_WOLF_BIGINT */
#endif /* USE_FAST_MATH || !NO_BIG_INT */