wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance.

Browse Source
This commit is contained in:
David Garske
2016-07-07 10:59:45 -07:00
parent 0f25ee703d
commit 7a1acc7e56
10 changed files with 1395 additions and 457 deletions
Download Patch File Download Diff File Expand all files Collapse all files

303
src/internal.c
View File

@@ -6622,6 +6622,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef HAVE_ECC
case ECDSAk:
{
int curveId;
if (ssl->peerEccDsaKey == NULL) {
/* alloc/init on demand */
ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
@@ -6637,8 +6638,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->peerEccDsaKeyPresent = 0;
wc_ecc_init_h(ssl->peerEccDsaKey, ssl->heap);
}
if (wc_ecc_import_x963(dCert->publicKey, dCert->pubKeySize,
ssl->peerEccDsaKey) != 0) {
curveId = wc_ecc_get_oid(dCert->keyOID, NULL, NULL);
if (wc_ecc_import_x963_ex(dCert->publicKey,
dCert->pubKeySize, ssl->peerEccDsaKey, curveId) != 0) {
ret = PEER_KEY_ERROR;
}
else {
@@ -13194,33 +13197,67 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef HAVE_ECC
static int CheckCurveId(int oid)
static int CheckCurveId(int tlsCurveId)
{
int ret = 0;
int ret = ECC_CURVE_ERROR;
switch (oid) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case WOLFSSL_ECC_SECP160R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case WOLFSSL_ECC_SECP192R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case WOLFSSL_ECC_SECP224R1:
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case WOLFSSL_ECC_SECP256R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case WOLFSSL_ECC_SECP384R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case WOLFSSL_ECC_SECP521R1:
#endif
break;
default:
ret = -1;
switch (tlsCurveId) {
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP160R1: return ECC_SECP160R1_OID;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_SECPR2
case WOLFSSL_ECC_SECP160R2: return ECC_SECP160R2_OID;
#endif /* HAVE_ECC_SECPR2 */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP160K1: return ECC_SECP160K1_OID;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP192R1: return ECC_SECP192R1_OID;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP192K1: return ECC_SECP192K1_OID;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP224R1: return ECC_SECP224R1_OID;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP224K1: return ECC_SECP224K1_OID;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP256R1: return ECC_SECP256R1_OID;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP256K1: return ECC_SECP256K1_OID;
#endif /* HAVE_ECC_KOBLITZ */
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP256R1: return ECC_BRAINPOOLP256R1_OID;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP384R1: return ECC_SECP384R1_OID;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP384R1: return ECC_BRAINPOOLP384R1_OID;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP512R1: return ECC_BRAINPOOLP512R1_OID;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
#endif /* !NO_ECC_SECP */
#endif
}
return ret;
@@ -13397,6 +13434,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
case ecc_diffie_hellman_kea:
{
byte b;
int curveId, curveOid;
if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN +
OPAQUE8_LEN > size) {
@@ -13412,8 +13450,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
*inOutIdx += 1; /* curve type, eat leading 0 */
b = input[(*inOutIdx)++];
if (CheckCurveId(b) != 0) {
return ECC_CURVE_ERROR;
if ((curveOid = CheckCurveId(b)) < 0) {
return curveOid;
}
length = input[(*inOutIdx)++];
@@ -13437,8 +13475,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + *inOutIdx, length,
ssl->peerEccKey) != 0) {
curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
if (wc_ecc_import_x963_ex(input + *inOutIdx, length,
ssl->peerEccKey, curveId) != 0) {
return ECC_PEERKEY_ERROR;
}
@@ -13560,6 +13599,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
case ecdhe_psk_kea:
{
byte b;
int curveOid, curveId;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
return BUFFER_ERROR;
@@ -13593,8 +13633,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
*inOutIdx += 1; /* curve type, eat leading 0 */
b = input[(*inOutIdx)++];
if (CheckCurveId(b) != 0) {
return ECC_CURVE_ERROR;
if ((curveOid = CheckCurveId(b)) < 0) {
return curveOid;
}
length = input[(*inOutIdx)++];
@@ -13618,8 +13658,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + *inOutIdx, length,
ssl->peerEccKey) != 0) {
curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
if (wc_ecc_import_x963_ex(input + *inOutIdx, length,
ssl->peerEccKey, curveId) != 0) {
return ECC_PEERKEY_ERROR;
}
@@ -14995,7 +15036,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
}
wc_ecc_init_h(&myKey, ssl->heap);
ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
ret = wc_ecc_make_key_ex(ssl->rng, 0, &myKey, peerKey->dp->id);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -15765,33 +15806,84 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifdef HAVE_ECC
static byte SetCurveId(int size)
static byte SetCurveId(ecc_key* key)
{
switch(size) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case 20:
if (key == NULL || key->dp == NULL) {
WOLFSSL_MSG("SetCurveId: Invalid key!");
return 0;
}
switch(key->dp->oidSum) {
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP160R1_OID:
return WOLFSSL_ECC_SECP160R1;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case 24:
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_SECPR2
case ECC_SECP160R2_OID:
return WOLFSSL_ECC_SECP160R2;
#endif /* HAVE_ECC_SECPR2 */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP160K1_OID:
return WOLFSSL_ECC_SECP160K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP192R1_OID:
return WOLFSSL_ECC_SECP192R1;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case 28:
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP192K1_OID:
return WOLFSSL_ECC_SECP192K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP224R1_OID:
return WOLFSSL_ECC_SECP224R1;
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case 32:
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP224K1_OID:
return WOLFSSL_ECC_SECP224K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP256R1_OID:
return WOLFSSL_ECC_SECP256R1;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case 48:
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP256K1_OID:
return WOLFSSL_ECC_SECP256K1;
#endif /* HAVE_ECC_KOBLITZ */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP256R1_OID:
return WOLFSSL_ECC_BRAINPOOLP256R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP384R1_OID:
return WOLFSSL_ECC_SECP384R1;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case 66:
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP384R1_OID:
return WOLFSSL_ECC_BRAINPOOLP384R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP512R1_OID:
return WOLFSSL_ECC_BRAINPOOLP512R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP521R1_OID:
return WOLFSSL_ECC_SECP521R1;
#endif
#endif /* !NO_ECC_SECP */
#endif
default:
return 0;
}
@@ -16164,7 +16256,7 @@ int DoSessionTicket(WOLFSSL* ssl,
/* ECC key exchange data */
output[idx++] = named_curve;
output[idx++] = 0x00; /* leading zero */
output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey));
output[idx++] = SetCurveId(ssl->eccTempKey);
output[idx++] = (byte)exportSz;
XMEMCPY(output + idx, exportBuf, exportSz);
break;
@@ -16303,7 +16395,7 @@ int DoSessionTicket(WOLFSSL* ssl,
/* key exchange data */
output[idx++] = named_curve;
output[idx++] = 0x00; /* leading zero */
output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey));
output[idx++] = SetCurveId(ssl->eccTempKey);
output[idx++] = (byte)exportSz;
XMEMCPY(output + idx, exportBuf, exportSz);
idx += exportSz;
@@ -18287,6 +18379,11 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifdef HAVE_ECC
case ecc_diffie_hellman_kea:
{
if (!ssl->specs.static_ecdh &&
ssl->eccTempKeyPresent == 0) {
WOLFSSL_MSG("Ecc ephemeral key not made correctly");
ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
}
break;
}
#endif /* HAVE_ECC */
@@ -18315,6 +18412,11 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("No server PSK callback set");
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
if (ssl->eccTempKeyPresent == 0) {
WOLFSSL_MSG("Ecc ephemeral key not made correctly");
ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
}
break;
}
#endif /* HAVE_ECC && !NO_PSK */
@@ -18504,40 +18606,7 @@ int DoSessionTicket(WOLFSSL* ssl,
{
ecc_key* private_key = ssl->eccTempKey;
if ((idx - begin) + OPAQUE8_LEN > size) {
ERROR_OUT(BUFFER_ERROR, exit_dcke);
}
length = input[idx++];
if ((idx - begin) + length > size) {
ERROR_OUT(BUFFER_ERROR, exit_dcke);
}
if (ssl->peerEccKey == NULL) {
/* alloc/init on demand */
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ssl->heap, DYNAMIC_TYPE_ECC);
if (ssl->peerEccKey == NULL) {
WOLFSSL_MSG("PeerEccKey Memory error");
ERROR_OUT(MEMORY_E, exit_dcke);
}
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + idx, length, ssl->peerEccKey)) {
ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
}
idx += length;
ssl->peerEccKeyPresent = 1;
ssl->sigLen = sizeof(ssl->arrays->preMasterSecret);
/* handle static private key */
if (ssl->specs.static_ecdh) {
word32 i = 0;
@@ -18564,10 +18633,43 @@ int DoSessionTicket(WOLFSSL* ssl,
}
}
}
else if (ssl->eccTempKeyPresent == 0) {
WOLFSSL_MSG("Ecc ephemeral key not made correctly");
ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
/* import peer ECC key */
if ((idx - begin) + OPAQUE8_LEN > size) {
ERROR_OUT(BUFFER_ERROR, exit_dcke);
}
length = input[idx++];
if ((idx - begin) + length > size) {
ERROR_OUT(BUFFER_ERROR, exit_dcke);
}
if (ssl->peerEccKey == NULL) {
/* alloc/init on demand */
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ssl->heap, DYNAMIC_TYPE_ECC);
if (ssl->peerEccKey == NULL) {
WOLFSSL_MSG("PeerEccKey Memory error");
ERROR_OUT(MEMORY_E, exit_dcke);
}
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963_ex(input + idx, length, ssl->peerEccKey,
private_key->dp->id)) {
ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
}
idx += length;
ssl->peerEccKeyPresent = 1;
ssl->sigLen = sizeof(ssl->arrays->preMasterSecret);
if (ret != 0) {
ERROR_OUT(ECC_SHARED_ERROR, exit_dcke);
}
@@ -18713,7 +18815,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->arrays->client_identity[
min(clientSz, MAX_PSK_ID_LEN-1)] = 0;
/* ECC key */
/* import peer ECC key */
if ((idx - begin) + OPAQUE8_LEN > size) {
ERROR_OUT(BUFFER_ERROR, exit_dcke);
}
@@ -18738,8 +18840,8 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->peerEccKeyPresent = 0;
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + idx, length,
ssl->peerEccKey)) {
if (wc_ecc_import_x963_ex(input + idx, length,
ssl->peerEccKey, ssl->eccTempKey->dp->id)) {
ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
}
@@ -18749,11 +18851,6 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Note sizeof preMasterSecret is ENCRYPT_LEN currently 512 */
ssl->sigLen = sizeof(ssl->arrays->preMasterSecret);
if (ssl->eccTempKeyPresent == 0) {
WOLFSSL_MSG("Ecc ephemeral key not made correctly");
ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
}
/* Generate shared secret */
ret = EccSharedSecret(ssl,
ssl->eccTempKey,

43
src/ssl.c
View File

@@ -1284,12 +1284,20 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
return BAD_FUNC_ARG;
switch (name) {
case WOLFSSL_ECC_SECP160K1:
case WOLFSSL_ECC_SECP160R1:
case WOLFSSL_ECC_SECP160R2:
case WOLFSSL_ECC_SECP192K1:
case WOLFSSL_ECC_SECP192R1:
case WOLFSSL_ECC_SECP224K1:
case WOLFSSL_ECC_SECP224R1:
case WOLFSSL_ECC_SECP256K1:
case WOLFSSL_ECC_SECP256R1:
case WOLFSSL_ECC_SECP384R1:
case WOLFSSL_ECC_SECP521R1:
case WOLFSSL_ECC_BRAINPOOLP256R1:
case WOLFSSL_ECC_BRAINPOOLP384R1:
case WOLFSSL_ECC_BRAINPOOLP512R1:
break;
default:
@@ -1306,12 +1314,20 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
return BAD_FUNC_ARG;
switch (name) {
case WOLFSSL_ECC_SECP160K1:
case WOLFSSL_ECC_SECP160R1:
case WOLFSSL_ECC_SECP160R2:
case WOLFSSL_ECC_SECP192K1:
case WOLFSSL_ECC_SECP192R1:
case WOLFSSL_ECC_SECP224K1:
case WOLFSSL_ECC_SECP224R1:
case WOLFSSL_ECC_SECP256K1:
case WOLFSSL_ECC_SECP256R1:
case WOLFSSL_ECC_SECP384R1:
case WOLFSSL_ECC_SECP521R1:
case WOLFSSL_ECC_BRAINPOOLP256R1:
case WOLFSSL_ECC_BRAINPOOLP384R1:
case WOLFSSL_ECC_BRAINPOOLP512R1:
break;
default:
@@ -15784,7 +15800,7 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
key = (ecc_key*)eckey->internal;
/* set group (nid and idx) */
eckey->group->curve_nid = ecc_sets[key->idx].nid;
eckey->group->curve_nid = ecc_sets[key->idx].id;
eckey->group->curve_idx = key->idx;
if (eckey->pub_key->internal != NULL) {
@@ -15955,7 +15971,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
/* search and set the corresponding internal curve idx */
for (x = 0; ecc_sets[x].size != 0; x++)
if (ecc_sets[x].nid == key->group->curve_nid) {
if (ecc_sets[x].id == key->group->curve_nid) {
key->group->curve_idx = x;
break;
}
@@ -16111,8 +16127,8 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
return 0;
}
if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size,
(ecc_key*)key->internal) != MP_OKAY) {
if (wc_ecc_make_key_ex(rng, 0, (ecc_key*)key->internal,
key->group->curve_nid) != MP_OKAY) {
WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -16288,7 +16304,7 @@ WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
/* search and set the corresponding internal curve idx */
for (x = 0; ecc_sets[x].size != 0; x++)
if (ecc_sets[x].nid == g->curve_nid) {
if (ecc_sets[x].id == g->curve_nid) {
g->curve_idx = x;
break;
}
@@ -16325,22 +16341,37 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
switch(group->curve_nid) {
case NID_secp112r1:
case NID_secp112r2:
return 112;
case NID_secp128r1:
case NID_secp128r2:
return 128;
case NID_secp160k1:
case NID_secp160r1:
case NID_secp160r2:
case NID_brainpoolP160r1:
return 160;
case NID_secp192k1:
case NID_brainpoolP192r1:
case NID_X9_62_prime192v1:
return 192;
case NID_secp224k1:
case NID_secp224r1:
case NID_brainpoolP224r1:
return 224;
case NID_secp256k1:
case NID_brainpoolP256r1:
case NID_X9_62_prime256v1:
return 256;
case NID_brainpoolP320r1:
return 320;
case NID_secp384r1:
case NID_brainpoolP384r1:
return 384;
case NID_secp521r1:
case NID_brainpoolP512r1:
return 521;
default :
default:
return SSL_FAILURE;
}
}

76
src/tls.c
View File

@@ -2778,26 +2778,64 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
return 1; /* no suite restriction */
for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
/* find supported curve */
switch (curve->name) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
#endif
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP160R1: oid = ECC_SECP160R1_OID; octets = 20; break;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_SECPR2
case WOLFSSL_ECC_SECP160R2: oid = ECC_SECP160R2_OID; octets = 20; break;
#endif /* HAVE_ECC_SECPR2 */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP160K1: oid = ECC_SECP160K1_OID; octets = 20; break;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP192R1: oid = ECC_SECP192R1_OID; octets = 24; break;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP192K1: oid = ECC_SECP192K1_OID; octets = 24; break;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP224R1: oid = ECC_SECP224R1_OID; octets = 28; break;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP224K1: oid = ECC_SECP224K1_OID; octets = 28; break;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP256R1: oid = ECC_SECP256R1_OID; octets = 32; break;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case WOLFSSL_ECC_SECP256K1: oid = ECC_SECP256K1_OID; octets = 32; break;
#endif /* HAVE_ECC_KOBLITZ */
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP256R1: oid = ECC_BRAINPOOLP256R1_OID; octets = 32; break;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP384R1: oid = ECC_SECP384R1_OID; octets = 48; break;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP384R1: oid = ECC_BRAINPOOLP384R1_OID; octets = 48; break;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#ifdef HAVE_ECC_BRAINPOOL
case WOLFSSL_ECC_BRAINPOOLP512R1: oid = ECC_BRAINPOOLP512R1_OID; octets = 64; break;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case WOLFSSL_ECC_SECP521R1: oid = ECC_SECP521R1_OID; octets = 66; break;
#endif /* !NO_ECC_SECP */
#endif
default: continue; /* unsupported curve */
}

285
wolfcrypt/src/asn.c
View File

@@ -720,24 +720,7 @@ static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
/* curveType */
#ifdef HAVE_ECC
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
static const byte curve192v1Oid[] = {42, 134, 72, 206, 61, 3, 1, 1};
#endif /* HAVE_ALL_CURVES || HAVE_ECC192 */
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
static const byte curve256v1Oid[] = {42, 134, 72, 206, 61, 3, 1, 7};
#endif /* HAVE_ALL_CURVES || HAVE_ECC256 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
static const byte curve160r1Oid[] = {43, 129, 4, 0, 8};
#endif /* HAVE_ALL_CURVES || HAVE_ECC160 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
static const byte curve224r1Oid[] = {43, 129, 4, 0, 33};
#endif /* HAVE_ALL_CURVES || HAVE_ECC224 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
static const byte curve384r1Oid[] = {43, 129, 4, 0, 34};
#endif /* HAVE_ALL_CURVES || HAVE_ECC384 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
static const byte curve521r1Oid[] = {43, 129, 4, 0, 35};
#endif /* HAVE_ALL_CURVES || HAVE_ECC521 */
/* See "ecc_sets" table in ecc.c */
#endif /* HAVE_ECC */
/* blkType */
@@ -909,45 +892,8 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
#ifdef HAVE_ECC
case oidCurveType:
switch (id) {
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case ECC_256R1:
oid = curve256v1Oid;
*oidSz = sizeof(curve256v1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC256 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case ECC_384R1:
oid = curve384r1Oid;
*oidSz = sizeof(curve384r1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC384 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case ECC_521R1:
oid = curve521r1Oid;
*oidSz = sizeof(curve521r1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC521 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case ECC_160R1:
oid = curve160r1Oid;
*oidSz = sizeof(curve160r1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC160 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case ECC_192R1:
oid = curve192v1Oid;
*oidSz = sizeof(curve192v1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC192 */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case ECC_224R1:
oid = curve224r1Oid;
*oidSz = sizeof(curve224r1Oid);
break;
#endif /* HAVE_ALL_CURVES || HAVE_ECC224 */
default:
break;
if (wc_ecc_get_oid(id, &oid, oidSz) < 0) {
WOLFSSL_MSG("ECC OID not found");
}
break;
#endif /* HAVE_ECC */
@@ -1097,9 +1043,84 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
return oid;
}
#ifdef HAVE_OID_ENCODING
int EncodeObjectId(const word32* in, word32 inSz, byte* out, word32* outSz)
{
int i, x, len;
word32 d, t;
WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx)
/* check args */
if (in == NULL || outSz == NULL) {
return BAD_FUNC_ARG;
}
/* compute length of encoded OID */
d = (in[0] * 40) + in[1];
len = 0;
for (i = 1; i < (int)inSz; i++) {
x = 0;
t = d;
while (t) {
x++;
t >>= 1;
}
len += (x / 7) + ((x % 7) ? 1 : 0) + (d == 0 ? 1 : 0);
if (i < (int)inSz - 1) {
d = in[i + 1];
}
}
if (out) {
/* verify length */
if ((int)*outSz < len) {
return BUFFER_E; /* buffer provided is not large enough */
}
/* calc first byte */
d = (in[0] * 40) + in[1];
/* encode bytes */
x = 0;
for (i = 1; i < (int)inSz; i++) {
if (d) {
int y = x, z;
byte mask = 0;
while (d) {
out[x++] = (byte)((d & 0x7F) | mask);
d >>= 7;
mask |= 0x80; /* upper bit is set on all but the last byte */
}
/* now swap bytes y...x-1 */
z = x - 1;
while (y < z) {
mask = out[y];
out[y] = out[z];
out[z] = mask;
++y;
--z;
}
}
else {
out[x++] = 0x00; /* zero value */
}
/* next word */
if (i < (int)inSz - 1) {
d = in[i + 1];
}
}
}
/* return length */
*outSz = len;
return 0;
}
#endif
int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx)
{
int length;
word32 i = *inOutIdx;
@@ -1143,10 +1164,10 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
if (oidType != oidIgnoreType) {
checkOid = OidFromId(*oid, oidType, &checkOidSz);
if (checkOid != NULL &&
(checkOidSz != actualOidSz ||
XMEMCMP(actualOid, checkOid, checkOidSz) != 0)) {
if (checkOid == NULL ||
(checkOid != NULL && (checkOidSz != actualOidSz ||
XMEMCMP(actualOid, checkOid, checkOidSz) != 0)))
{
WOLFSSL_MSG("OID Check Failed");
return ASN_UNKNOWN_OID_E;
}
@@ -2314,30 +2335,12 @@ static int StoreRsaKey(DecodedCert* cert)
static int CheckCurve(word32 oid)
{
int ret = 0;
word32 oidSz = 0;
switch (oid) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case ECC_160R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case ECC_192R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case ECC_224R1:
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case ECC_256R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case ECC_384R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case ECC_521R1:
#endif
break;
default:
ret = ALGO_ID_E;
ret = wc_ecc_get_oid(oid, NULL, &oidSz);
if (ret < 0 || oidSz <= 0) {
WOLFSSL_MSG("CheckCurve not found");
ret = ALGO_ID_E;
}
return ret;
@@ -3356,91 +3359,38 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
static int SetCurve(ecc_key* key, byte* output)
{
int ret;
int idx = 0;
word32 oidSz = 0;
/* curve types */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
static const byte ECC_192v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x03, 0x01, 0x01};
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
static const byte ECC_256v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x03, 0x01, 0x07};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
static const byte ECC_160r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x02};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
static const byte ECC_224r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x21};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
static const byte ECC_384r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x22};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
static const byte ECC_521r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x23};
#endif
/* validate key */
if (key == NULL || key->dp == NULL) {
return BAD_FUNC_ARG;
}
int oidSz = 0;
int idx = 0;
int lenSz = 0;
const byte* oid = 0;
#ifdef HAVE_OID_ENCODING
ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, NULL, &oidSz);
if (ret != 0) {
return ret;
}
#else
oidSz = key->dp->oidSz;
#endif
output[0] = ASN_OBJECT_ID;
idx++;
switch (key->dp->size) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case 20:
oidSz = sizeof(ECC_160r1_AlgoID);
oid = ECC_160r1_AlgoID;
break;
#endif
ret = SetLength(oidSz, output+idx);
idx += ret;
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case 24:
oidSz = sizeof(ECC_192v1_AlgoID);
oid = ECC_192v1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case 28:
oidSz = sizeof(ECC_224r1_AlgoID);
oid = ECC_224r1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case 32:
oidSz = sizeof(ECC_256v1_AlgoID);
oid = ECC_256v1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case 48:
oidSz = sizeof(ECC_384r1_AlgoID);
oid = ECC_384r1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case 66:
oidSz = sizeof(ECC_521r1_AlgoID);
oid = ECC_521r1_AlgoID;
break;
#endif
default:
return ASN_UNKNOWN_OID_E;
#ifdef HAVE_OID_ENCODING
ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, output+idx, &oidSz);
if (ret != 0) {
return ret;
}
lenSz = SetLength(oidSz, output+idx);
idx += lenSz;
XMEMCPY(output+idx, oid, oidSz);
#else
XMEMCPY(output+idx, key->dp->oid, oidSz);
#endif
idx += oidSz;
return idx;
@@ -4774,6 +4724,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
* index. It is works starting with the recorded extensions pointer.
*/
{
int ret;
word32 idx = 0;
int sz = cert->extensionsSz;
byte* input = cert->extensions;
@@ -4809,9 +4760,11 @@ static int DecodeCertExtensions(DecodedCert* cert)
}
oid = 0;
if (GetObjectId(input, &idx, &oid, oidCertExtType, sz) < 0) {
WOLFSSL_MSG("\tfail: OBJECT ID");
return ASN_PARSE_E;
if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) {
if (ret != ASN_UNKNOWN_OID_E) {
WOLFSSL_MSG("\tfail: OBJECT ID");
return ret;
}
}
/* check for critical flag */

844
wolfcrypt/src/ecc.c
View File

File diff suppressed because it is too large Load Diff

112
wolfcrypt/test/test.c
View File

@@ -6443,6 +6443,20 @@ static int ecc_test_vector(int keySize)
vec.keySize = keySize;
switch(keySize) {
#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
case 14:
return 0;
#endif /* HAVE_ECC112 */
#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
case 16:
return 0;
#endif /* HAVE_ECC128 */
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
case 20:
return 0;
#endif /* HAVE_ECC160 */
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
case 24:
/* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
@@ -6499,6 +6513,11 @@ static int ecc_test_vector(int keySize)
break;
#endif /* HAVE_ECC224 */
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
case 30:
return 0;
#endif /* HAVE_ECC239 */
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
case 32:
/* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
@@ -6527,6 +6546,11 @@ static int ecc_test_vector(int keySize)
break;
#endif /* !NO_ECC256 */
#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
case 40:
return 0;
#endif /* HAVE_ECC320 */
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
case 48:
/* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
@@ -6555,6 +6579,11 @@ static int ecc_test_vector(int keySize)
break;
#endif /* HAVE_ECC384 */
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
case 64:
return 0;
#endif /* HAVE_ECC512 */
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
case 66:
/* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
@@ -6673,7 +6702,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
}
#endif /* WOLFSSL_KEY_GEN */
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
const ecc_set_type* dp)
int curve_id)
{
#ifdef BENCH_EMBEDDED
byte sharedA[128]; /* Needs to be at least keySize */
@@ -6701,7 +6730,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
wc_ecc_init(&userB);
wc_ecc_init(&pubKey);
ret = wc_ecc_make_key_ex(rng, keySize, &userA, dp);
ret = wc_ecc_make_key_ex(rng, keySize, &userA, curve_id);
if (ret != 0)
ERROR_OUT(-1014, done);
@@ -6709,15 +6738,17 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
if (ret != 0)
ERROR_OUT(-1023, done);
ret = wc_ecc_make_key_ex(rng, keySize, &userB, dp);
ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id);
if (ret != 0)
ERROR_OUT(-1002, done);
#ifdef HAVE_ECC_DHE
x = sizeof(sharedA);
ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x);
if (ret != 0)
if (ret != 0) {
printf("wc_ecc_shared_secret %d\n", ret);
ERROR_OUT(-1015, done);
}
y = sizeof(sharedB);
ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y);
@@ -6738,7 +6769,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
ERROR_OUT(-1006, done);
#ifdef HAVE_ECC_KEY_IMPORT
ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, dp);
ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id);
if (ret != 0)
ERROR_OUT(-1007, done);
@@ -6761,7 +6792,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
wc_ecc_free(&pubKey);
wc_ecc_init(&pubKey);
ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, dp);
ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id);
if (ret != 0)
ERROR_OUT(-1011, done);
@@ -6847,7 +6878,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
{
int ret;
ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, NULL);
ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF);
if (ret < 0) {
printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
return ret;
@@ -6881,6 +6912,24 @@ int ecc_test(void)
if (ret != 0)
return -1001;
#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 14);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC112 */
#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 16);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC128 */
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 20);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC160 */
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 24);
if (ret < 0) {
@@ -6893,18 +6942,36 @@ int ecc_test(void)
goto done;
}
#endif /* HAVE_ECC224 */
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 30);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC239 */
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 32);
if (ret < 0) {
goto done;
}
#endif /* !NO_ECC256 */
#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 40);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC320 */
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 48);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC384 */
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 64);
if (ret < 0) {
goto done;
}
#endif /* HAVE_ECC512 */
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
ret = ecc_test_curve(&rng, 66);
if (ret < 0) {
@@ -6913,23 +6980,22 @@ int ecc_test(void)
#endif /* HAVE_ECC521 */
#if defined(WOLFSSL_CUSTOM_CURVES)
/* Test and demonstrate use of Brainpool256 curve */
const ecc_set_type ecc_cust_dp = {
32, /* size/bytes */
0, /* NID - not required */
"BRAINPOOLP256R1", /* curve name */
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
};
ret = ecc_test_curve_size(&rng, 0, ECC_TEST_VERIFY_COUNT, &ecc_cust_dp);
if (ret < 0) {
printf("ecc_test_curve_size custom failed!: %d\n", ret);
goto done;
#if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
{
int curve_id;
#ifdef HAVE_ECC_BRAINPOOL
curve_id = ECC_BRAINPOOLP256R1;
#else
curve_id = ECC_SECP256K1;
#endif
/* Test and demonstrate use of non-SECP curve */
ret = ecc_test_curve_size(&rng, 0, ECC_TEST_VERIFY_COUNT, curve_id);
if (ret < 0) {
printf("ecc_test_curve_size: type %d: failed!: %d\n", curve_id, ret);
goto done;
}
}
#endif
#endif
done:

37
wolfssl/openssl/ec.h
View File

@@ -5,6 +5,7 @@
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/wolfcrypt/ecc.h>
#ifdef __cplusplus
extern "C" {
@@ -13,15 +14,33 @@ extern "C" {
/* Map OpenSSL NID value */
enum {
POINT_CONVERSION_UNCOMPRESSED = 4,
NID_secp112r1 = 0,
NID_secp128r1 = 1,
NID_secp160r1 = 2,
NID_X9_62_prime192v1 = 3,
NID_secp224r1 = 4,
NID_X9_62_prime256v1 = 5,
NID_secp384r1 = 6,
NID_secp521r1 = 7,
NID_X9_62_prime_field = 100,
#ifdef HAVE_ECC
/* Use ecc_curve_type enum values for NID */
NID_X9_62_prime192v1 = ECC_SECP192R1,
NID_X9_62_prime256v1 = ECC_SECP256R1,
NID_secp112r1 = ECC_SECP112R1,
NID_secp112r2 = ECC_SECP112R2,
NID_secp128r1 = ECC_SECP128R1,
NID_secp128r2 = ECC_SECP128R2,
NID_secp160r1 = ECC_SECP160R1,
NID_secp160r2 = ECC_SECP160R2,
NID_secp224r1 = ECC_SECP224R1,
NID_secp384r1 = ECC_SECP384R1,
NID_secp521r1 = ECC_SECP521R1,
NID_secp160k1 = ECC_SECP160K1,
NID_secp192k1 = ECC_SECP192K1,
NID_secp224k1 = ECC_SECP224K1,
NID_secp256k1 = ECC_SECP256K1,
NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1,
NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1,
NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1,
NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1,
NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1,
NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1,
NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1,
#endif
OPENSSL_EC_NAMED_CURVE = 0x001
};

36
wolfssl/ssl.h
View File

@@ -1573,12 +1573,36 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
/* Elliptic Curves */
enum {
WOLFSSL_ECC_SECP160R1 = 0x10,
WOLFSSL_ECC_SECP192R1 = 0x13,
WOLFSSL_ECC_SECP224R1 = 0x15,
WOLFSSL_ECC_SECP256R1 = 0x17,
WOLFSSL_ECC_SECP384R1 = 0x18,
WOLFSSL_ECC_SECP521R1 = 0x19
#if 0 /* Not Supported */
WOLFSSL_ECC_SECT163K1 = 1,
WOLFSSL_ECC_SECT163R1 = 2,
WOLFSSL_ECC_SECT163R2 = 3,
WOLFSSL_ECC_SECT193R1 = 4,
WOLFSSL_ECC_SECT193R2 = 5,
WOLFSSL_ECC_SECT233K1 = 6,
WOLFSSL_ECC_SECT233R1 = 7,
WOLFSSL_ECC_SECT239K1 = 8,
WOLFSSL_ECC_SECT283K1 = 9,
WOLFSSL_ECC_SECT283R1 = 10,
WOLFSSL_ECC_SECT409K1 = 11,
WOLFSSL_ECC_SECT409R1 = 12,
WOLFSSL_ECC_SECT571K1 = 13,
WOLFSSL_ECC_SECT571R1 = 14,
#endif
WOLFSSL_ECC_SECP160K1 = 15,
WOLFSSL_ECC_SECP160R1 = 16,
WOLFSSL_ECC_SECP160R2 = 17,
WOLFSSL_ECC_SECP192K1 = 18,
WOLFSSL_ECC_SECP192R1 = 19,
WOLFSSL_ECC_SECP224K1 = 20,
WOLFSSL_ECC_SECP224R1 = 21,
WOLFSSL_ECC_SECP256K1 = 22,
WOLFSSL_ECC_SECP256R1 = 23,
WOLFSSL_ECC_SECP384R1 = 24,
WOLFSSL_ECC_SECP521R1 = 25,
WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
};
#ifdef HAVE_SUPPORTED_CURVES

37
wolfssl/wolfcrypt/asn.h
View File

@@ -241,12 +241,33 @@ enum Key_Sum {
enum Ecc_Sum {
ECC_256R1 = 526,
ECC_384R1 = 210,
ECC_521R1 = 211,
ECC_160R1 = 184,
ECC_192R1 = 520,
ECC_224R1 = 209
ECC_SECP112R1_OID = 182,
ECC_SECP112R2_OID = 183,
ECC_SECP128R1_OID = 204,
ECC_SECP128R2_OID = 205,
ECC_SECP160R1_OID = 184,
ECC_SECP160R2_OID = 206,
ECC_SECP160K1_OID = 185,
ECC_BRAINPOOLP160R1_OID = 98,
ECC_SECP192R1_OID = 520,
ECC_PRIME192V2_OID = 521,
ECC_PRIME192V3_OID = 522,
ECC_SECP192K1_OID = 207,
ECC_BRAINPOOLP192R1_OID = 100,
ECC_SECP224R1_OID = 209,
ECC_SECP224K1_OID = 208,
ECC_BRAINPOOLP224R1_OID = 102,
ECC_PRIME239V1_OID = 523,
ECC_PRIME239V2_OID = 524,
ECC_PRIME239V3_OID = 525,
ECC_SECP256R1_OID = 526,
ECC_SECP256K1_OID = 186,
ECC_BRAINPOOLP256R1_OID = 104,
ECC_BRAINPOOLP320R1_OID = 106,
ECC_SECP384R1_OID = 210,
ECC_BRAINPOOLP384R1_OID = 108,
ECC_BRAINPOOLP512R1_OID = 110,
ECC_SECP521R1_OID = 211,
};
@@ -628,6 +649,10 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
int* version);
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx);
#ifdef HAVE_OID_ENCODING
WOLFSSL_LOCAL int EncodeObjectId(const word32* in, word32 inSz,
byte* out, word32* outSz);
#endif
WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx);
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,

79
wolfssl/wolfcrypt/ecc.h
View File

@@ -43,14 +43,55 @@ enum {
ECC_MINSIZE = 20, /* MIN Private Key size */
ECC_MAXSIZE = 66, /* MAX Private Key size */
ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
ECC_MAX_PAD_SZ = 4 /* ECC maximum padding size */
ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */
ECC_MAX_OID_LEN = 16,
};
/* Curve Types */
typedef enum ecc_curve_id {
ECC_CURVE_DEF, /* NIST or SECP */
/* ECC set type defined a NIST GF(p) curve */
/* NIST Prime Curves */
ECC_SECP192R1,
ECC_PRIME192V2,
ECC_PRIME192V3,
ECC_PRIME239V1,
ECC_PRIME239V2,
ECC_PRIME239V3,
ECC_SECP256R1,
/* SECP Curves */
ECC_SECP112R1,
ECC_SECP112R2,
ECC_SECP128R1,
ECC_SECP128R2,
ECC_SECP160R1,
ECC_SECP160R2,
ECC_SECP224R1,
ECC_SECP384R1,
ECC_SECP521R1,
/* Koblitz */
ECC_SECP160K1,
ECC_SECP192K1,
ECC_SECP224K1,
ECC_SECP256K1,
/* Brainpool Curves */
ECC_BRAINPOOLP160R1,
ECC_BRAINPOOLP192R1,
ECC_BRAINPOOLP224R1,
ECC_BRAINPOOLP256R1,
ECC_BRAINPOOLP320R1,
ECC_BRAINPOOLP384R1,
ECC_BRAINPOOLP512R1,
} ecc_curve_id;
/* ECC set type defined a GF(p) curve */
typedef struct {
int size; /* The size of the curve in octets */
int nid; /* id of this curve */
int id; /* id of this curve */
const char* name; /* name of this curve */
const char* prime; /* prime that defines the field, curve is in (hex) */
const char* Af; /* fields A param (hex) */
@@ -58,16 +99,35 @@ typedef struct {
const char* order; /* order of the curve (hex) */
const char* Gx; /* x coordinate of the base point on curve (hex) */
const char* Gy; /* y coordinate of the base point on curve (hex) */
#ifdef HAVE_OID_ENCODING
const word32 oid[ECC_MAX_OID_LEN];
#else
const byte oid[ECC_MAX_OID_LEN];
/* OID encoded with ASN scheme:
first element = (oid[0] * 40) + oid[1]
if any element > 127 then MSB 0x80 indicates additional byte */
#endif
word32 oidSz;
word32 oidSum; /* sum of encoded OID bytes */
int cofactor;
} ecc_set_type;
/* Use this as the key->idx if a custom ecc_set is used for key->dp */
#define ECC_CUSTOM_IDX (-1)
/* Determine max ECC bits based on enabled curves */
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#define MAX_ECC_BITS 521
#elif defined(HAVE_ECC512)
#define MAX_ECC_BITS 512
#elif defined(HAVE_ECC384)
#define MAX_ECC_BITS 384
#elif defined(HAVE_ECC320)
#define MAX_ECC_BITS 320
#elif defined(HAVE_ECC239)
#define MAX_ECC_BITS 239
#elif defined(HAVE_ECC224)
#define MAX_ECC_BITS 224
#elif !defined(NO_ECC256)
@@ -180,7 +240,7 @@ WOLFSSL_API
int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
WOLFSSL_API
int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
const ecc_set_type* dp);
int curve_id);
WOLFSSL_API
int wc_ecc_check_key(ecc_key* key);
@@ -257,7 +317,7 @@ WOLFSSL_API
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
WOLFSSL_API
int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
const ecc_set_type* dp);
int curve_id);
WOLFSSL_API
int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key);
@@ -268,7 +328,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
const char* d, const char* curveName);
WOLFSSL_API
int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
const char* d, const ecc_set_type* dp);
const char* d, int curve_id);
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
@@ -292,6 +352,13 @@ int wc_ecc_size(ecc_key* key);
WOLFSSL_API
int wc_ecc_sig_size(ecc_key* key);
WOLFSSL_API
int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
#ifdef WOLFSSL_CUSTOM_CURVES
WOLFSSL_API
int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
#endif
#ifdef HAVE_ECC_ENCRYPT
/* ecc encrypt */