From 3c06dd6fa8d1c35f1f60483f394bed275b38a7ec Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 6 Jul 2021 11:30:26 +1000 Subject: [PATCH] SP ECC: calc vfy point not check mod_inv return Not all implementations return an error though. --- wolfcrypt/src/sp_arm32.c | 22 +++++++-------- wolfcrypt/src/sp_arm64.c | 22 +++++++-------- wolfcrypt/src/sp_armthumb.c | 22 +++++++-------- wolfcrypt/src/sp_c32.c | 22 +++++++-------- wolfcrypt/src/sp_c64.c | 22 +++++++-------- wolfcrypt/src/sp_cortexm.c | 22 +++++++-------- wolfcrypt/src/sp_x86_64.c | 55 ++++++++++++++++++++----------------- 7 files changed, 90 insertions(+), 97 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index bb866cd6a..40dc9db07 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -36941,14 +36941,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_8(s, s, p256_order); - } + err = sp_256_mod_inv_8(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_8(s, s, p256_norm_order); + err = sp_256_mod_8(s, s, p256_order); } - err = sp_256_mod_8(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_8(s); #ifdef WOLFSSL_SP_SMALL @@ -36957,15 +36956,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #else { sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) { p1->infinity = 1; @@ -46226,14 +46225,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_12(s, s, p384_order); - } + err = sp_384_mod_inv_12(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_12(s, s, p384_norm_order); + err = sp_384_mod_12(s, s, p384_order); } - err = sp_384_mod_12(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_12(s); #ifdef WOLFSSL_SP_SMALL @@ -46242,15 +46240,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #else { sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 57b9a25f7..38609fc40 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -38496,14 +38496,13 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_4(s, s, p256_order); - } + err = sp_256_mod_inv_4(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_4(s, s, p256_norm_order); + err = sp_256_mod_4(s, s, p256_order); } - err = sp_256_mod_4(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_4(s); #ifdef WOLFSSL_SP_SMALL @@ -38512,15 +38511,15 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_4(u1, u1, s); sp_256_mont_mul_order_4(u2, u2, s); } - #else { sp_256_mont_mul_order_4(u1, u1, s); sp_256_mont_mul_order_4(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_4(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_4(p1->z)) { p1->infinity = 1; @@ -64140,14 +64139,13 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_6(s, s, p384_order); - } + err = sp_384_mod_inv_6(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_6(s, s, p384_norm_order); + err = sp_384_mod_6(s, s, p384_order); } - err = sp_384_mod_6(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_6(s); #ifdef WOLFSSL_SP_SMALL @@ -64156,15 +64154,15 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_6(u1, u1, s); sp_384_mont_mul_order_6(u2, u2, s); } - #else { sp_384_mont_mul_order_6(u1, u1, s); sp_384_mont_mul_order_6(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_6(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_6(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index cde9ded9f..cd4d5fa93 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -41367,14 +41367,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_8(s, s, p256_order); - } + err = sp_256_mod_inv_8(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_8(s, s, p256_norm_order); + err = sp_256_mod_8(s, s, p256_order); } - err = sp_256_mod_8(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_8(s); #ifdef WOLFSSL_SP_SMALL @@ -41383,15 +41382,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #else { sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) { p1->infinity = 1; @@ -51773,14 +51772,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_12(s, s, p384_order); - } + err = sp_384_mod_inv_12(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_12(s, s, p384_norm_order); + err = sp_384_mod_12(s, s, p384_order); } - err = sp_384_mod_12(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_12(s); #ifdef WOLFSSL_SP_SMALL @@ -51789,15 +51787,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #else { sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index af9ccc0e1..ef7107288 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -25952,14 +25952,13 @@ static int sp_256_calc_vfy_point_9(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_9(s, s, p256_order); - } + err = sp_256_mod_inv_9(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_9(s, s, p256_norm_order); + err = sp_256_mod_9(s, s, p256_order); } - err = sp_256_mod_9(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_9(s); #ifdef WOLFSSL_SP_SMALL @@ -25968,15 +25967,15 @@ static int sp_256_calc_vfy_point_9(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_9(u1, u1, s); sp_256_mont_mul_order_9(u2, u2, s); } - #else { sp_256_mont_mul_order_9(u1, u1, s); sp_256_mont_mul_order_9(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_9(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_9(p1->z)) { p1->infinity = 1; @@ -33743,14 +33742,13 @@ static int sp_384_calc_vfy_point_15(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_15(s, s, p384_order); - } + err = sp_384_mod_inv_15(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_15(s, s, p384_norm_order); + err = sp_384_mod_15(s, s, p384_order); } - err = sp_384_mod_15(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_15(s); #ifdef WOLFSSL_SP_SMALL @@ -33759,15 +33757,15 @@ static int sp_384_calc_vfy_point_15(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_15(u1, u1, s); sp_384_mont_mul_order_15(u2, u2, s); } - #else { sp_384_mont_mul_order_15(u1, u1, s); sp_384_mont_mul_order_15(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_15(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_15(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 63f481b17..c8671d49b 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -27144,14 +27144,13 @@ static int sp_256_calc_vfy_point_5(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_5(s, s, p256_order); - } + err = sp_256_mod_inv_5(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_5(s, s, p256_norm_order); + err = sp_256_mod_5(s, s, p256_order); } - err = sp_256_mod_5(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_5(s); #ifdef WOLFSSL_SP_SMALL @@ -27160,15 +27159,15 @@ static int sp_256_calc_vfy_point_5(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_5(u1, u1, s); sp_256_mont_mul_order_5(u2, u2, s); } - #else { sp_256_mont_mul_order_5(u1, u1, s); sp_256_mont_mul_order_5(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_5(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_5(p1->z)) { p1->infinity = 1; @@ -34366,14 +34365,13 @@ static int sp_384_calc_vfy_point_7(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_7(s, s, p384_order); - } + err = sp_384_mod_inv_7(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_7(s, s, p384_norm_order); + err = sp_384_mod_7(s, s, p384_order); } - err = sp_384_mod_7(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_7(s); #ifdef WOLFSSL_SP_SMALL @@ -34382,15 +34380,15 @@ static int sp_384_calc_vfy_point_7(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_7(u1, u1, s); sp_384_mont_mul_order_7(u2, u2, s); } - #else { sp_384_mont_mul_order_7(u1, u1, s); sp_384_mont_mul_order_7(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_7(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_7(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index f147dcf13..9891ea971 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -22285,14 +22285,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_256_mod_inv_8(s, s, p256_order); - } + err = sp_256_mod_inv_8(s, s, p256_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_256_mul_8(s, s, p256_norm_order); + err = sp_256_mod_8(s, s, p256_order); } - err = sp_256_mod_8(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_8(s); #ifdef WOLFSSL_SP_SMALL @@ -22301,15 +22300,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #else { sp_256_mont_mul_order_8(u1, u1, s); sp_256_mont_mul_order_8(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) { p1->infinity = 1; @@ -29516,14 +29515,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, int err; #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_12(s, s, p384_order); - } + err = sp_384_mod_inv_12(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ { sp_384_mul_12(s, s, p384_norm_order); + err = sp_384_mod_12(s, s, p384_order); } - err = sp_384_mod_12(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_12(s); #ifdef WOLFSSL_SP_SMALL @@ -29532,15 +29530,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #else { sp_384_mont_mul_order_12(u1, u1, s); sp_384_mont_mul_order_12(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ + { err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) { p1->infinity = 1; diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 82f1c9ef7..f70f39a2a 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -23945,16 +23945,18 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, sp_256_mod_inv_4(s, s, p256_order); } #endif /* !WOLFSSL_SP_SMALL */ -#ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { - sp_256_mul_avx2_4(s, s, p256_norm_order); - } - else -#endif { - sp_256_mul_4(s, s, p256_norm_order); +#ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + sp_256_mul_avx2_4(s, s, p256_norm_order); + } + else +#endif + { + sp_256_mul_4(s, s, p256_norm_order); + } + err = sp_256_mod_4(s, s, p256_order); } - err = sp_256_mod_4(s, s, p256_order); if (err == MP_OKAY) { sp_256_norm_4(s); #ifdef WOLFSSL_SP_SMALL @@ -23971,7 +23973,6 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_4(u1, u1, s); sp_256_mont_mul_order_4(u2, u2, s); } - #else #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { @@ -23984,14 +23985,16 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, sp_256_mont_mul_order_4(u1, u1, s); sp_256_mont_mul_order_4(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap); + } else #endif + { err = sp_256_ecc_mulmod_base_4(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_256_iszero_4(p1->z)) { p1->infinity = 1; @@ -48523,20 +48526,21 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, #endif #ifndef WOLFSSL_SP_SMALL - { - sp_384_mod_inv_6(s, s, p384_order); - } + err = sp_384_mod_inv_6(s, s, p384_order); + if (err == MP_OKAY) #endif /* !WOLFSSL_SP_SMALL */ -#ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { - sp_384_mul_avx2_6(s, s, p384_norm_order); - } - else -#endif { - sp_384_mul_6(s, s, p384_norm_order); +#ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + sp_384_mul_avx2_6(s, s, p384_norm_order); + } + else +#endif + { + sp_384_mul_6(s, s, p384_norm_order); + } + err = sp_384_mod_6(s, s, p384_order); } - err = sp_384_mod_6(s, s, p384_order); if (err == MP_OKAY) { sp_384_norm_6(s); #ifdef WOLFSSL_SP_SMALL @@ -48553,7 +48557,6 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_6(u1, u1, s); sp_384_mont_mul_order_6(u2, u2, s); } - #else #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { @@ -48566,14 +48569,16 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, sp_384_mont_mul_order_6(u1, u1, s); sp_384_mont_mul_order_6(u2, u2, s); } - #endif /* WOLFSSL_SP_SMALL */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap); + } else #endif + { err = sp_384_ecc_mulmod_base_6(p1, u1, 0, 0, heap); + } } if ((err == MP_OKAY) && sp_384_iszero_6(p1->z)) { p1->infinity = 1;