mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:30:54 +02:00
SP int: fixes from AI review
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to unit.test. sp_int.c: Fixes to comments. Added more define build options documentation to top of file. Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined. Fixes for when a->used is 0 and no underflow - not actually a problem but cleaner code. sp_sub has different checks on a->used when values are only positive. sp_dic_2d missing check for e less than zero. sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i to int to handle a->used of 0 and make code tidier. Configuration testing fixes. Fix formatting in test.c. Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
This commit is contained in:
@@ -644,6 +644,7 @@ WC_NO_RNG_SIMPLE
|
||||
WC_NO_STATIC_ASSERT
|
||||
WC_NO_VERBOSE_RNG
|
||||
WC_PKCS11_FIND_WITH_ID_ONLY
|
||||
WC_PKCS12_PBKDF_USING_MP_API
|
||||
WC_PROTECT_ENCRYPTED_MEM
|
||||
WC_RNG_BLOCKING
|
||||
WC_RSA_NONBLOCK
|
||||
|
||||
+1
-1
@@ -23560,7 +23560,7 @@ static int test_wolfSSL_X509_print(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
|
||||
!defined(NO_RSA) && defined(XSNPRINTF)
|
||||
!defined(NO_RSA) && defined(XSNPRINTF) && !defined(WC_DISABLE_RADIX_ZERO_PAD)
|
||||
X509 *x509 = NULL;
|
||||
BIO *bio = NULL;
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/pkcs12.h>
|
||||
#include <wolfssl/wolfcrypt/pwdbased.h>
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <tests/api/api.h>
|
||||
#include <tests/api/test_pkcs12.h>
|
||||
@@ -271,3 +272,407 @@ int test_wc_d2i_PKCS12_oid_underflow(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256)
|
||||
/* Test vectors from RFC 7292 Appendix B (SHA-256 based) */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
|
||||
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
|
||||
0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
|
||||
0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
|
||||
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
|
||||
};
|
||||
byte derived[24];
|
||||
|
||||
/* bad args */
|
||||
ExpectIntNE(wc_PKCS12_PBKDF(NULL, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, 0,
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
|
||||
salt, 0, 1, 24, WC_SHA256, 1), 0);
|
||||
|
||||
/* 1 iteration */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
|
||||
|
||||
/* 1000 iterations */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
|
||||
|
||||
/* iterations <= 0 treated as 1 */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256)
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
|
||||
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
|
||||
0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
|
||||
0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
|
||||
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
|
||||
};
|
||||
byte derived[24];
|
||||
byte derived2[24];
|
||||
|
||||
/* bad args */
|
||||
ExpectIntNE(wc_PKCS12_PBKDF_ex(NULL, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
|
||||
ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, 0,
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
|
||||
ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, 0, 1, 24, WC_SHA256, 1, NULL), 0);
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
|
||||
|
||||
/* _ex and non-_ex produce identical output */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF(derived2, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, derived2, 24), 0);
|
||||
|
||||
/* id 2 (IV) and id 3 (MAC) also accepted */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 2, NULL), 0);
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha1(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-1 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
|
||||
0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
|
||||
0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
|
||||
0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
|
||||
0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
|
||||
};
|
||||
byte derived[24];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 24, WC_SHA, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 24, WC_SHA, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x13, 0x04, 0xA9, 0xF0, 0x01, 0x53, 0x74, 0x25,
|
||||
0x24, 0x12, 0x7D, 0x51, 0xD5, 0x98, 0xBC, 0x04,
|
||||
0x7E, 0x64, 0x09, 0x03, 0x09, 0xCA, 0x84, 0xEB,
|
||||
0x31, 0x2E, 0xB3, 0xBA, 0xD5, 0x60, 0xDD, 0x8D,
|
||||
0x2C, 0x71, 0xAB, 0xA4, 0xF2, 0x15, 0xAB, 0x31,
|
||||
0xF3, 0xBC, 0x42, 0xB6, 0xE8, 0x5D, 0xBF, 0x89
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0xBC, 0xD9, 0x78, 0x3D, 0x77, 0x8D, 0xA0, 0xE4,
|
||||
0x69, 0x00, 0x0B, 0x28, 0xE0, 0xD5, 0xDF, 0xDA,
|
||||
0xF3, 0xC9, 0x8D, 0x77, 0x39, 0xF9, 0x76, 0x84,
|
||||
0x1D, 0xE9, 0x61, 0x79, 0x50, 0x16, 0x6B, 0xA5,
|
||||
0x1B, 0x1D, 0x07, 0x65, 0x1B, 0x4B, 0x98, 0x91,
|
||||
0xAF, 0xE1, 0x80, 0x15, 0x39, 0xA3, 0x42, 0xDD
|
||||
};
|
||||
byte derived[48];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 48, WC_SHA512, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 48), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 48, WC_SHA512, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 48), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha224(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA224)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-224 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x96, 0x22, 0xB0, 0x87, 0xFF, 0xE5, 0xDC, 0xB2,
|
||||
0xA6, 0xE1, 0x67, 0x3A, 0x44, 0x11, 0x50, 0x00,
|
||||
0x67, 0xE7, 0x10, 0xB4, 0xE6, 0x63, 0x4D, 0xCF,
|
||||
0x37, 0x0C, 0x25, 0x3C
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0x9A, 0x30, 0xD2, 0xD2, 0x14, 0x47, 0x64, 0x3D,
|
||||
0x9B, 0xFA, 0x43, 0x49, 0x0F, 0x81, 0x3D, 0x9D,
|
||||
0x5E, 0x0E, 0xB9, 0x0D, 0xAF, 0xA6, 0x80, 0x2C,
|
||||
0xF9, 0x33, 0x3B, 0x9D
|
||||
};
|
||||
byte derived[28];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 28, WC_SHA224, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 28), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 28, WC_SHA224, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 28), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha384(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA384)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-384 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x17, 0xD5, 0x0F, 0x1F, 0x21, 0x8A, 0x3B, 0xC9,
|
||||
0x6E, 0x10, 0x41, 0xBA, 0xEC, 0xF0, 0xA1, 0xF2,
|
||||
0x11, 0x99, 0x56, 0x55, 0x2B, 0xD0, 0x38, 0x80,
|
||||
0x9A, 0x40, 0x2F, 0x13, 0x0A, 0x24, 0x67, 0xFA,
|
||||
0x49, 0xED, 0xFA, 0x6A, 0x83, 0xB5, 0x40, 0x69,
|
||||
0xFB, 0x73, 0xB7, 0x48, 0x44, 0x33, 0x1A, 0xC3
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0x7F, 0x50, 0xFB, 0x97, 0xF1, 0x7C, 0x01, 0x15,
|
||||
0xA2, 0x0A, 0xCB, 0x88, 0x68, 0xFC, 0x37, 0xA7,
|
||||
0x88, 0x8C, 0xD7, 0x1A, 0xF3, 0x1D, 0xB2, 0xDD,
|
||||
0x93, 0xCF, 0x44, 0xED, 0xC9, 0xA4, 0x61, 0x04,
|
||||
0xBE, 0x4E, 0x16, 0x86, 0x36, 0xF1, 0x6E, 0x65,
|
||||
0x41, 0xE0, 0xD7, 0xC3, 0xE2, 0x4D, 0x95, 0x99
|
||||
};
|
||||
byte derived[48];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 48, WC_SHA384, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 48), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 48, WC_SHA384, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 48), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512_224(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \
|
||||
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512/224 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0xE1, 0xAD, 0xB3, 0x9E, 0x3E, 0x72, 0x85, 0x11,
|
||||
0x28, 0xFC, 0xF8, 0x5F, 0x4A, 0xBE, 0x74, 0x99,
|
||||
0x7B, 0x02, 0xF0, 0x8B, 0x47, 0x1B, 0x71, 0x40,
|
||||
0xB9, 0x7C, 0x03, 0x83
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0xF0, 0x3F, 0x58, 0x16, 0x8B, 0x0C, 0xF5, 0x09,
|
||||
0xC5, 0x7F, 0x20, 0xD2, 0x24, 0xEC, 0x27, 0xAE,
|
||||
0xC2, 0xA6, 0xBB, 0x21, 0xE5, 0x76, 0x5A, 0xF8,
|
||||
0x3C, 0xA6, 0x2A, 0xA6
|
||||
};
|
||||
byte derived[28];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 28, WC_SHA512_224, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 28), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 28, WC_SHA512_224, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 28), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512_256(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \
|
||||
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
|
||||
/* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512/256 */
|
||||
static const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
static const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
static const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
static const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
static const byte verify[] = {
|
||||
0x08, 0x41, 0xAA, 0x5C, 0xBC, 0xEE, 0xA4, 0x3F,
|
||||
0x34, 0xA4, 0xDA, 0xB1, 0xEB, 0x83, 0x7E, 0xF1,
|
||||
0x84, 0xBC, 0x30, 0x75, 0x40, 0x94, 0x95, 0x1F,
|
||||
0xAE, 0x25, 0xAA, 0xD1, 0xFD, 0x80, 0x2B, 0x5B
|
||||
};
|
||||
static const byte verify2[] = {
|
||||
0xC9, 0x44, 0xE9, 0x01, 0x53, 0x03, 0x64, 0xB9,
|
||||
0x61, 0x6E, 0x7F, 0xAE, 0xAA, 0x8E, 0x2D, 0xBB,
|
||||
0xE1, 0xAC, 0x45, 0x34, 0x58, 0x08, 0xB9, 0xE6,
|
||||
0xFA, 0x61, 0xF6, 0x1D, 0x15, 0x84, 0x15, 0x75
|
||||
};
|
||||
byte derived[32];
|
||||
|
||||
/* 1 iteration, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
|
||||
salt, (int)sizeof(salt), 1, 32, WC_SHA512_256, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify, 32), 0);
|
||||
|
||||
/* 1000 iterations, NULL heap */
|
||||
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
|
||||
salt2, (int)sizeof(salt2), 1000, 32, WC_SHA512_256, 1, NULL), 0);
|
||||
ExpectIntEQ(XMEMCMP(derived, verify2, 32), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
+21
-5
@@ -28,11 +28,27 @@ int test_wc_i2d_PKCS12(void);
|
||||
int test_wc_PKCS12_create(void);
|
||||
int test_wc_d2i_PKCS12_bad_mac_salt(void);
|
||||
int test_wc_d2i_PKCS12_oid_underflow(void);
|
||||
int test_wc_PKCS12_PBKDF(void);
|
||||
int test_wc_PKCS12_PBKDF_ex(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha1(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha224(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha384(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512_224(void);
|
||||
int test_wc_PKCS12_PBKDF_ex_sha512_256(void);
|
||||
|
||||
#define TEST_PKCS12_DECLS \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_oid_underflow)
|
||||
#define TEST_PKCS12_DECLS \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_oid_underflow), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha1), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha224), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha384), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512_224), \
|
||||
TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512_256)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_PKCS12_H */
|
||||
|
||||
@@ -1517,12 +1517,13 @@ static const char* bench_result_words1[][5] = {
|
||||
#endif
|
||||
};
|
||||
|
||||
#if !defined(NO_RSA) || \
|
||||
defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
|
||||
defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM)
|
||||
#if ((!defined(NO_RSA) || \
|
||||
defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
|
||||
defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_DILITHIUM)) && !defined(WC_NO_RNG)) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM)
|
||||
|
||||
static const char* bench_desc_words[][15] = {
|
||||
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 */
|
||||
@@ -2057,11 +2058,11 @@ static const char* bench_result_words3[][5] = {
|
||||
#endif
|
||||
|
||||
#if defined(BENCH_ASYM)
|
||||
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
|
||||
defined(WOLFSSL_HAVE_LMS)
|
||||
#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \
|
||||
!defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM)
|
||||
static const char* bench_result_words2[][6] = {
|
||||
#ifdef BENCH_MICROSECOND
|
||||
{ "ops took", "μsec" , "avg" , "ops/μsec", "cycles/op",
|
||||
@@ -3201,11 +3202,11 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
|
||||
} /* bench_stats_sym_finish */
|
||||
|
||||
#ifdef BENCH_ASYM
|
||||
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
|
||||
defined(WOLFSSL_HAVE_LMS)
|
||||
#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \
|
||||
!defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM)
|
||||
static void bench_stats_asym_finish_ex(const char* algo, int strength,
|
||||
const char* desc, const char* desc_extra, int useDeviceID, int count,
|
||||
double start, int ret)
|
||||
@@ -4567,7 +4568,7 @@ static void* benchmarks_do(void* args)
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN))
|
||||
bench_falconKeySign(5);
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG)
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
|
||||
bench_dilithiumKeySign(2);
|
||||
@@ -9643,7 +9644,7 @@ void bench_srtpkdf(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_RSA
|
||||
#if !defined(NO_RSA) && !defined(WC_NO_RNG)
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
|
||||
@@ -10285,7 +10286,7 @@ exit:
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
#endif /* !NO_RSA */
|
||||
#endif /* !NO_RSA && !WC_NO_RNG */
|
||||
|
||||
|
||||
#if !defined(NO_DH) && !defined(WC_NO_RNG)
|
||||
@@ -14329,7 +14330,7 @@ void bench_falconKeySign(byte level)
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG)
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
|
||||
@@ -15675,7 +15676,7 @@ out:
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_DILITHIUM && !WC_NO_RNG */
|
||||
|
||||
#ifdef HAVE_SPHINCS
|
||||
void bench_sphincsKeySign(byte level, byte optim)
|
||||
|
||||
@@ -2227,8 +2227,10 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
|
||||
#endif
|
||||
XFREE(y, key->heap, DYNAMIC_TYPE_DH);
|
||||
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
|
||||
#if !defined(WOLFSSL_SP_MATH)
|
||||
mp_memzero_check(x);
|
||||
mp_memzero_check(z);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -108,10 +108,10 @@ static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
|
||||
#if defined(_MSC_VER) && !(__WATCOMC__)
|
||||
#include <intrin.h>
|
||||
|
||||
typedef struct word128 {
|
||||
typedef struct poly1305_word128 {
|
||||
word64 lo;
|
||||
word64 hi;
|
||||
} word128;
|
||||
} poly1305_word128;
|
||||
|
||||
#define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
|
||||
#define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; \
|
||||
@@ -123,12 +123,12 @@ static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
|
||||
|
||||
#elif defined(__GNUC__)
|
||||
#if defined(__SIZEOF_INT128__)
|
||||
PEDANTIC_EXTENSION typedef unsigned __int128 word128;
|
||||
PEDANTIC_EXTENSION typedef unsigned __int128 poly1305_word128;
|
||||
#else
|
||||
typedef unsigned word128 __attribute__((mode(TI)));
|
||||
typedef unsigned poly1305_word128 __attribute__((mode(TI)));
|
||||
#endif
|
||||
|
||||
#define MUL(out, x, y) out = ((word128)(x) * (y))
|
||||
#define MUL(out, x, y) out = ((poly1305_word128)(x) * (y))
|
||||
#define ADD(out, in) (out) += (in)
|
||||
#define ADDLO(out, in) (out) += (in)
|
||||
#define SHR(in, shift) (word64)((in) >> (shift))
|
||||
@@ -306,7 +306,7 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
word64 s1,s2;
|
||||
word64 h0,h1,h2;
|
||||
word64 c;
|
||||
word128 d0,d1,d2,d;
|
||||
poly1305_word128 d0,d1,d2,d;
|
||||
|
||||
r0 = ctx->r[0];
|
||||
r1 = ctx->r[1];
|
||||
|
||||
+181
-24
@@ -315,46 +315,38 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
|
||||
#ifdef HAVE_PKCS12
|
||||
|
||||
/* helper for PKCS12_PBKDF(), does hash operation */
|
||||
static int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
|
||||
byte* Ai, word32 u, int iterations)
|
||||
static int DoPKCS12Hash(enum wc_HashType hashT, byte* buffer, word32 totalLen,
|
||||
byte* Ai, word32 u, int iterations)
|
||||
{
|
||||
int i;
|
||||
int ret = 0;
|
||||
WC_DECLARE_VAR(hash, wc_HashAlg, 1, 0);
|
||||
enum wc_HashType hashT;
|
||||
|
||||
if (buffer == NULL || Ai == NULL) {
|
||||
if ((buffer == NULL) || (Ai == NULL)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
hashT = wc_HashTypeConvert(hashType);
|
||||
|
||||
/* initialize hash */
|
||||
WC_ALLOC_VAR_EX(hash, wc_HashAlg, 1, NULL, DYNAMIC_TYPE_HASHCTX,
|
||||
return MEMORY_E);
|
||||
|
||||
ret = wc_HashInit(hash, hashT);
|
||||
if (ret != 0) {
|
||||
WC_FREE_VAR_EX(hash, NULL, DYNAMIC_TYPE_HASHCTX);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wc_HashUpdate(hash, hashT, buffer, totalLen);
|
||||
|
||||
if (ret == 0)
|
||||
ret = wc_HashFinal(hash, hashT, Ai);
|
||||
|
||||
for (i = 1; i < iterations; i++) {
|
||||
if (ret == 0)
|
||||
ret = wc_HashUpdate(hash, hashT, Ai, u);
|
||||
if (ret == 0) {
|
||||
ret = wc_HashUpdate(hash, hashT, buffer, totalLen);
|
||||
if (ret == 0)
|
||||
ret = wc_HashFinal(hash, hashT, Ai);
|
||||
|
||||
for (i = 1; i < iterations; i++) {
|
||||
if (ret == 0)
|
||||
ret = wc_HashUpdate(hash, hashT, Ai, u);
|
||||
if (ret == 0)
|
||||
ret = wc_HashFinal(hash, hashT, Ai);
|
||||
}
|
||||
|
||||
wc_HashFree(hash, hashT);
|
||||
}
|
||||
|
||||
wc_HashFree(hash, hashT);
|
||||
|
||||
WC_FREE_VAR_EX(hash, NULL, DYNAMIC_TYPE_HASHCTX);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -368,6 +360,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
|
||||
}
|
||||
|
||||
|
||||
#ifdef WC_PKCS12_PBKDF_USING_MP_API
|
||||
/* extended API that allows a heap hint to be used */
|
||||
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
|
||||
const byte* salt, int saltLen, int iterations, int kLen,
|
||||
@@ -487,8 +480,8 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
|
||||
while (kLen > 0) {
|
||||
word32 currentLen;
|
||||
|
||||
ret = DoPKCS12Hash(hashType, buffer, totalLen, Ai, u, iterations);
|
||||
if (ret < 0)
|
||||
ret = DoPKCS12Hash(hashT, buffer, totalLen, Ai, u, iterations);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
for (i = 0; i < v; i++)
|
||||
@@ -566,6 +559,170 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(WC_64BIT_CPU) && defined(HAVE___UINT128_T) && \
|
||||
!defined(NO_INT128)
|
||||
#define PKCS12_DWORD word128
|
||||
#define PKCS12_WORD word64
|
||||
#define PKCS12_ByteReverseWords ByteReverseWords64
|
||||
#elif defined(WC_32BIT_CPU) || defined(WC_64BIT_CPU)
|
||||
#define PKCS12_DWORD word64
|
||||
#define PKCS12_WORD word32
|
||||
#define PKCS12_ByteReverseWords ByteReverseWords
|
||||
#else
|
||||
#define PKCS12_DWORD word16
|
||||
#define PKCS12_WORD word8
|
||||
/* No need to byte reverse when handling 1 byte at a time. */
|
||||
#define PKCS12_ByteReverseWords(r, a, n) WC_DO_NOTHING
|
||||
#endif
|
||||
|
||||
/* extended API that allows a heap hint to be used */
|
||||
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
|
||||
const byte* salt, int saltLen, int iterations, int kLen,
|
||||
int hashType, int id, void* heap)
|
||||
{
|
||||
word32 u, v, pLen, iLen, sLen, totalLen;
|
||||
/* nwc: v / sizeof(PKCS12_WORD) - words per v-byte block
|
||||
* (v is always a multiple of sizeof(PKCS12_WORD))
|
||||
* nBlocks: iLen / v - number of v-byte blocks in I */
|
||||
word32 nwc, nBlocks;
|
||||
int ret = 0;
|
||||
word32 i, k, blk;
|
||||
byte* I;
|
||||
PKCS12_WORD* Bw;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte staticBuffer[1]; /* force dynamic usage */
|
||||
byte* B = NULL;
|
||||
#else
|
||||
ALIGN8 byte staticBuffer[1024];
|
||||
ALIGN8 byte B[WC_MAX_BLOCK_SIZE];
|
||||
#endif
|
||||
byte* buffer = staticBuffer;
|
||||
enum wc_HashType hashT;
|
||||
|
||||
(void)heap;
|
||||
|
||||
if ((output == NULL) || (passLen <= 0) || (saltLen <= 0) || (kLen < 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (iterations <= 0) {
|
||||
iterations = 1;
|
||||
}
|
||||
|
||||
/* u = hash output size. */
|
||||
hashT = wc_HashTypeConvert(hashType);
|
||||
ret = wc_HashGetDigestSize(hashT);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
if (ret == 0)
|
||||
return BAD_STATE_E;
|
||||
u = (word32)ret;
|
||||
|
||||
/* v = hash block size. */
|
||||
ret = wc_HashGetBlockSize(hashT);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
if (ret == 0)
|
||||
return BAD_STATE_E;
|
||||
v = (word32)ret;
|
||||
|
||||
/* RFC 7292 B.2 step 2: S = salt repeated to ceil(saltLen/v)*v bytes */
|
||||
sLen = v * (((word32)saltLen + v - 1) / v);
|
||||
/* RFC 7292 B.2 step 3: P = password repeated to ceil(passLen/v)*v bytes */
|
||||
pLen = v * (((word32)passLen + v - 1) / v);
|
||||
/* RFC 7292 B.2 step 4: I = S || P */
|
||||
iLen = sLen + pLen;
|
||||
totalLen = v + iLen;
|
||||
|
||||
nwc = v / (word32)sizeof(PKCS12_WORD);
|
||||
nBlocks = iLen / v;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
B = (byte*)XMALLOC(WC_MAX_BLOCK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (B == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
Bw = (PKCS12_WORD*)B;
|
||||
|
||||
if (totalLen > sizeof(staticBuffer)) {
|
||||
buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY);
|
||||
if (buffer == NULL) {
|
||||
WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* RFC 7292 B.2 step 1: D = v bytes each set to ID */
|
||||
/* RFC 7292 B.2 step 4: I = S || P; buffer = D || I */
|
||||
I = buffer + v;
|
||||
XMEMSET(buffer, id, v);
|
||||
for (i = 0; i < sLen; i++)
|
||||
I[i] = salt[i % (word32)saltLen];
|
||||
for (i = 0; i < pLen; i++)
|
||||
I[sLen + i] = passwd[i % (word32)passLen];
|
||||
|
||||
ret = 0;
|
||||
while ((ret == 0) && (kLen > 0)) {
|
||||
/* RFC 7292 B.2 step 6a: A_i = H^r(D || I) */
|
||||
ret = DoPKCS12Hash(hashT, buffer, totalLen, B, u, iterations);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
/* RFC 7292 B.2 step 7: output A_i bytes (up to kLen) */
|
||||
i = min((word32)kLen, u);
|
||||
XMEMCPY(output, B, i);
|
||||
output += i;
|
||||
kLen -= (int)i;
|
||||
if (kLen == 0)
|
||||
break;
|
||||
|
||||
/* RFC 7292 B.2 step 6b: B = A_i repeated to length v */
|
||||
for (i = u; i < v; i++)
|
||||
B[i] = B[i % u];
|
||||
|
||||
/* RFC 7292 B.2 step 6c: I_j = (I_j + B + 1) mod 2^(8v). */
|
||||
#ifndef BIG_ENDIAN_ORDER
|
||||
PKCS12_ByteReverseWords(Bw, Bw, v);
|
||||
#endif
|
||||
/* Increment B by 1. */
|
||||
k = nwc;
|
||||
while ((k-- > 0) && (++Bw[k] == 0))
|
||||
;
|
||||
|
||||
#ifndef BIG_ENDIAN_ORDER
|
||||
PKCS12_ByteReverseWords((PKCS12_WORD*)I, (PKCS12_WORD*)I, nBlocks * v);
|
||||
#endif
|
||||
/* Add B+1 to each I_j block. */
|
||||
for (blk = 0; blk < nBlocks; blk++) {
|
||||
PKCS12_DWORD c = 0;
|
||||
PKCS12_WORD* Iw = (PKCS12_WORD*)(I + blk * v);
|
||||
for (k = nwc; k-- > 0; ) {
|
||||
c += (PKCS12_DWORD)Iw[k];
|
||||
c += (PKCS12_DWORD)Bw[k];
|
||||
Iw[k] = (PKCS12_WORD)c;
|
||||
c >>= 8 * sizeof(PKCS12_WORD);
|
||||
}
|
||||
}
|
||||
#ifndef BIG_ENDIAN_ORDER
|
||||
PKCS12_ByteReverseWords((PKCS12_WORD*)I, (PKCS12_WORD*)I, nBlocks * v);
|
||||
#endif
|
||||
}
|
||||
|
||||
WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buffer != staticBuffer) {
|
||||
XFREE(buffer, heap, DYNAMIC_TYPE_KEY);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#undef PKCS12_DWORD
|
||||
#undef PKCS12_WORD
|
||||
#undef PKCS12_ByteReverseWords
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_PKCS12 */
|
||||
|
||||
|
||||
+260
-165
@@ -89,6 +89,96 @@ This library provides single precision (SP) integer math functions.
|
||||
* Dynamic arrays used when not small stack.
|
||||
* WOLFSSL_SP_FAST_MODEXP Allow fast mod_exp with small C code
|
||||
* WOLFSSL_SP_LOW_MEM Use algorithms that use less memory.
|
||||
* WOLFSSL_SMALL_STACK: Use heap for large structures to reduce
|
||||
* stack usage
|
||||
* WOLFSSL_KEY_GEN: Key generation support enabled
|
||||
* WOLFSSL_RSA_PUBLIC_ONLY: Only RSA public operations compiled in
|
||||
* WOLFSSL_RSA_VERIFY_ONLY: Only RSA verify operations compiled in
|
||||
* NO_RSA: RSA support disabled
|
||||
* NO_DH: DH support disabled
|
||||
* NO_DSA: DSA support disabled
|
||||
* NO_INLINE: sp_int.c includes misc.c directly instead of
|
||||
* inlining
|
||||
* HAVE_ECC: ECC support enabled, enables ECC-related SP
|
||||
* functions
|
||||
* HAVE_FIPS: FIPS mode enabled
|
||||
* HAVE_WOLF_BIGINT: wolfBigInt support, enables bigint conversion
|
||||
* functions
|
||||
* FREESCALE_LTC_TFM: Freescale LTC hardware acceleration replaces SP
|
||||
* modular exponentiation
|
||||
* OPENSSL_EXTRA: OpenSSL API compatibility enabled
|
||||
* OPENSSL_ALL: Full OpenSSL API compatibility enabled
|
||||
* WC_NO_HARDEN: Disable timing attack resistance
|
||||
* WC_NO_CACHE_RESISTANT: Disable cache-resistant (constant-address)
|
||||
* operations
|
||||
* WC_NO_RNG: No RNG available, disables functions needing
|
||||
* random numbers
|
||||
* WC_PROTECT_ENCRYPTED_MEM: Enable protection of encrypted memory
|
||||
* operations
|
||||
* WC_DISABLE_RADIX_ZERO_PAD: Disable zero padding when converting to a
|
||||
* radix string
|
||||
* WOLFSSL_NO_CT_OPS: Disable constant-time operations
|
||||
* WOLFSSL_CHECK_MEM_ZERO: Enable checking that sensitive memory is
|
||||
* zeroed on free
|
||||
* WOLFSSL_SP_MILLER_RABIN_CNT: Number of Miller-Rabin rounds for prime
|
||||
* testing (default: 8)
|
||||
* WOLFSSL_NO_ASM: Disable all assembly implementations
|
||||
* WOLFSSL_KEIL: Keil compiler in use, affects inline assembly
|
||||
* syntax
|
||||
* WOLFSSL_USE_SAVE_VECTOR_REGISTERS: Save/restore vector registers around
|
||||
* SP ASM calls
|
||||
* WOLFSSL_SP_INT_LARGE_COMBA: Enable large Comba multiplication and
|
||||
* squaring
|
||||
* WOLFSSL_SP_INT_SQR_VOLATILE: Declare squaring intermediate variables as
|
||||
* volatile
|
||||
* SP_INT_NO_ASM: Disable use of SP ASM even when
|
||||
* SP_INT_ASM_AVAILABLE is set
|
||||
* SP_MATH_NEED_ADD_OFF: Enable sp_add variant with an offset into
|
||||
* the result
|
||||
*
|
||||
* The following are not user settable but are set in settings.h or sp_int.h
|
||||
* based on other defines and platform:
|
||||
* BIG_ENDIAN_ORDER: (Auto) Set in types.h when WORDS_BIGENDIAN
|
||||
* is defined by the platform or build system
|
||||
* LITTLE_ENDIAN_ORDER: (Auto) Set in types.h when BIG_ENDIAN_ORDER
|
||||
* is not defined; the default byte ordering
|
||||
* WOLFSSL_SP_DYN_STACK: (Auto) Set in sp_int.h when C99 and
|
||||
* conditions allow a dynamic stack sp_int
|
||||
* WOLFSSL_SP_DIV_WORD_HALF: (Auto) Set in sp_int.h/settings.h when
|
||||
* platform lacks a native double-word type
|
||||
* WOLFSSL_ARM_ARCH: (Auto) Set in sp_int.h as alias for
|
||||
* WOLFSSL_SP_ARM_ARCH; use WOLFSSL_SP_ARM_ARCH to configure
|
||||
* WOLFSSL_SP_ADD_D: (Auto) Set in settings.h; enables sp_add_d
|
||||
* based on which algorithms are active
|
||||
* WOLFSSL_SP_SUB_D: (Auto) Set in settings.h; enables sp_sub_d
|
||||
* based on which algorithms are active
|
||||
* WOLFSSL_SP_MUL_D: (Auto) Set in settings.h; enables sp_mul_d
|
||||
* based on which algorithms are active
|
||||
* WOLFSSL_SP_DIV_D: (Auto) Set in sp_int.c; enables sp_div_d
|
||||
* based on which algorithms are active
|
||||
* WOLFSSL_SP_MOD_D: (Auto) Set in sp_int.c; enables sp_mod_d
|
||||
* based on which algorithms are active
|
||||
* WOLFSSL_SP_INVMOD: (Auto) Set in settings.h; enables
|
||||
* sp_invmod based on which algorithms are active
|
||||
* WOLFSSL_SP_INVMOD_MONT_CT: (Auto) Set in settings.h; enables
|
||||
* constant-time Montgomery inverse when needed
|
||||
* WOLFSSL_SP_PRIME_GEN: (Auto) Set in settings.h; enables prime
|
||||
* generation based on which algorithms are active
|
||||
* WOLFSSL_SP_READ_RADIX_16: (Auto) Set in settings.h; enables reading
|
||||
* base-16 strings based on which algorithms are active
|
||||
* WOLFSSL_SP_READ_RADIX_10: (Auto) Set in settings.h; enables reading
|
||||
* base-10 strings based on which algorithms are active
|
||||
*
|
||||
* SP_ALLOC: (Internal) Heap allocation in use for SP
|
||||
* variables in exptmod
|
||||
* SP_ALLOC_PREDEFINED: (Internal) Set when SP_ALLOC was defined
|
||||
* before this file
|
||||
* SP_INT_ASM_AVAILABLE: (Internal) Set when a platform ASM
|
||||
* implementation is present
|
||||
* SP_ASM_DIV_WORD: (Internal) Platform macro: hardware
|
||||
* double-word division available
|
||||
* SP_WORD_OVERFLOW: (Internal) Set in sp_int.h when mul/sqr
|
||||
* partial sums can overflow sp_int_word
|
||||
*/
|
||||
|
||||
/* TODO: WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */
|
||||
@@ -5360,8 +5450,8 @@ int sp_copy(const sp_int* a, sp_int* r)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if ((defined(WOLFSSL_SP_MATH_ALL) && ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH))) || \
|
||||
#if ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
|
||||
defined(OPENSSL_ALL)) && defined(WC_PROTECT_ENCRYPTED_MEM)
|
||||
|
||||
/* Copy 2 numbers into two results based on y. Copy a fixed number of digits.
|
||||
@@ -5485,11 +5575,11 @@ int sp_exch(sp_int* a, sp_int* b)
|
||||
!defined(WC_NO_CACHE_RESISTANT)
|
||||
/* Conditional swap of SP int values in constant time.
|
||||
*
|
||||
* @param [in] a First SP int to conditionally swap.
|
||||
* @param [in] b Second SP int to conditionally swap.
|
||||
* @param [in] cnt Count of words to copy.
|
||||
* @param [in] swap When value is 1 then swap.
|
||||
* @param [in] t Temporary SP int to use in swap.
|
||||
* @param [in, out] a First SP int to conditionally swap.
|
||||
* @param [in, out] b Second SP int to conditionally swap.
|
||||
* @param [in] cnt Count of words to copy.
|
||||
* @param [in] swap When value is 1 then swap.
|
||||
* @param [in, out] t Temporary SP int to use in swap.
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
*/
|
||||
@@ -5521,7 +5611,7 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t)
|
||||
/* XOR temporary - when mask set then result will be a. */
|
||||
b->used ^= t->used;
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
b->sign ^= b->sign;
|
||||
b->sign ^= t->sign;
|
||||
#endif
|
||||
for (i = 0; i < (unsigned int)cnt; i++) {
|
||||
b->dp[i] ^= t->dp[i];
|
||||
@@ -5607,7 +5697,7 @@ static int _sp_cmp_abs(const sp_int* a, const sp_int* b)
|
||||
/* Starting from most significant word, compare words.
|
||||
* Stop when different and set comparison return.
|
||||
*/
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
if (a->dp[i] > b->dp[i]) {
|
||||
ret = MP_GT;
|
||||
break;
|
||||
@@ -5945,7 +6035,7 @@ static const int sp_lnz[SP_LNZ_CNT] = {
|
||||
|
||||
/* Count the number of least significant zero bits.
|
||||
*
|
||||
* When a is not NULL, result is 0.
|
||||
* When a is NULL, result is 0.
|
||||
*
|
||||
* @param [in] a SP integer to use.
|
||||
*
|
||||
@@ -6498,8 +6588,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
|
||||
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
|
||||
defined(WOLFSSL_SP_MUL_D)
|
||||
/* Multiply a by digit n and put result into r shifting up o digits.
|
||||
* r = (a * n) << (o * SP_WORD_SIZE)
|
||||
/* Multiply a by digit d and put result into r shifting up o digits.
|
||||
* r = (a * d) << (o * SP_WORD_SIZE)
|
||||
*
|
||||
* @param [in] a SP integer to be multiplied.
|
||||
* @param [in] d SP digit to multiply by.
|
||||
@@ -6821,7 +6911,7 @@ static void _sp_div_3(const sp_int* a, sp_int* r, sp_int_digit* rem)
|
||||
int i;
|
||||
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word. */
|
||||
t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
|
||||
@@ -6882,7 +6972,7 @@ static void _sp_div_10(const sp_int* a, sp_int* r, sp_int_digit* rem)
|
||||
/* Check whether only mod value needed. */
|
||||
if (r == NULL) {
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word. */
|
||||
t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
|
||||
@@ -6908,7 +6998,7 @@ static void _sp_div_10(const sp_int* a, sp_int* r, sp_int_digit* rem)
|
||||
/* At least result needed - remainder is calculated anyway. */
|
||||
else {
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word. */
|
||||
t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
|
||||
@@ -6972,7 +7062,7 @@ static void _sp_div_small(const sp_int* a, sp_int_digit d, sp_int* r,
|
||||
/* Check whether only mod value needed. */
|
||||
if (r == NULL) {
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word. */
|
||||
t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
|
||||
@@ -6999,7 +7089,7 @@ static void _sp_div_small(const sp_int* a, sp_int_digit d, sp_int* r,
|
||||
#endif /* !WOLFSSL_SP_SMALL */
|
||||
{
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word. */
|
||||
t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
|
||||
@@ -7071,7 +7161,7 @@ static void _sp_div_d(const sp_int* a, sp_int_digit d, sp_int* r,
|
||||
sp_int_digit t;
|
||||
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word and divide. */
|
||||
t = sp_div_word((sp_int_digit)w, a->dp[i], d);
|
||||
@@ -7186,7 +7276,7 @@ static void _sp_mod_d(const sp_int* a, const sp_int_digit d, sp_int_digit* r)
|
||||
#endif
|
||||
|
||||
/* Divide starting at most significant word down to least. */
|
||||
for (i = (int)(a->used - 1); i >= 0; i--) {
|
||||
for (i = (int)a->used - 1; i >= 0; i--) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
/* Combine remainder from last operation with this word and divide. */
|
||||
sp_int_digit t = sp_div_word((sp_int_digit)w, a->dp[i], d);
|
||||
@@ -7268,7 +7358,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
if (a->sign == MP_NEG) {
|
||||
if ((a->sign == MP_NEG) && (*r != 0)) {
|
||||
*r = d - *r;
|
||||
}
|
||||
#endif
|
||||
@@ -7444,7 +7534,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
|
||||
************************/
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD)
|
||||
/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZEOF))
|
||||
/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZE))
|
||||
*
|
||||
* @param [in] a SP integer to add to.
|
||||
* @param [in] b SP integer to add.
|
||||
@@ -7588,7 +7678,7 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
|
||||
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) || \
|
||||
!defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
|
||||
!defined(WOLFSSL_RSA_VERIFY_ONLY))
|
||||
/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZEOF))
|
||||
/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZE))
|
||||
* a must be greater than b.
|
||||
*
|
||||
* When using offset, r == a is faster.
|
||||
@@ -7619,7 +7709,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
|
||||
else {
|
||||
i = o;
|
||||
}
|
||||
/* Index to add at is the offset now. */
|
||||
/* Index to sub at is the offset now. */
|
||||
|
||||
for (j = 0; (i < a->used) && (j < b->used); i++, j++) {
|
||||
#ifndef SQR_MUL_ASM
|
||||
@@ -7748,10 +7838,17 @@ int sp_sub(const sp_int* a, const sp_int* b, sp_int* r)
|
||||
if ((a == NULL) || (b == NULL) || (r == NULL)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
/* Check that r is as big as a and b plus one word. */
|
||||
if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
#else
|
||||
/* Check that r is as big as a and b. */
|
||||
if ((err == MP_OKAY) && ((a->used > r->size) || (b->used > r->size))) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
#ifndef WOLFSSL_SP_INT_NEGATIVE
|
||||
@@ -8209,12 +8306,11 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
|
||||
* Assumes a, b, m and r are not NULL.
|
||||
* m and r must not be the same pointer.
|
||||
*
|
||||
* @param [in] a SP integer to subtract from.
|
||||
* @param [in] b SP integer to subtract.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @param [in] a SP integer to subtract from.
|
||||
* @param [in] b SP integer to subtract.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [in] max_size Maximum number of digits in a and b to use.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*/
|
||||
static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
|
||||
unsigned int max_size, sp_int* r)
|
||||
@@ -8331,7 +8427,7 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
|
||||
/* Check result is as big as modulus plus one digit. */
|
||||
/* Check result is as big as modulus. */
|
||||
if (m->used > r->size) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
@@ -8360,6 +8456,15 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
|
||||
|
||||
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) && \
|
||||
defined(WOLFSSL_ECC_BLIND_K)
|
||||
/* XOR a and b into r in constant time. r = a ^ b.
|
||||
*
|
||||
* Assumes a, b and r have len bytes.
|
||||
*
|
||||
* @param [in] a First SP integer to XOR.
|
||||
* @param [in] b Second SP integer to XOR.
|
||||
* @param [in] len Number of bytes to XOR.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*/
|
||||
void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r)
|
||||
{
|
||||
if ((a != NULL) && (b != NULL) && (r != NULL)) {
|
||||
@@ -8488,7 +8593,7 @@ static int sp_lshb(sp_int* a, int n)
|
||||
* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
|
||||
|
||||
#ifdef WOLFSSL_SP_MATH_ALL
|
||||
/* Shift a right by c digits: a = a >> (n * SP_WORD_SIZE)
|
||||
/* Shift a right by c digits: a = a >> (c * SP_WORD_SIZE)
|
||||
*
|
||||
* @param [in, out] a SP integer to shift.
|
||||
* @param [in] c Number of digits to shift.
|
||||
@@ -8800,8 +8905,8 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
|
||||
*
|
||||
* @param [in] a SP integer to be divided.
|
||||
* @param [in] d SP integer to divide by.
|
||||
* @param [out] r SP integer that is the quotient.
|
||||
* @param [out] rem SP integer that is the remainder.
|
||||
* @param [out] r SP integer that is the quotient. May be NULL.
|
||||
* @param [out] rem SP integer that is the remainder. May be NULL.
|
||||
* @param [in] used Number of digits in temporaries to use.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
@@ -8976,8 +9081,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
|
||||
*
|
||||
* @param [in] a SP integer to be divided.
|
||||
* @param [in] d SP integer to divide by.
|
||||
* @param [out] r SP integer that is the quotient.
|
||||
* @param [out] rem SP integer that is the remainder.
|
||||
* @param [out] r SP integer that is the quotient. May be NULL.
|
||||
* @param [out] rem SP integer that is the remainder. May be NULL.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when a or d is NULL, r and rem are NULL, or d is 0.
|
||||
@@ -8997,7 +9102,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem)
|
||||
err = MP_VAL;
|
||||
}
|
||||
/* Ensure quotient result has enough memory. */
|
||||
if ((err == MP_OKAY) && (r != NULL) && (r->size < a->used - d->used + 2)) {
|
||||
if ((err == MP_OKAY) && (r != NULL) && (r->size + d->used < a->used + 2)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
if ((err == MP_OKAY) && (rem != NULL)) {
|
||||
@@ -12270,18 +12375,18 @@ int sp_mulmod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
|
||||
* 2.2.2. c = (c / 2) mod m
|
||||
* 2.3. Else if u >= v
|
||||
* 2.3.1. u -= v
|
||||
* 2.3.2. b = (c - b) mod m
|
||||
* 2.3.2. b = (b - c) mod m
|
||||
* 2.4. Else (v > u)
|
||||
* 2.4.1. v -= u
|
||||
* 2.4.2. c = (b - c) mod m
|
||||
* 2.4.2. c = (c - b) mod m
|
||||
* 3. NO_INVERSE if u == 0
|
||||
*
|
||||
* @param [in] a SP integer to find inverse of.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [in] u SP integer to use in calculation.
|
||||
* @param [in] v SP integer to use in calculation.
|
||||
* @param [in] b SP integer to use in calculation.
|
||||
* @param [out] c SP integer that is the inverse.
|
||||
* @param [in] a SP integer to find inverse of.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [in, out] u SP integer to use in calculation.
|
||||
* @param [in, out] v SP integer to use in calculation.
|
||||
* @param [in, out] b SP integer to use in calculation.
|
||||
* @param [in, out] c SP integer that is the inverse.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when no inverse.
|
||||
@@ -12325,7 +12430,7 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u,
|
||||
else if (_sp_cmp_abs(u, v) != MP_LT) {
|
||||
/* 2.3.1. u -= v */
|
||||
_sp_sub_off(u, v, u, 0);
|
||||
/* 2.3.2. b = (c - b) mod m */
|
||||
/* 2.3.2. b = (b - c) mod m */
|
||||
if (_sp_cmp_abs(b, c) == MP_LT) {
|
||||
_sp_add_off(b, m, b, 0);
|
||||
}
|
||||
@@ -12335,7 +12440,7 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u,
|
||||
else {
|
||||
/* 2.4.1. v -= u */
|
||||
_sp_sub_off(v, u, v, 0);
|
||||
/* 2.4.2. c = (b - c) mod m */
|
||||
/* 2.4.2. c = (c - b) mod m */
|
||||
if (_sp_cmp_abs(c, b) == MP_LT) {
|
||||
_sp_add_off(c, m, c, 0);
|
||||
}
|
||||
@@ -12368,13 +12473,13 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u,
|
||||
* 4. If c < 0 then c += m
|
||||
* 5. inv = c
|
||||
*
|
||||
* @param [in] a SP integer to find inverse of.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [in] u SP integer to use in calculation.
|
||||
* @param [in] v SP integer to use in calculation.
|
||||
* @param [in] b SP integer to use in calculation.
|
||||
* @param [in] c SP integer to use in calculation.
|
||||
* @param [out] inv SP integer that is the inverse.
|
||||
* @param [in] a SP integer to find inverse of.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [in, out] x SP integer to use in calculation.
|
||||
* @param [in, out] y SP integer to use in calculation.
|
||||
* @param [in, out] b SP integer to use in calculation.
|
||||
* @param [in, out] c SP integer to use in calculation.
|
||||
* @param [out] inv SP integer that is the inverse.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when no inverse.
|
||||
@@ -12705,8 +12810,8 @@ int sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
|
||||
* e = exponent
|
||||
* Pre-calc:
|
||||
* 1. pre[0] = 2^0 * a mod m
|
||||
* 2. For i in 2..CT_INV_MOD_PRE_CNT
|
||||
* 2.1. pre[i-1] = ((pre[i-2] ^ 2) * a) mod m
|
||||
* 2. For i in 1..CT_INV_MOD_PRE_CNT-1
|
||||
* 2.1. pre[i] = ((pre[i-1] ^ 2) * a) mod m
|
||||
* Calc inverse:
|
||||
* 1. e = m - 2
|
||||
* 2. j = Count leading 1's up to CT_INV_MOD_PRE_CNT
|
||||
@@ -12773,11 +12878,11 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
|
||||
* Start with 1.a = a.
|
||||
*/
|
||||
_sp_copy(a, pre[0]);
|
||||
/* 2. For i in 2..CT_INV_MOD_PRE_CNT
|
||||
/* 2. For i in 1..CT_INV_MOD_PRE_CNT-1
|
||||
* For rest of entries in table.
|
||||
*/
|
||||
for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
|
||||
/* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */
|
||||
/* 2.1 pre[i] = ((pre[i-1] ^ 2) * a) mod m */
|
||||
/* Previous value ..1 -> ..10 */
|
||||
_sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1));
|
||||
err = sp_sqr(pre[i-1], pre[i]);
|
||||
@@ -12973,12 +13078,12 @@ int sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
|
||||
* 4.5. t[j] = t[j] * b
|
||||
* 5. r = t[1]
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13109,12 +13214,12 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
* 3.4. t[y] = t[3], t[y^1] = t[2]
|
||||
* 4. r = t[0]
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13217,12 +13322,12 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
* 7. t[1] = FromMont(t[1])
|
||||
* 8. r = t[1]
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13359,12 +13464,12 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
* 5. t[0] = FromMont(t[0])
|
||||
* 6. r = t[0]
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13482,20 +13587,20 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
* 4.1 if i[0] == 0 then t[i] = t[i/2] ^ 2
|
||||
* 4.2 if i[0] == 1 then t[i] = t[i-1] * t[1]
|
||||
* 5. cb = w * (bits / w)
|
||||
* 5. tr = t[e / (2 ^ cb)]
|
||||
* 6. For i in cb..w
|
||||
* 6.1. y = e[(i-1)..(i-w)]
|
||||
* 6.2. tr = tr ^ (2 * w)
|
||||
* 6.3. tr = tr * t[y]
|
||||
* 7. tr = FromMont(tr)
|
||||
* 8. r = tr
|
||||
* 6. tr = t[e / (2 ^ cb)]
|
||||
* 7. For i in cb..w
|
||||
* 7.1. y = e[(i-1)..(i-w)]
|
||||
* 7.2. tr = tr ^ (2 ^ w)
|
||||
* 7.3. tr = tr * t[y]
|
||||
* 8. tr = FromMont(tr)
|
||||
* 9. r = tr
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13620,17 +13725,17 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
c -= winBits;
|
||||
}
|
||||
|
||||
/* 5. tr = t[e / (2 ^ cb)] */
|
||||
/* 6. tr = t[e / (2 ^ cb)] */
|
||||
y = (int)(n >> c);
|
||||
n <<= SP_WORD_SIZE - c;
|
||||
/* 5. Copy table value for first window. */
|
||||
/* Copy table value for first window. */
|
||||
_sp_copy(t[y], tr);
|
||||
|
||||
/* 6. For i in cb..w */
|
||||
/* 7. For i in cb..w */
|
||||
for (; (i >= 0) || (c >= winBits); ) {
|
||||
int j;
|
||||
|
||||
/* 6.1. y = e[(i-1)..(i-w)] */
|
||||
/* 7.1. y = e[(i-1)..(i-w)] */
|
||||
if (c == 0) {
|
||||
/* Bits up to end of digit */
|
||||
n = e->dp[i--];
|
||||
@@ -13654,7 +13759,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
c -= winBits;
|
||||
}
|
||||
|
||||
/* 6.2. tr = tr ^ (2 * w) */
|
||||
/* 7.2. tr = tr ^ (2 ^ w) */
|
||||
for (j = 0; (j < winBits) && (err == MP_OKAY); j++) {
|
||||
err = sp_sqr(tr, tr);
|
||||
if (err == MP_OKAY) {
|
||||
@@ -13662,7 +13767,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
}
|
||||
}
|
||||
|
||||
/* 6.3. tr = tr * t[y] */
|
||||
/* 7.3. tr = tr * t[y] */
|
||||
if (err == MP_OKAY) {
|
||||
err = sp_mul(tr, t[y], tr);
|
||||
}
|
||||
@@ -13673,13 +13778,13 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
}
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
/* 7. tr = FromMont(tr) */
|
||||
/* 8. tr = FromMont(tr) */
|
||||
err = _sp_mont_red(tr, m, mp, 0);
|
||||
/* Reduction implementation returns number to range: 0..m-1. */
|
||||
}
|
||||
}
|
||||
if ((!done) && (err == MP_OKAY)) {
|
||||
/* 8. r = tr */
|
||||
/* 9. r = tr */
|
||||
_sp_copy(tr, r);
|
||||
}
|
||||
|
||||
@@ -13717,27 +13822,27 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
|
||||
* WC_NO_HARDEN defined or modulus fits in one word.
|
||||
*
|
||||
* Algorithm:
|
||||
* b: base, e: exponent, m: modulus, r: result, bits: #bits to use
|
||||
* b: base, e: exponent, m: modulus, r: result, digits: #digits to use
|
||||
* w: window size based on #bits in word.
|
||||
* 1. if Words(m) > 1 then tr = MontNorm(m) = ToMont(1)
|
||||
* else tr = 1
|
||||
* 2. if Words(m) > 1 and HARDEN then a = m * (2 ^ (2^w))
|
||||
* else a = 0
|
||||
* 3. cb = w * (bits / w)
|
||||
* 3. cb = w * ((digits * SP_WORD_SIZE) / w)
|
||||
* 4. y = e / (2 ^ cb)
|
||||
* 5. tr = (tr * (2 ^ y) + a) mod m
|
||||
* 6. For i in cb..w
|
||||
* 6.1. y = e[(i-1)..(i-w)]
|
||||
* 6.2. tr = tr ^ (2 * w)
|
||||
* 6.2. tr = tr ^ (2 ^ w)
|
||||
* 6.3. tr = ((tr * (2 ^ y) + a) mod m
|
||||
* 7. if Words(m) > 1 then tr = FromMont(tr)
|
||||
* 8. r = tr
|
||||
*
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] digits Number of digits in exponent to use. May be greater than
|
||||
* count of digits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] digits Number of digits in exponent to use. May be greater than
|
||||
* count of digits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -13816,7 +13921,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
|
||||
#endif
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
/* 3. cb = w * (bits / w) */
|
||||
/* 3. cb = w * ((digits * SP_WORD_SIZE) / w) */
|
||||
i = digits - 1;
|
||||
n = e->dp[i--];
|
||||
c = SP_WORD_SIZE;
|
||||
@@ -13878,7 +13983,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
|
||||
c -= EXP2_WINSIZE;
|
||||
}
|
||||
|
||||
/* 6.2. tr = tr ^ (2 * w) */
|
||||
/* 6.2. tr = tr ^ (2 ^ w) */
|
||||
for (j = 0; (j < EXP2_WINSIZE) && (err == MP_OKAY); j++) {
|
||||
err = sp_sqr(tr, tr);
|
||||
if (err == MP_OKAY) {
|
||||
@@ -13937,12 +14042,12 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
|
||||
*
|
||||
* Error returned when parameters r == e or r == m and base >= modulus.
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] digits Number of digits in exponent to use. May be greater
|
||||
* than count of digits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] digits Number of digits in exponent to use. May be greater
|
||||
* than count of digits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when b, e, m or r is NULL, digits is negative, or m <= 0 or
|
||||
@@ -14174,12 +14279,10 @@ int sp_exptmod(const sp_int* b, const sp_int* e, const sp_int* m, sp_int* r)
|
||||
* 5.2.1. Montgomery multiply result by Montgomery form of base.
|
||||
* 6. Convert result back from Montgomery form.
|
||||
*
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] bits Number of bits in exponent to use. May be greater than
|
||||
* count of bits in e.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [in] b SP integer that is the base.
|
||||
* @param [in] e SP integer that is the exponent.
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -14665,18 +14768,17 @@ int sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, sp_int* r)
|
||||
*
|
||||
* @param [in] a SP integer to divide.
|
||||
* @param [in] e Exponent bits (dividing by 2^e).
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] r SP integer to hold result.
|
||||
* @param [out] rem SP integer to hold remainder.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when a is NULL or e is negative.
|
||||
* @return MP_VAL when a or r is NULL or e is negative.
|
||||
*/
|
||||
int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
|
||||
if ((a == NULL) || (e < 0)) {
|
||||
if ((a == NULL) || (r == NULL) || (e < 0)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
|
||||
@@ -17388,7 +17490,7 @@ int sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r)
|
||||
* 2.3. a += mu * DigitMask(m, 0)
|
||||
* 2.4. For j = 1 up to NumDigits(m)-2
|
||||
* 2.4.1 a += mu * DigitMask(m, j)
|
||||
* 2.5 a += mu * DigitMask(m, NumDigits(m)-1))
|
||||
* 2.5 a += mu * DigitMask(m, NumDigits(m)-1)
|
||||
* 3. a >>= NumBits(m)
|
||||
* 4. a = a % m
|
||||
*
|
||||
@@ -17419,9 +17521,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
#ifndef WOLFSSL_NO_CT_OPS
|
||||
if (ct) {
|
||||
for (i = 0; i < (unsigned int)m->used * 2; i++) {
|
||||
a->dp[i] &=
|
||||
(sp_int_digit)
|
||||
(sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
|
||||
a->dp[i] &= (sp_int_digit)
|
||||
(sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -17446,7 +17547,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
w >>= SP_WORD_SIZE;
|
||||
a->dp[2] = (sp_int_digit)w;
|
||||
a->used = 3;
|
||||
/* mp is SP_WORD_SIZE */
|
||||
/* bits is SP_WORD_SIZE */
|
||||
bits = SP_WORD_SIZE;
|
||||
}
|
||||
else {
|
||||
@@ -17486,7 +17587,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
w += o;
|
||||
w += a->dp[i + j];
|
||||
o = (sp_int_digit)(w >> SP_WORD_SIZE);
|
||||
/* 2.5 a += mu * DigitMask(m, NumDigits(m)-1)) */
|
||||
/* 2.5 a += mu * DigitMask(m, NumDigits(m)-1) */
|
||||
w = ((sp_int_word)mu * m->dp[j]) + (sp_int_digit)w;
|
||||
a->dp[i + j] = (sp_int_digit)w;
|
||||
w >>= SP_WORD_SIZE;
|
||||
@@ -17547,9 +17648,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
#ifndef WOLFSSL_NO_CT_OPS
|
||||
if (ct) {
|
||||
for (i = 0; i < (unsigned int)m->used * 2; i++) {
|
||||
a->dp[i] &=
|
||||
(sp_int_digit)
|
||||
(sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
|
||||
a->dp[i] &= (sp_int_digit)
|
||||
(sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -17577,7 +17677,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
a->dp[1] = l;
|
||||
a->dp[2] = h;
|
||||
a->used = (sp_size_t)(m->used * 2 + 1);
|
||||
/* mp is SP_WORD_SIZE */
|
||||
/* bits is SP_WORD_SIZE */
|
||||
bits = SP_WORD_SIZE;
|
||||
}
|
||||
#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
|
||||
@@ -17901,8 +18001,8 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
|
||||
* Jeffrey Hurchalla's method.
|
||||
* https://arxiv.org/pdf/2204.04342.pdf
|
||||
*
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] mp SP integer digit that is the bottom digit of inv(-m).
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] rho SP integer digit that is the bottom digit of inv(-m).
|
||||
*/
|
||||
static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho)
|
||||
{
|
||||
@@ -17930,8 +18030,8 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho)
|
||||
*
|
||||
* Used when performing Montgomery Reduction.
|
||||
*
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] mp SP integer digit that is the bottom digit of inv(-m).
|
||||
* @param [in] m SP integer that is the modulus.
|
||||
* @param [out] rho SP integer digit that is the bottom digit of inv(-m).
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when m or rho is NULL.
|
||||
@@ -18023,7 +18123,7 @@ int sp_mont_norm(sp_int* norm, const sp_int* m)
|
||||
/* Calculate the number of 8-bit values required to represent the
|
||||
* multi-precision number.
|
||||
*
|
||||
* When a is NULL, return s 0.
|
||||
* When a is NULL, returns 0.
|
||||
*
|
||||
* @param [in] a SP integer.
|
||||
*
|
||||
@@ -18279,19 +18379,16 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
|
||||
}
|
||||
}
|
||||
#else
|
||||
if ((err == MP_OKAY) && ((unsigned int)outSz < a->used)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
if (err == MP_OKAY) {
|
||||
unsigned int i;
|
||||
int i;
|
||||
int j;
|
||||
volatile sp_int_digit mask = (sp_int_digit)-1;
|
||||
|
||||
i = 0;
|
||||
for (j = outSz - 1; j >= 0; j--) {
|
||||
out[j] = a->dp[i] & mask;
|
||||
mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
|
||||
i += (unsigned int)(1 & mask);
|
||||
mask &= (sp_int_digit)0 - (i < (int)a->used - 1);
|
||||
i += 1 & mask;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -18338,8 +18435,7 @@ int sp_to_unsigned_bin_at_pos(int o, const sp_int* a, unsigned char* out)
|
||||
* @param [in] in NUL terminated string.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when radix is not supported, value is negative, or a
|
||||
* character is not valid.
|
||||
* @return MP_VAL when a character is not valid or not enough space in a.
|
||||
*/
|
||||
static int _sp_read_radix_16(sp_int* a, const char* in)
|
||||
{
|
||||
@@ -18414,8 +18510,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
|
||||
* @param [in] in NUL terminated string.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when radix is not supported, value is negative, or a
|
||||
* character is not valid.
|
||||
* @return MP_VAL when a character is not valid.
|
||||
*/
|
||||
static int _sp_read_radix_10(sp_int* a, const char* in)
|
||||
{
|
||||
@@ -18644,7 +18739,7 @@ int sp_tohex(const sp_int* a, char* str)
|
||||
* Use sp_radix_size() to calculate required length.
|
||||
*
|
||||
* @param [in] a SP integer to convert.
|
||||
* @param [out] str String to hold hex string result.
|
||||
* @param [out] str String to hold decimal string result.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_VAL when a or str is NULL.
|
||||
@@ -18721,7 +18816,7 @@ int sp_todecimal(const sp_int* a, char* str)
|
||||
/* Put the string version, big-endian, of a in str using the given radix.
|
||||
*
|
||||
* @param [in] a SP integer to convert.
|
||||
* @param [out] str String to hold hex string result.
|
||||
* @param [out] str String to hold radix based string result.
|
||||
* @param [in] radix Base of character.
|
||||
* Valid values: MP_RADIX_HEX, MP_RADIX_DEC.
|
||||
*
|
||||
@@ -19024,12 +19119,12 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
|
||||
*
|
||||
* a is assumed to be odd.
|
||||
*
|
||||
* @param [in] a SP integer to check.
|
||||
* @param [in] b SP integer that is a small prime.
|
||||
* @param [out] result MP_YES when number is likely prime.
|
||||
* MP_NO otherwise.
|
||||
* @param [in] n1 SP integer temporary.
|
||||
* @param [in] r SP integer temporary.
|
||||
* @param [in] a SP integer to check.
|
||||
* @param [in, out] b SP integer that is a small prime or random value.
|
||||
* @param [out] result MP_YES when number is likely prime.
|
||||
* MP_NO otherwise.
|
||||
* @param [out] n1 SP integer temporary.
|
||||
* @param [out] r SP integer temporary.
|
||||
*
|
||||
* @return MP_OKAY on success.
|
||||
* @return MP_MEM when dynamic memory allocation fails.
|
||||
@@ -19440,7 +19535,7 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result,
|
||||
sp_clamp(b);
|
||||
}
|
||||
|
||||
/* Can't use random value it is: 0, 1, a-2, a-1, >= a */
|
||||
/* Can't use random value it is: 0, 1, 2, a-2, a-1, >= a */
|
||||
if ((sp_cmp_d(b, 2) != MP_GT) || (_sp_cmp(b, c) != MP_LT)) {
|
||||
continue;
|
||||
}
|
||||
@@ -19558,9 +19653,9 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng)
|
||||
* Euclidean Algorithm:
|
||||
* 1. If a > b then a = b, b = a
|
||||
* 2. u = a
|
||||
* 3. v = b % a
|
||||
* 3. v = b mod a
|
||||
* 4. While v != 0
|
||||
* 4.1. t = u % v
|
||||
* 4.1. t = u mod v
|
||||
* 4.2. u <= v, v <= t, t <= u
|
||||
* 5. r = u
|
||||
*
|
||||
@@ -19604,7 +19699,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r)
|
||||
a = b;
|
||||
b = tmp;
|
||||
}
|
||||
/* 2. u = a, v = b mod a */
|
||||
/* 2. u = a */
|
||||
_sp_copy(a, u);
|
||||
/* 3. v = b mod a */
|
||||
if (a->used == 1) {
|
||||
@@ -19816,7 +19911,7 @@ int sp_lcm(const sp_int* a, const sp_int* b, sp_int* r)
|
||||
}
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
/* Ensure a and b are positive. */
|
||||
else if ((a->sign == MP_NEG) || (b->sign >= MP_NEG)) {
|
||||
else if ((a->sign == MP_NEG) || (b->sign == MP_NEG)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -43,9 +43,12 @@
|
||||
|
||||
#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
|
||||
|
||||
#if !defined(WC_NO_CACHE_RESISTANT) && \
|
||||
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
|
||||
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
|
||||
#if (!defined(WC_NO_CACHE_RESISTANT) && \
|
||||
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
|
||||
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \
|
||||
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
|
||||
defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM))
|
||||
|
||||
/* all off / all on pointer addresses for constant calculations */
|
||||
/* ecc.c uses same table */
|
||||
|
||||
+28
-16
@@ -30358,15 +30358,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
|
||||
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
|
||||
{
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
|
||||
byte derived[64];
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = {
|
||||
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
|
||||
0x00, 0x00
|
||||
};
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
|
||||
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
|
||||
};
|
||||
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = {
|
||||
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
|
||||
0x00, 0x67, 0x00, 0x00
|
||||
};
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = {
|
||||
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
|
||||
};
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
|
||||
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
|
||||
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
|
||||
@@ -30379,6 +30385,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
|
||||
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
|
||||
};
|
||||
|
||||
byte derived[64];
|
||||
int id = 1;
|
||||
int kLen = 24;
|
||||
int iterations = 1;
|
||||
@@ -30395,12 +30402,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
|
||||
|
||||
iterations = 1000;
|
||||
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
|
||||
iterations, kLen, WC_SHA256, id);
|
||||
iterations, kLen, WC_SHA256, id);
|
||||
if (ret < 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
|
||||
iterations, kLen, WC_SHA256, id, HEAP_HINT);
|
||||
iterations, kLen, WC_SHA256, id, HEAP_HINT);
|
||||
if (ret < 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
@@ -34028,8 +34035,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
|
||||
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
|
||||
#if defined(HAVE_ECC_SIGN) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K)
|
||||
tmpSz = ECC_BUFSIZE;
|
||||
ret = 0;
|
||||
@@ -34357,11 +34363,11 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
|
||||
WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
|
||||
word32 y;
|
||||
#endif
|
||||
#ifndef WC_NO_RNG
|
||||
#ifdef HAVE_ECC_KEY_EXPORT
|
||||
#define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
|
||||
WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
|
||||
#endif
|
||||
word32 x = 0;
|
||||
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
|
||||
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
|
||||
defined(HAVE_ECC_SIGN)
|
||||
@@ -34372,6 +34378,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
|
||||
int verify;
|
||||
#endif /* HAVE_ECC_VERIFY */
|
||||
#endif /* HAVE_ECC_SIGN */
|
||||
#endif /* WC_NO_RNG */
|
||||
wc_test_ret_t ret;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -34385,6 +34392,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
|
||||
#ifndef WC_NO_RNG
|
||||
int curveSize;
|
||||
#endif
|
||||
word32 x = 0;
|
||||
|
||||
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
@@ -34662,7 +34670,6 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
|
||||
#endif /* HAVE_COMP_KEY */
|
||||
|
||||
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#endif /* HAVE_ECC_KEY_IMPORT */
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
@@ -34759,6 +34766,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
|
||||
#elif defined(HAVE_ECC_KEY_EXPORT)
|
||||
(void)exportBuf;
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
done:
|
||||
|
||||
@@ -38377,8 +38385,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
|
||||
ecc_key tmpKey[1];
|
||||
#endif
|
||||
WC_RNG rng;
|
||||
word32 idx = 0;
|
||||
wc_test_ret_t ret;
|
||||
word32 idx = 0;
|
||||
#ifndef WC_NO_RNG
|
||||
/* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
|
||||
byte in[] = "Everyone gets Friday off. ecc p";
|
||||
word32 inLen = (word32)XSTRLEN((char*)in);
|
||||
@@ -38387,6 +38396,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
|
||||
int verify = 0;
|
||||
word32 x;
|
||||
WOLFSSL_ENTER("ecc_test_buffers");
|
||||
#endif
|
||||
|
||||
XMEMSET(&rng, 0, sizeof(WC_RNG));
|
||||
|
||||
@@ -38448,7 +38458,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
|
||||
#endif
|
||||
#endif /* !WC_NO_RNG */
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
|
||||
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
|
||||
@@ -38476,6 +38486,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
x = sizeof(out);
|
||||
do {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
@@ -38503,6 +38514,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
|
||||
if (verify != 1)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
|
||||
TEST_SLEEP();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
idx = 0;
|
||||
|
||||
@@ -255,6 +255,23 @@ typedef const char wcchar[];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(HAVE___UINT128_T) && !defined(NO_INT128)
|
||||
#ifndef WOLFSSL_UINT128_T_DEFINED
|
||||
#ifdef __SIZEOF_INT128__
|
||||
typedef __uint128_t uint128_t;
|
||||
typedef __int128_t int128_t;
|
||||
typedef __uint128_t word128;
|
||||
typedef __int128_t sword128;
|
||||
#else
|
||||
typedef unsigned long uint128_t __attribute__ ((mode(TI)));
|
||||
typedef long int128_t __attribute__ ((mode(TI)));
|
||||
typedef uint128_t word128;
|
||||
typedef int128_t sword128;
|
||||
#endif
|
||||
#define WOLFSSL_UINT128_T_DEFINED
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \
|
||||
(defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
|
||||
defined(__BCPLUSPLUS__) || \
|
||||
|
||||
@@ -74,9 +74,12 @@ This library provides big integer math functions.
|
||||
#endif
|
||||
|
||||
/* timing resistance array */
|
||||
#if !defined(WC_NO_CACHE_RESISTANT) && \
|
||||
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
|
||||
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
|
||||
#if (!defined(WC_NO_CACHE_RESISTANT) && \
|
||||
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
|
||||
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \
|
||||
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
|
||||
defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM))
|
||||
|
||||
extern const wc_ptr_t wc_off_on_addr[2];
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user