Changeset 464 for azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src
- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 26 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/aes.c
r457 r464 20 20 */ 21 21 22 22 /* 23 24 DESCRIPTION 25 This library provides the interfaces to the Advanced Encryption Standard (AES) 26 for encrypting and decrypting data. AES is the standard known for a symmetric 27 block cipher mechanism that uses n-bit binary string parameter key with 128-bits, 28 192-bits, and 256-bits of key sizes. 29 30 */ 23 31 #ifdef HAVE_CONFIG_H 24 32 #include <config.h> … … 45 53 46 54 #include <wolfssl/wolfcrypt/aes.h> 55 56 #ifdef WOLFSSL_AESNI 57 #include <wmmintrin.h> 58 #include <emmintrin.h> 59 #include <smmintrin.h> 60 #endif /* WOLFSSL_AESNI */ 61 47 62 #include <wolfssl/wolfcrypt/cpuid.h> 48 63 49 64 #ifdef WOLF_CRYPTO_CB 50 65 #include <wolfssl/wolfcrypt/cryptocb.h> 66 #endif 67 68 #ifdef WOLFSSL_IMXRT_DCP 69 #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h> 51 70 #endif 52 71 … … 289 308 /* Define AES implementation includes and functions */ 290 309 #if defined(STM32_CRYPTO) 291 /* STM32F2/F4/F7/L4 hardware AES support for ECB, CBC, CTR and GCM modes */310 /* STM32F2/F4/F7/L4/L5/H7/WB55 hardware AES support for ECB, CBC, CTR and GCM modes */ 292 311 293 312 #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) … … 308 327 return ret; 309 328 310 #ifdef STM32_CRYPTO_AES_ONLY 329 ret = wolfSSL_CryptHwMutexLock(); 330 if (ret != 0) 331 return ret; 332 333 #if defined(STM32_HAL_V2) 334 hcryp.Init.Algorithm = CRYP_AES_ECB; 335 #elif defined(STM32_CRYPTO_AES_ONLY) 311 336 hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; 312 337 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; 313 338 hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; 314 #elif defined(STM32_HAL_V2)315 hcryp.Init.Algorithm = CRYP_AES_ECB;316 339 #endif 317 340 HAL_CRYP_Init(&hcryp); 318 341 319 #ifdef STM32_CRYPTO_AES_ONLY 342 #if defined(STM32_HAL_V2) 343 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, 344 (uint32_t*)outBlock, STM32_HAL_TIMEOUT); 345 #elif defined(STM32_CRYPTO_AES_ONLY) 320 346 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, 321 347 outBlock, STM32_HAL_TIMEOUT); 322 #elif defined(STM32_HAL_V2)323 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,324 (uint32_t*)outBlock, STM32_HAL_TIMEOUT);325 348 #else 326 349 ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, … … 332 355 HAL_CRYP_DeInit(&hcryp); 333 356 334 #else /* S TD_PERI_LIB*/357 #else /* Standard Peripheral Library */ 335 358 ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); 359 if (ret != 0) 360 return ret; 361 362 ret = wolfSSL_CryptHwMutexLock(); 336 363 if (ret != 0) 337 364 return ret; … … 370 397 CRYP_Cmd(DISABLE); 371 398 #endif /* WOLFSSL_STM32_CUBEMX */ 399 wolfSSL_CryptHwMutexUnLock(); 372 400 373 401 return ret; … … 392 420 return ret; 393 421 394 #ifdef STM32_CRYPTO_AES_ONLY 395 hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; 422 ret = wolfSSL_CryptHwMutexLock(); 423 if (ret != 0) 424 return ret; 425 426 #if defined(STM32_HAL_V2) 427 hcryp.Init.Algorithm = CRYP_AES_ECB; 428 #elif defined(STM32_CRYPTO_AES_ONLY) 429 hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; 396 430 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; 397 431 hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; 398 #elif defined(STM32_HAL_V2)399 hcryp.Init.Algorithm = CRYP_AES_ECB;400 432 #endif 401 433 HAL_CRYP_Init(&hcryp); 402 434 403 #ifdef STM32_CRYPTO_AES_ONLY 435 #if defined(STM32_HAL_V2) 436 ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, 437 (uint32_t*)outBlock, STM32_HAL_TIMEOUT); 438 #elif defined(STM32_CRYPTO_AES_ONLY) 404 439 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, 405 440 outBlock, STM32_HAL_TIMEOUT); 406 #elif defined(STM32_HAL_V2)407 ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,408 (uint32_t*)outBlock, STM32_HAL_TIMEOUT);409 441 #else 410 442 ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, … … 416 448 HAL_CRYP_DeInit(&hcryp); 417 449 418 #else /* S TD_PERI_LIB*/450 #else /* Standard Peripheral Library */ 419 451 ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); 452 if (ret != 0) 453 return ret; 454 455 ret = wolfSSL_CryptHwMutexLock(); 420 456 if (ret != 0) 421 457 return ret; … … 463 499 CRYP_Cmd(DISABLE); 464 500 #endif /* WOLFSSL_STM32_CUBEMX */ 501 wolfSSL_CryptHwMutexUnLock(); 465 502 466 503 return ret; … … 481 518 #undef NEED_AES_TABLES 482 519 #undef GCM_TABLE 483 #else 520 #endif 521 484 522 /* if LTC doesn't have GCM, use software with LTC AES ECB mode */ 485 523 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) 486 524 { 487 wc_AesEncryptDirect(aes, outBlock, inBlock); 525 word32 keySize = 0; 526 byte* key = (byte*)aes->key; 527 wc_AesGetKeySize(aes, &keySize); 528 529 if (wolfSSL_CryptHwMutexLock() == 0) { 530 LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE, 531 key, keySize); 532 wolfSSL_CryptHwMutexUnLock(); 533 } 488 534 return 0; 489 535 } 536 #ifdef HAVE_AES_DECRYPT 490 537 static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) 491 538 { 492 wc_AesDecryptDirect(aes, outBlock, inBlock); 539 word32 keySize = 0; 540 byte* key = (byte*)aes->key; 541 wc_AesGetKeySize(aes, &keySize); 542 543 if (wolfSSL_CryptHwMutexLock() == 0) { 544 LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE, 545 key, keySize, kLTC_EncryptKey); 546 wolfSSL_CryptHwMutexUnLock(); 547 } 493 548 return 0; 494 549 } 495 #endif 550 #endif 551 496 552 #elif defined(FREESCALE_MMCAU) 497 553 /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes … … 508 564 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) 509 565 { 510 int ret; 511 512 #ifdef FREESCALE_MMCAU_CLASSIC 513 if ((wolfssl_word)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { 514 WOLFSSL_MSG("Bad cau_aes_encrypt alignment"); 515 return BAD_ALIGN_E; 516 } 517 #endif 518 519 ret = wolfSSL_CryptHwMutexLock(); 520 if(ret == 0) { 566 if (wolfSSL_CryptHwMutexLock() == 0) { 521 567 #ifdef FREESCALE_MMCAU_CLASSIC 568 if ((wolfssl_word)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { 569 WOLFSSL_MSG("Bad cau_aes_encrypt alignment"); 570 return BAD_ALIGN_E; 571 } 522 572 cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); 523 573 #else … … 527 577 wolfSSL_CryptHwMutexUnLock(); 528 578 } 529 return ret;579 return 0; 530 580 } 531 581 #ifdef HAVE_AES_DECRYPT 532 582 static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) 533 583 { 534 int ret; 535 536 #ifdef FREESCALE_MMCAU_CLASSIC 537 if ((wolfssl_word)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { 538 WOLFSSL_MSG("Bad cau_aes_decrypt alignment"); 539 return BAD_ALIGN_E; 540 } 541 #endif 542 543 ret = wolfSSL_CryptHwMutexLock(); 544 if(ret == 0) { 584 if (wolfSSL_CryptHwMutexLock() == 0) { 545 585 #ifdef FREESCALE_MMCAU_CLASSIC 586 if ((wolfssl_word)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { 587 WOLFSSL_MSG("Bad cau_aes_decrypt alignment"); 588 return BAD_ALIGN_E; 589 } 546 590 cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); 547 591 #else … … 551 595 wolfSSL_CryptHwMutexUnLock(); 552 596 } 553 return ret;597 return 0; 554 598 } 555 599 #endif /* HAVE_AES_DECRYPT */ … … 562 606 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) 563 607 { 608 /* Thread mutex protection handled in Pic32Crypto */ 564 609 return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0, 565 610 outBlock, inBlock, AES_BLOCK_SIZE, … … 571 616 static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) 572 617 { 618 /* Thread mutex protection handled in Pic32Crypto */ 573 619 return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0, 574 620 outBlock, inBlock, AES_BLOCK_SIZE, … … 583 629 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) 584 630 { 585 return nrf51_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); 631 int ret; 632 ret = wolfSSL_CryptHwMutexLock(); 633 if (ret == 0) { 634 ret = nrf51_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); 635 wolfSSL_CryptHwMutexUnLock(); 636 } 637 return ret; 586 638 } 587 639 … … 598 650 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) 599 651 { 652 /* Thread mutex protection handled in esp_aes_hw_InUse */ 600 653 return wc_esp32AesEncrypt(aes, inBlock, outBlock); 601 654 } … … 605 658 static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) 606 659 { 660 /* Thread mutex protection handled in esp_aes_hw_InUse */ 607 661 return wc_esp32AesDecrypt(aes, inBlock, outBlock); 608 662 } … … 722 776 { 723 777 int nr; 724 Aes temp_key; 725 __m128i *Key_Schedule = (__m128i*)aes->key; 726 __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key; 778 #ifdef WOLFSSL_SMALL_STACK 779 Aes *temp_key; 780 #else 781 Aes temp_key[1]; 782 #endif 783 __m128i *Key_Schedule; 784 __m128i *Temp_Key_Schedule; 727 785 728 786 if (!userKey || !aes) 729 787 return BAD_FUNC_ARG; 730 788 731 if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG) 789 #ifdef WOLFSSL_SMALL_STACK 790 if ((temp_key = (Aes *)XMALLOC(sizeof *aes, aes->heap, 791 DYNAMIC_TYPE_AES)) == NULL) 792 return MEMORY_E; 793 #endif 794 795 if (AES_set_encrypt_key(userKey,bits,temp_key) == BAD_FUNC_ARG) { 796 #ifdef WOLFSSL_SMALL_STACK 797 XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES); 798 #endif 732 799 return BAD_FUNC_ARG; 733 734 nr = temp_key.rounds; 800 } 801 802 Key_Schedule = (__m128i*)aes->key; 803 Temp_Key_Schedule = (__m128i*)temp_key->key; 804 805 nr = temp_key->rounds; 735 806 aes->rounds = nr; 807 808 SAVE_VECTOR_REGISTERS(); 736 809 737 810 Key_Schedule[nr] = Temp_Key_Schedule[0]; … … 758 831 Key_Schedule[0] = Temp_Key_Schedule[nr]; 759 832 833 RESTORE_VECTOR_REGISTERS(); 834 835 #ifdef WOLFSSL_SMALL_STACK 836 XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES); 837 #endif 838 760 839 return 0; 761 840 } … … 772 851 773 852 #elif defined(WOLFSSL_AFALG) 853 /* implemented in wolfcrypt/src/port/af_alg/afalg_aes.c */ 854 774 855 #elif defined(WOLFSSL_DEVCRYPTO_AES) 856 /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */ 775 857 776 858 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) … … 792 874 int sz) 793 875 { 794 uint32_tret;876 word32 ret; 795 877 796 878 if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag == … … 830 912 831 913 if (ret != SSP_SUCCESS) { 832 /* revert input */914 /* revert input */ 833 915 ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz); 834 916 return WC_HW_E; … … 850 932 int sz) 851 933 { 852 uint32_tret;934 word32 ret; 853 935 854 936 if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag == … … 901 983 return 0; 902 984 } 903 904 #endif 985 #endif /* HAVE_AES_DECRYPT */ 905 986 906 987 #if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) … … 927 1008 #ifdef NEED_AES_TABLES 928 1009 929 static const word32 rcon[] = {1010 static const FLASH_QUALIFIER word32 rcon[] = { 930 1011 0x01000000, 0x02000000, 0x04000000, 0x08000000, 931 1012 0x10000000, 0x20000000, 0x40000000, 0x80000000, … … 935 1016 936 1017 #ifndef WOLFSSL_AES_SMALL_TABLES 937 static const word32 Te[4][256] = {1018 static const FLASH_QUALIFIER word32 Te[4][256] = { 938 1019 { 939 1020 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, … … 1203 1284 1204 1285 #ifdef HAVE_AES_DECRYPT 1205 static const word32 Td[4][256] = {1286 static const FLASH_QUALIFIER word32 Td[4][256] = { 1206 1287 { 1207 1288 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, … … 1471 1552 }; 1472 1553 #endif /* HAVE_AES_DECRYPT */ 1473 #endif 1554 #endif /* WOLFSSL_AES_SMALL_TABLES */ 1474 1555 1475 1556 #ifdef HAVE_AES_DECRYPT 1476 1557 #if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \ 1477 1478 static const byte Td4[256] =1558 || defined(WOLFSSL_AES_DIRECT) 1559 static const FLASH_QUALIFIER byte Td4[256] = 1479 1560 { 1480 1561 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, … … 1562 1643 } 1563 1644 1645 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) 1564 1646 static word32 inv_col_mul(word32 t, int i9, int ib, int id, int ie) 1565 1647 { … … 1572 1654 } 1573 1655 #endif 1574 1575 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) 1656 #endif 1657 1658 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || \ 1659 defined(HAVE_AESCCM) || defined(HAVE_AESGCM) 1576 1660 1577 1661 #ifndef WC_CACHE_LINE_SZ … … 1586 1670 1587 1671 1672 #ifndef WC_NO_CACHE_RESISTANT 1588 1673 #ifndef WOLFSSL_AES_SMALL_TABLES 1589 1674 /* load 4 Te Tables into cache by cache line stride */ … … 1614 1699 } 1615 1700 #endif 1701 #endif 1616 1702 1617 1703 /* Software AES - ECB Encrypt */ … … 1623 1709 const word32* rk = aes->key; 1624 1710 1711 #ifdef DEBUG_WOLFSSL 1625 1712 if (r > 7 || r == 0) { 1626 1713 WOLFSSL_MSG("AesEncrypt encountered improper key, set it up"); 1627 1714 return; /* stop instead of seg-faulting, set up your keys! */ 1628 1715 } 1716 #endif 1629 1717 1630 1718 #ifdef WOLFSSL_AESNI … … 1650 1738 1651 1739 XMEMCPY(tmp_align, inBlock, AES_BLOCK_SIZE); 1740 SAVE_VECTOR_REGISTERS(); 1652 1741 AES_ECB_encrypt(tmp_align, tmp_align, AES_BLOCK_SIZE, 1653 1742 (byte*)aes->key, aes->rounds); 1743 RESTORE_VECTOR_REGISTERS(); 1654 1744 XMEMCPY(outBlock, tmp_align, AES_BLOCK_SIZE); 1655 1745 XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); … … 1661 1751 } 1662 1752 1753 SAVE_VECTOR_REGISTERS(); 1663 1754 AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key, 1664 1755 aes->rounds); 1756 RESTORE_VECTOR_REGISTERS(); 1665 1757 1666 1758 return; … … 1675 1767 AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); 1676 1768 return; 1769 #endif 1770 1771 #if defined(WOLFSSL_IMXRT_DCP) 1772 if (aes->keylen == 16) { 1773 DCPAesEcbEncrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE); 1774 return; 1775 } 1677 1776 #endif 1678 1777 … … 1682 1781 */ 1683 1782 XMEMCPY(&s0, inBlock, sizeof(s0)); 1684 XMEMCPY(&s1, inBlock + sizeof(s0),sizeof(s1));1783 XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1)); 1685 1784 XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2)); 1686 1785 XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3)); … … 1700 1799 1701 1800 #ifndef WOLFSSL_AES_SMALL_TABLES 1801 #ifndef WC_NO_CACHE_RESISTANT 1702 1802 s0 |= PreFetchTe(); 1703 1803 #endif 1804 1805 #ifndef WOLFSSL_AES_NO_UNROLL 1806 /* Unroll the loop. */ 1807 #define ENC_ROUND_T_S(o) \ 1808 t0 = Te[0][GETBYTE(s0, 3)] ^ Te[1][GETBYTE(s1, 2)] ^ \ 1809 Te[2][GETBYTE(s2, 1)] ^ Te[3][GETBYTE(s3, 0)] ^ rk[o+4]; \ 1810 t1 = Te[0][GETBYTE(s1, 3)] ^ Te[1][GETBYTE(s2, 2)] ^ \ 1811 Te[2][GETBYTE(s3, 1)] ^ Te[3][GETBYTE(s0, 0)] ^ rk[o+5]; \ 1812 t2 = Te[0][GETBYTE(s2, 3)] ^ Te[1][GETBYTE(s3, 2)] ^ \ 1813 Te[2][GETBYTE(s0, 1)] ^ Te[3][GETBYTE(s1, 0)] ^ rk[o+6]; \ 1814 t3 = Te[0][GETBYTE(s3, 3)] ^ Te[1][GETBYTE(s0, 2)] ^ \ 1815 Te[2][GETBYTE(s1, 1)] ^ Te[3][GETBYTE(s2, 0)] ^ rk[o+7] 1816 #define ENC_ROUND_S_T(o) \ 1817 s0 = Te[0][GETBYTE(t0, 3)] ^ Te[1][GETBYTE(t1, 2)] ^ \ 1818 Te[2][GETBYTE(t2, 1)] ^ Te[3][GETBYTE(t3, 0)] ^ rk[o+0]; \ 1819 s1 = Te[0][GETBYTE(t1, 3)] ^ Te[1][GETBYTE(t2, 2)] ^ \ 1820 Te[2][GETBYTE(t3, 1)] ^ Te[3][GETBYTE(t0, 0)] ^ rk[o+1]; \ 1821 s2 = Te[0][GETBYTE(t2, 3)] ^ Te[1][GETBYTE(t3, 2)] ^ \ 1822 Te[2][GETBYTE(t0, 1)] ^ Te[3][GETBYTE(t1, 0)] ^ rk[o+2]; \ 1823 s3 = Te[0][GETBYTE(t3, 3)] ^ Te[1][GETBYTE(t0, 2)] ^ \ 1824 Te[2][GETBYTE(t1, 1)] ^ Te[3][GETBYTE(t2, 0)] ^ rk[o+3] 1825 1826 ENC_ROUND_T_S( 0); 1827 ENC_ROUND_S_T( 8); ENC_ROUND_T_S( 8); 1828 ENC_ROUND_S_T(16); ENC_ROUND_T_S(16); 1829 ENC_ROUND_S_T(24); ENC_ROUND_T_S(24); 1830 ENC_ROUND_S_T(32); ENC_ROUND_T_S(32); 1831 if (r > 5) { 1832 ENC_ROUND_S_T(40); ENC_ROUND_T_S(40); 1833 if (r > 6) { 1834 ENC_ROUND_S_T(48); ENC_ROUND_T_S(48); 1835 } 1836 } 1837 rk += r * 8; 1838 #else 1704 1839 /* 1705 1840 * Nr - 1 full rounds: … … 1762 1897 rk[3]; 1763 1898 } 1899 #endif 1764 1900 1765 1901 /* … … 1793 1929 rk[3]; 1794 1930 #else 1931 #ifndef WC_NO_CACHE_RESISTANT 1795 1932 s0 |= PreFetchSBox(); 1933 #endif 1796 1934 1797 1935 r *= 2; … … 1880 2018 1881 2019 XMEMCPY(outBlock, &s0, sizeof(s0)); 1882 XMEMCPY(outBlock + sizeof(s0),&s1, sizeof(s1));2020 XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1)); 1883 2021 XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2)); 1884 2022 XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); … … 1891 2029 defined(WOLFSSL_AES_DIRECT) 1892 2030 2031 #ifndef WC_NO_CACHE_RESISTANT 1893 2032 #ifndef WOLFSSL_AES_SMALL_TABLES 1894 2033 /* load 4 Td Tables into cache by cache line stride */ … … 1919 2058 return x; 1920 2059 } 2060 #endif 1921 2061 1922 2062 /* Software AES - ECB Decrypt */ … … 1926 2066 word32 t0, t1, t2, t3; 1927 2067 word32 r = aes->rounds >> 1; 1928 1929 2068 const word32* rk = aes->key; 2069 2070 #ifdef DEBUG_WOLFSSL 1930 2071 if (r > 7 || r == 0) { 1931 2072 WOLFSSL_MSG("AesDecrypt encountered improper key, set it up"); 1932 2073 return; /* stop instead of seg-faulting, set up your keys! */ 1933 2074 } 2075 #endif 2076 1934 2077 #ifdef WOLFSSL_AESNI 1935 2078 if (haveAESNI && aes->use_aesni) { … … 1946 2089 if ((const byte*)aes->tmp != inBlock) 1947 2090 XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE); 2091 SAVE_VECTOR_REGISTERS(); 1948 2092 AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key, 1949 2093 aes->rounds); 2094 RESTORE_VECTOR_REGISTERS(); 1950 2095 return; 1951 2096 } … … 1958 2103 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) 1959 2104 return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); 2105 #endif 2106 #if defined(WOLFSSL_IMXRT_DCP) 2107 if (aes->keylen == 16) { 2108 DCPAesEcbDecrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE); 2109 return; 2110 } 1960 2111 #endif 1961 2112 … … 1982 2133 1983 2134 #ifndef WOLFSSL_AES_SMALL_TABLES 2135 #ifndef WC_NO_CACHE_RESISTANT 1984 2136 s0 |= PreFetchTd(); 2137 #endif 2138 2139 #ifndef WOLFSSL_AES_NO_UNROLL 2140 /* Unroll the loop. */ 2141 #define DEC_ROUND_T_S(o) \ 2142 t0 = Td[0][GETBYTE(s0, 3)] ^ Td[1][GETBYTE(s3, 2)] ^ \ 2143 Td[2][GETBYTE(s2, 1)] ^ Td[3][GETBYTE(s1, 0)] ^ rk[o+4]; \ 2144 t1 = Td[0][GETBYTE(s1, 3)] ^ Td[1][GETBYTE(s0, 2)] ^ \ 2145 Td[2][GETBYTE(s3, 1)] ^ Td[3][GETBYTE(s2, 0)] ^ rk[o+5]; \ 2146 t2 = Td[0][GETBYTE(s2, 3)] ^ Td[1][GETBYTE(s1, 2)] ^ \ 2147 Td[2][GETBYTE(s0, 1)] ^ Td[3][GETBYTE(s3, 0)] ^ rk[o+6]; \ 2148 t3 = Td[0][GETBYTE(s3, 3)] ^ Td[1][GETBYTE(s2, 2)] ^ \ 2149 Td[2][GETBYTE(s1, 1)] ^ Td[3][GETBYTE(s0, 0)] ^ rk[o+7] 2150 #define DEC_ROUND_S_T(o) \ 2151 s0 = Td[0][GETBYTE(t0, 3)] ^ Td[1][GETBYTE(t3, 2)] ^ \ 2152 Td[2][GETBYTE(t2, 1)] ^ Td[3][GETBYTE(t1, 0)] ^ rk[o+0]; \ 2153 s1 = Td[0][GETBYTE(t1, 3)] ^ Td[1][GETBYTE(t0, 2)] ^ \ 2154 Td[2][GETBYTE(t3, 1)] ^ Td[3][GETBYTE(t2, 0)] ^ rk[o+1]; \ 2155 s2 = Td[0][GETBYTE(t2, 3)] ^ Td[1][GETBYTE(t1, 2)] ^ \ 2156 Td[2][GETBYTE(t0, 1)] ^ Td[3][GETBYTE(t3, 0)] ^ rk[o+2]; \ 2157 s3 = Td[0][GETBYTE(t3, 3)] ^ Td[1][GETBYTE(t2, 2)] ^ \ 2158 Td[2][GETBYTE(t1, 1)] ^ Td[3][GETBYTE(t0, 0)] ^ rk[o+3] 2159 2160 DEC_ROUND_T_S( 0); 2161 DEC_ROUND_S_T( 8); DEC_ROUND_T_S( 8); 2162 DEC_ROUND_S_T(16); DEC_ROUND_T_S(16); 2163 DEC_ROUND_S_T(24); DEC_ROUND_T_S(24); 2164 DEC_ROUND_S_T(32); DEC_ROUND_T_S(32); 2165 if (r > 5) { 2166 DEC_ROUND_S_T(40); DEC_ROUND_T_S(40); 2167 if (r > 6) { 2168 DEC_ROUND_S_T(48); DEC_ROUND_T_S(48); 2169 } 2170 } 2171 rk += r * 8; 2172 #else 1985 2173 1986 2174 /* … … 2044 2232 rk[3]; 2045 2233 } 2234 #endif 2046 2235 /* 2047 2236 * apply last round and … … 2049 2238 */ 2050 2239 2240 #ifndef WC_NO_CACHE_RESISTANT 2051 2241 t0 |= PreFetchTd4(); 2242 #endif 2052 2243 2053 2244 s0 = … … 2076 2267 rk[3]; 2077 2268 #else 2269 #ifndef WC_NO_CACHE_RESISTANT 2078 2270 s0 |= PreFetchTd4(); 2271 #endif 2079 2272 2080 2273 r *= 2; … … 2202 2395 aes->left = 0; 2203 2396 #endif 2204 2205 2397 return wc_AesSetIV(aes, iv); 2206 2398 } … … 2389 2581 aes->keylen = keylen; 2390 2582 aes->rounds = keylen/4 + 6; 2583 XMEMCPY(aes->key, userKey, keylen); 2391 2584 ret = nrf51_aes_set_key(userKey); 2392 2585 … … 2475 2668 XMEMCPY(aes->key, userKey, keylen); 2476 2669 2477 aes->ctx.key.pKey = ( uint8_t*)aes->key;2670 aes->ctx.key.pKey = (byte*)aes->key; 2478 2671 aes->ctx.key.keySize= keylen; 2479 2672 … … 2517 2710 /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */ 2518 2711 2712 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 2713 /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ 2714 2519 2715 #else 2520 2716 2521 2717 /* Software AES - SetKey */ 2522 2718 static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, 2523 const byte* iv, int dir )2719 const byte* iv, int dir, int checkKeyLen) 2524 2720 { 2525 word32 *rk = aes->key; 2721 int ret; 2722 word32 *rk; 2526 2723 #ifdef NEED_AES_TABLES 2527 2724 word32 temp; 2528 2725 unsigned int i = 0; 2529 2726 #endif 2530 2531 #ifdef WOLFSSL_AESNI 2532 aes->use_aesni = 0; 2533 #endif /* WOLFSSL_AESNI */ 2534 #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ 2535 defined(WOLFSSL_AES_OFB) 2536 aes->left = 0; 2727 #ifdef WOLFSSL_IMX6_CAAM_BLOB 2728 byte local[32]; 2729 word32 localSz = 32; 2730 #endif 2731 2732 #ifdef WOLFSSL_IMX6_CAAM_BLOB 2733 if (keylen == (16 + WC_CAAM_BLOB_SZ) || 2734 keylen == (24 + WC_CAAM_BLOB_SZ) || 2735 keylen == (32 + WC_CAAM_BLOB_SZ)) { 2736 if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) != 0) { 2737 return BAD_FUNC_ARG; 2738 } 2739 2740 /* set local values */ 2741 userKey = local; 2742 keylen = localSz; 2743 } 2744 #endif 2745 2746 #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ 2747 (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ 2748 (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) 2749 #ifdef WOLF_CRYPTO_CB 2750 if (aes->devId != INVALID_DEVID) 2537 2751 #endif 2752 { 2753 if (keylen > sizeof(aes->devKey)) { 2754 return BAD_FUNC_ARG; 2755 } 2756 XMEMCPY(aes->devKey, userKey, keylen); 2757 } 2758 #endif 2759 2760 if (checkKeyLen) { 2761 if (keylen != 16 && keylen != 24 && keylen != 32) { 2762 return BAD_FUNC_ARG; 2763 } 2764 #ifdef AES_MAX_KEY_SIZE 2765 /* Check key length */ 2766 if (keylen > (AES_MAX_KEY_SIZE / 8)) { 2767 return BAD_FUNC_ARG; 2768 } 2769 #endif 2770 } 2771 2772 #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ 2773 defined(WOLFSSL_AES_OFB) 2774 aes->left = 0; 2775 #endif 2538 2776 2539 2777 aes->keylen = keylen; 2540 2778 aes->rounds = (keylen/4) + 6; 2541 2779 2780 #ifdef WOLFSSL_AESNI 2781 aes->use_aesni = 0; 2782 if (checkAESNI == 0) { 2783 haveAESNI = Check_CPU_support_AES(); 2784 checkAESNI = 1; 2785 } 2786 if (haveAESNI) { 2787 aes->use_aesni = 1; 2788 if (iv) 2789 XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); 2790 else 2791 XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); 2792 if (dir == AES_ENCRYPTION) 2793 return AES_set_encrypt_key(userKey, keylen * 8, aes); 2794 #ifdef HAVE_AES_DECRYPT 2795 else 2796 return AES_set_decrypt_key(userKey, keylen * 8, aes); 2797 #endif 2798 } 2799 #endif /* WOLFSSL_AESNI */ 2800 2801 if (keylen > sizeof(aes->key)) { 2802 return BAD_FUNC_ARG; 2803 } 2804 rk = aes->key; 2542 2805 XMEMCPY(rk, userKey, keylen); 2543 2806 #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ … … 2545 2808 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_AES)) 2546 2809 ByteReverseWords(rk, rk, keylen); 2810 #endif 2811 2812 #ifdef WOLFSSL_IMXRT_DCP 2813 /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 2814 temp = 0; 2815 if (keylen == 16) 2816 temp = DCPAesSetKey(aes, userKey, keylen, iv, dir); 2817 if (temp != 0) 2818 return WC_HW_E; 2547 2819 #endif 2548 2820 … … 2659 2931 return BAD_FUNC_ARG; 2660 2932 } /* switch */ 2933 ForceZero(&temp, sizeof(temp)); 2661 2934 2662 2935 #if defined(HAVE_AES_DECRYPT) … … 2672 2945 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; 2673 2946 } 2947 ForceZero(&temp, sizeof(temp)); 2674 2948 #if !defined(WOLFSSL_AES_SMALL_TABLES) 2675 2949 /* apply the inverse MixColumn transform to all round keys but the … … 2713 2987 #endif 2714 2988 2715 return wc_AesSetIV(aes, iv); 2716 } 2717 2718 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, 2719 const byte* iv, int dir) 2720 { 2721 int ret; 2722 #if defined(AES_MAX_KEY_SIZE) 2723 const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); 2724 #endif 2725 2726 #ifdef WOLFSSL_IMX6_CAAM_BLOB 2727 byte local[32]; 2728 word32 localSz = 32; 2729 2730 if (keylen == (16 + WC_CAAM_BLOB_SZ) || 2731 keylen == (24 + WC_CAAM_BLOB_SZ) || 2732 keylen == (32 + WC_CAAM_BLOB_SZ)) { 2733 if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) != 0) { 2734 return BAD_FUNC_ARG; 2735 } 2736 2737 /* set local values */ 2738 userKey = local; 2739 keylen = localSz; 2740 } 2741 #endif 2742 if (aes == NULL || 2743 !((keylen == 16) || (keylen == 24) || (keylen == 32))) { 2744 return BAD_FUNC_ARG; 2745 } 2746 2747 #if defined(AES_MAX_KEY_SIZE) 2748 /* Check key length */ 2749 if (keylen > max_key_len) { 2750 return BAD_FUNC_ARG; 2751 } 2752 #endif 2753 aes->keylen = keylen; 2754 aes->rounds = keylen/4 + 6; 2755 2756 #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ 2757 (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ 2758 (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) 2759 #ifdef WOLF_CRYPTO_CB 2760 if (aes->devId != INVALID_DEVID) 2761 #endif 2762 { 2763 XMEMCPY(aes->devKey, userKey, keylen); 2764 } 2765 #endif 2766 2767 #ifdef WOLFSSL_AESNI 2768 if (checkAESNI == 0) { 2769 haveAESNI = Check_CPU_support_AES(); 2770 checkAESNI = 1; 2771 } 2772 if (haveAESNI) { 2773 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ 2774 defined(WOLFSSL_AES_OFB) 2775 aes->left = 0; 2776 #endif /* WOLFSSL_AES_COUNTER */ 2777 aes->use_aesni = 1; 2778 if (iv) 2779 XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); 2780 else 2781 XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); 2782 if (dir == AES_ENCRYPTION) 2783 return AES_set_encrypt_key(userKey, keylen * 8, aes); 2784 #ifdef HAVE_AES_DECRYPT 2785 else 2786 return AES_set_decrypt_key(userKey, keylen * 8, aes); 2787 #endif 2788 } 2789 #endif /* WOLFSSL_AESNI */ 2790 2791 ret = wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir); 2989 ret = wc_AesSetIV(aes, iv); 2792 2990 2793 2991 #if defined(WOLFSSL_DEVCRYPTO) && \ … … 2801 2999 } 2802 3000 3001 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, 3002 const byte* iv, int dir) 3003 { 3004 if (aes == NULL) { 3005 return BAD_FUNC_ARG; 3006 } 3007 if (keylen > sizeof(aes->key)) { 3008 return BAD_FUNC_ARG; 3009 } 3010 3011 return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); 3012 } 3013 2803 3014 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) 2804 /* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */ 3015 /* AES-CTR and AES-DIRECT need to use this for key setup */ 3016 /* This function allows key sizes that are not 128/192/256 bits */ 2805 3017 int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, 2806 3018 const byte* iv, int dir) 2807 3019 { 2808 int ret; 2809 2810 #ifdef WOLFSSL_IMX6_CAAM_BLOB 2811 byte local[32]; 2812 word32 localSz = 32; 2813 2814 if (keylen == (16 + WC_CAAM_BLOB_SZ) || 2815 keylen == (24 + WC_CAAM_BLOB_SZ) || 2816 keylen == (32 + WC_CAAM_BLOB_SZ)) { 2817 if (wc_caamOpenBlob((byte*)userKey, keylen, local, &localSz) 2818 != 0) { 2819 return BAD_FUNC_ARG; 2820 } 2821 2822 /* set local values */ 2823 userKey = local; 2824 keylen = localSz; 3020 if (aes == NULL) { 3021 return BAD_FUNC_ARG; 2825 3022 } 2826 #endif 2827 ret = wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir); 2828 2829 #ifdef WOLFSSL_IMX6_CAAM_BLOB 2830 ForceZero(local, sizeof(local)); 2831 #endif 2832 2833 return ret; 3023 if (keylen > sizeof(aes->key)) { 3024 return BAD_FUNC_ARG; 3025 } 3026 3027 return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 0); 2834 3028 } 2835 3029 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ … … 2847 3041 else 2848 3042 XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); 2849 2850 3043 return 0; 2851 3044 } … … 2856 3049 #error "Coldfire SEC doesn't yet support AES direct" 2857 3050 2858 #elif defined(FREESCALE_LTC)2859 /* Allow direct access to one block encrypt */2860 void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)2861 {2862 byte *key;2863 uint32_t keySize;2864 2865 key = (byte*)aes->key;2866 wc_AesGetKeySize(aes, &keySize);2867 2868 LTC_AES_EncryptEcb(LTC_BASE, in, out, AES_BLOCK_SIZE,2869 key, keySize);2870 }2871 2872 /* Allow direct access to one block decrypt */2873 void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)2874 {2875 byte *key;2876 uint32_t keySize;2877 2878 key = (byte*)aes->key;2879 wc_AesGetKeySize(aes, &keySize);2880 2881 LTC_AES_DecryptEcb(LTC_BASE, in, out, AES_BLOCK_SIZE,2882 key, keySize, kLTC_EncryptKey);2883 }2884 2885 3051 #elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) 2886 3052 /* implemented in wolfcrypt/src/port/caam/caam_aes.c */ … … 2892 3058 /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ 2893 3059 2894 #elif defined(STM32_CRYPTO)2895 /* Allow direct access to one block encrypt */2896 void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)2897 {2898 if (wolfSSL_CryptHwMutexLock() == 0) {2899 wc_AesEncrypt(aes, in, out);2900 wolfSSL_CryptHwMutexUnLock();2901 }2902 }2903 #ifdef HAVE_AES_DECRYPT2904 /* Allow direct access to one block decrypt */2905 void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)2906 {2907 if (wolfSSL_CryptHwMutexLock() == 0) {2908 wc_AesDecrypt(aes, in, out);2909 wolfSSL_CryptHwMutexUnLock();2910 }2911 }2912 #endif /* HAVE_AES_DECRYPT */2913 2914 #elif defined(WOLFSSL_ESP32WROOM32_CRYPT) && \2915 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_AES)2916 2917 /* Allow direct access to one block encrypt */2918 void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)2919 {2920 wc_AesEncrypt(aes, in, out);2921 }2922 #ifdef HAVE_AES_DECRYPT2923 /* Allow direct access to one block decrypt */2924 void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)2925 {2926 wc_AesDecrypt(aes, in, out);2927 }2928 #endif /* HAVE_AES_DECRYPT */2929 3060 #else 2930 3061 /* Allow direct access to one block encrypt */ … … 2964 3095 } 2965 3096 2966 #ifdef STM32_CRYPTO_AES_ONLY 3097 #if defined(STM32_HAL_V2) 3098 hcryp.Init.Algorithm = CRYP_AES_CBC; 3099 ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); 3100 #elif defined(STM32_CRYPTO_AES_ONLY) 2967 3101 hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; 2968 3102 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; 2969 3103 hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; 2970 #elif defined(STM32_HAL_V2)2971 hcryp.Init.Algorithm = CRYP_AES_CBC;2972 ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);2973 3104 #endif 2974 3105 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; 2975 3106 HAL_CRYP_Init(&hcryp); 2976 3107 2977 while (blocks--) { 2978 #ifdef STM32_CRYPTO_AES_ONLY 2979 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, 2980 out, STM32_HAL_TIMEOUT); 2981 #elif defined(STM32_HAL_V2) 2982 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, 2983 (uint32_t*)out, STM32_HAL_TIMEOUT); 2984 #else 2985 ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, 2986 out, STM32_HAL_TIMEOUT); 2987 #endif 2988 if (ret != HAL_OK) { 2989 ret = WC_TIMEOUT_E; 2990 break; 2991 } 2992 2993 /* store iv for next call */ 2994 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); 2995 2996 sz -= AES_BLOCK_SIZE; 2997 in += AES_BLOCK_SIZE; 2998 out += AES_BLOCK_SIZE; 2999 } 3108 #if defined(STM32_HAL_V2) 3109 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, 3110 (uint32_t*)out, STM32_HAL_TIMEOUT); 3111 #elif defined(STM32_CRYPTO_AES_ONLY) 3112 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, 3113 out, STM32_HAL_TIMEOUT); 3114 #else 3115 ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, 3116 out, STM32_HAL_TIMEOUT); 3117 #endif 3118 if (ret != HAL_OK) { 3119 ret = WC_TIMEOUT_E; 3120 } 3121 3122 /* store iv for next call */ 3123 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); 3000 3124 3001 3125 HAL_CRYP_DeInit(&hcryp); … … 3024 3148 XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); 3025 3149 3026 #ifdef STM32_CRYPTO_AES_ONLY 3150 #if defined(STM32_HAL_V2) 3151 hcryp.Init.Algorithm = CRYP_AES_CBC; 3152 ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); 3153 #elif defined(STM32_CRYPTO_AES_ONLY) 3027 3154 hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; 3028 3155 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; 3029 3156 hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; 3030 #elif defined(STM32_HAL_V2)3031 hcryp.Init.Algorithm = CRYP_AES_CBC;3032 ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);3033 3157 #endif 3034 3158 … … 3036 3160 HAL_CRYP_Init(&hcryp); 3037 3161 3038 while (blocks--) { 3039 #ifdef STM32_CRYPTO_AES_ONLY 3040 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, 3041 out, STM32_HAL_TIMEOUT); 3042 #elif defined(STM32_HAL_V2) 3043 ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, 3044 (uint32_t*)out, STM32_HAL_TIMEOUT); 3045 #else 3046 ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, 3047 out, STM32_HAL_TIMEOUT); 3048 #endif 3049 if (ret != HAL_OK) { 3050 ret = WC_TIMEOUT_E; 3051 break; 3052 } 3053 3054 /* store iv for next call */ 3055 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); 3056 3057 in += AES_BLOCK_SIZE; 3058 out += AES_BLOCK_SIZE; 3059 } 3162 #if defined(STM32_HAL_V2) 3163 ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, 3164 (uint32_t*)out, STM32_HAL_TIMEOUT); 3165 #elif defined(STM32_CRYPTO_AES_ONLY) 3166 ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, 3167 out, STM32_HAL_TIMEOUT); 3168 #else 3169 ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, 3170 out, STM32_HAL_TIMEOUT); 3171 #endif 3172 if (ret != HAL_OK) { 3173 ret = WC_TIMEOUT_E; 3174 } 3175 3176 /* store iv for next call */ 3177 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); 3060 3178 3061 3179 HAL_CRYP_DeInit(&hcryp); … … 3066 3184 #endif /* HAVE_AES_DECRYPT */ 3067 3185 3068 #else /* S TD_PERI_LIB*/3186 #else /* Standard Peripheral Library */ 3069 3187 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3070 3188 { … … 3338 3456 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3339 3457 { 3340 uint32_tkeySize;3458 word32 keySize; 3341 3459 status_t status; 3342 3460 byte *iv, *enc_key; … … 3351 3469 } 3352 3470 3471 status = wolfSSL_CryptHwMutexLock(); 3472 if (status != 0) 3473 return status; 3353 3474 status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE, 3354 3475 iv, enc_key, keySize); 3476 wolfSSL_CryptHwMutexUnLock(); 3355 3477 3356 3478 /* store iv for next call */ … … 3365 3487 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3366 3488 { 3367 uint32_tkeySize;3489 word32 keySize; 3368 3490 status_t status; 3369 3491 byte* iv, *dec_key; … … 3382 3504 XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); 3383 3505 3506 status = wolfSSL_CryptHwMutexLock(); 3507 if (status != 0) 3508 return status; 3384 3509 status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE, 3385 3510 iv, dec_key, keySize, kLTC_EncryptKey); 3511 wolfSSL_CryptHwMutexUnLock(); 3386 3512 3387 3513 /* store IV for next call */ … … 3403 3529 byte temp_block[AES_BLOCK_SIZE]; 3404 3530 3405 iv 3531 iv = (byte*)aes->reg; 3406 3532 3407 3533 while (blocks--) { … … 3431 3557 byte temp_block[AES_BLOCK_SIZE]; 3432 3558 3433 iv 3559 iv = (byte*)aes->reg; 3434 3560 3435 3561 while (blocks--) { … … 3514 3640 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3515 3641 { 3516 return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t* 3642 return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t*)in, sz, out); 3517 3643 } 3518 3644 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3519 3645 { 3520 return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t* 3646 return SaSi_AesBlock(&aes->ctx.user_ctx, (uint8_t*)in, sz, out); 3521 3647 } 3522 3648 #elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) … … 3528 3654 #elif defined(WOLFSSL_DEVCRYPTO_CBC) 3529 3655 /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ 3656 3657 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 3658 /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ 3530 3659 3531 3660 #else … … 3539 3668 return BAD_FUNC_ARG; 3540 3669 } 3670 3671 if (sz == 0) { 3672 return 0; 3673 } 3674 #ifdef WOLFSSL_IMXRT_DCP 3675 /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 3676 if (aes->keylen == 16) 3677 return DCPAesCbcEncrypt(aes, out, in, sz); 3678 #endif 3541 3679 3542 3680 #ifdef WOLF_CRYPTO_CB … … 3593 3731 tmp_align = tmp + (AESNI_ALIGN - ((size_t)tmp % AESNI_ALIGN)); 3594 3732 XMEMCPY(tmp_align, in, sz); 3733 SAVE_VECTOR_REGISTERS(); 3595 3734 AES_CBC_encrypt(tmp_align, tmp_align, (byte*)aes->reg, sz, 3596 3735 (byte*)aes->key, aes->rounds); 3736 RESTORE_VECTOR_REGISTERS(); 3597 3737 /* store iv for next call */ 3598 3738 XMEMCPY(aes->reg, tmp_align + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); … … 3607 3747 } 3608 3748 3749 SAVE_VECTOR_REGISTERS(); 3609 3750 AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, 3610 3751 aes->rounds); 3752 RESTORE_VECTOR_REGISTERS(); 3611 3753 /* store iv for next call */ 3612 3754 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); … … 3638 3780 return BAD_FUNC_ARG; 3639 3781 } 3782 3783 if (sz == 0) { 3784 return 0; 3785 } 3786 #ifdef WOLFSSL_IMXRT_DCP 3787 /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 3788 if (aes->keylen == 16) 3789 return DCPAesCbcDecrypt(aes, out, in, sz); 3790 #endif 3640 3791 3641 3792 #ifdef WOLF_CRYPTO_CB … … 3684 3835 /* if input and output same will overwrite input iv */ 3685 3836 XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); 3837 SAVE_VECTOR_REGISTERS(); 3686 3838 #if defined(WOLFSSL_AESNI_BY4) 3687 3839 AES_CBC_decrypt_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key, … … 3695 3847 #endif /* WOLFSSL_AESNI_BYx */ 3696 3848 /* store iv for next call */ 3849 RESTORE_VECTOR_REGISTERS(); 3697 3850 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); 3698 3851 return 0; … … 3741 3894 #endif 3742 3895 3896 #ifdef WOLFSSL_STM32_CUBEMX 3897 ret = wc_Stm32_Aes_Init(aes, &hcryp); 3898 if (ret != 0) { 3899 return ret; 3900 } 3901 3743 3902 ret = wolfSSL_CryptHwMutexLock(); 3744 3903 if (ret != 0) { … … 3746 3905 } 3747 3906 3748 #ifdef WOLFSSL_STM32_CUBEMX 3749 ret = wc_Stm32_Aes_Init(aes, &hcryp); 3750 if (ret != 0) { 3751 wolfSSL_CryptHwMutexUnLock(); 3752 return ret; 3753 } 3754 3755 #ifdef STM32_CRYPTO_AES_ONLY 3907 #if defined(STM32_HAL_V2) 3908 hcryp.Init.Algorithm = CRYP_AES_CTR; 3909 ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); 3910 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; 3911 #elif defined(STM32_CRYPTO_AES_ONLY) 3756 3912 hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; 3757 3913 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; 3758 3914 hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; 3759 3915 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; 3760 #elif defined(STM32_HAL_V2)3761 hcryp.Init.Algorithm = CRYP_AES_CTR;3762 ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE);3763 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv;3764 3916 #else 3765 3917 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; … … 3767 3919 HAL_CRYP_Init(&hcryp); 3768 3920 3769 #ifdef STM32_CRYPTO_AES_ONLY 3921 #if defined(STM32_HAL_V2) 3922 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, 3923 (uint32_t*)out, STM32_HAL_TIMEOUT); 3924 #elif defined(STM32_CRYPTO_AES_ONLY) 3770 3925 ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, 3771 3926 out, STM32_HAL_TIMEOUT); 3772 #elif defined(STM32_HAL_V2)3773 ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,3774 (uint32_t*)out, STM32_HAL_TIMEOUT);3775 3927 #else 3776 3928 ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, … … 3782 3934 HAL_CRYP_DeInit(&hcryp); 3783 3935 3784 #else /* S TD_PERI_LIB*/3936 #else /* Standard Peripheral Library */ 3785 3937 ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); 3786 3938 if (ret != 0) { 3787 wolfSSL_CryptHwMutexUnLock(); 3939 return ret; 3940 } 3941 3942 ret = wolfSSL_CryptHwMutexLock(); 3943 if (ret != 0) { 3788 3944 return ret; 3789 3945 } … … 3830 3986 /* disable crypto processor */ 3831 3987 CRYP_Cmd(DISABLE); 3832 3833 3988 #endif /* WOLFSSL_STM32_CUBEMX */ 3834 3989 … … 3859 4014 int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) 3860 4015 { 3861 uint32_t keySize; 4016 int ret = 0; 4017 word32 keySize; 3862 4018 byte *iv, *enc_key; 3863 4019 byte* tmp; … … 3881 4037 wc_AesGetKeySize(aes, &keySize); 3882 4038 4039 ret = wolfSSL_CryptHwMutexLock(); 4040 if (ret != 0) 4041 return ret; 3883 4042 LTC_AES_CryptCtr(LTC_BASE, in, out, sz, 3884 4043 iv, enc_key, keySize, (byte*)aes->tmp, 3885 4044 (uint32_t*)&aes->left); 4045 wolfSSL_CryptHwMutexUnLock(); 3886 4046 } 3887 4047 3888 return 0;4048 return ret; 3889 4049 } 3890 4050 … … 3897 4057 #elif defined(WOLFSSL_DEVCRYPTO_AES) 3898 4058 /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ 3899 4059 3900 4060 #elif defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ 3901 4061 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_AES) … … 4010 4170 #error "Coldfire SEC doesn't currently support AES-GCM mode" 4011 4171 4012 #elif defined(WOLFSSL_NRF51_AES)4013 #error "nRF51 doesn't currently support AES-GCM mode"4014 4015 4172 #endif 4016 4173 … … 4037 4194 } 4038 4195 } 4039 #ifdef STM32_CRYPTO_AES_GCM4040 static WC_INLINE void DecrementGcmCounter(byte* inOutCtr)4041 {4042 int i;4043 4044 /* in network byte order so start at end and work back */4045 for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {4046 if (--inOutCtr[i] != 0xFF) /* we're done unless we underflow */4047 return;4048 }4049 }4050 #endif /* STM32_CRYPTO_AES_GCM */4051 4196 #endif /* !FREESCALE_LTC_AES_GCM */ 4052 4197 4053 #if defined(GCM_SMALL) || defined(GCM_TABLE) 4198 #if defined(GCM_SMALL) || defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) 4054 4199 4055 4200 static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz) … … 4086 4231 } 4087 4232 4088 #endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */4233 #endif /* defined(GCM_SMALL) || defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) */ 4089 4234 4090 4235 … … 4111 4256 4112 4257 XMEMSET(m[0], 0, AES_BLOCK_SIZE); 4258 } 4259 4260 #elif defined(GCM_TABLE_4BIT) 4261 4262 static WC_INLINE void Shift4_M0(byte *r8, byte* z8) 4263 { 4264 int i; 4265 for (i = 15; i > 0; i--) 4266 r8[i] = (z8[i-1] << 4) | (z8[i] >> 4); 4267 r8[0] = z8[0] >> 4; 4268 } 4269 4270 static void GenerateM0(Aes* aes) 4271 { 4272 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) 4273 int i; 4274 #endif 4275 byte (*m)[AES_BLOCK_SIZE] = aes->M0; 4276 4277 /* 0 times -> 0x0 */ 4278 XMEMSET(m[0x0], 0, AES_BLOCK_SIZE); 4279 /* 1 times -> 0x8 */ 4280 XMEMCPY(m[0x8], aes->H, AES_BLOCK_SIZE); 4281 /* 2 times -> 0x4 */ 4282 XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE); 4283 RIGHTSHIFTX(m[0x4]); 4284 /* 4 times -> 0x2 */ 4285 XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE); 4286 RIGHTSHIFTX(m[0x2]); 4287 /* 8 times -> 0x1 */ 4288 XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE); 4289 RIGHTSHIFTX(m[0x1]); 4290 4291 /* 0x3 */ 4292 XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE); 4293 xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE); 4294 4295 /* 0x5 -> 0x7 */ 4296 XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE); 4297 xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE); 4298 XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE); 4299 xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE); 4300 XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE); 4301 xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE); 4302 4303 /* 0x9 -> 0xf */ 4304 XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE); 4305 xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE); 4306 XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE); 4307 xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE); 4308 XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE); 4309 xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE); 4310 XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE); 4311 xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE); 4312 XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE); 4313 xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE); 4314 XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE); 4315 xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE); 4316 XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE); 4317 xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE); 4318 4319 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) 4320 for (i = 0; i < 16; i++) { 4321 Shift4_M0(m[16+i], m[i]); 4322 } 4323 #endif 4113 4324 } 4114 4325 … … 4159 4370 if (ret == 0) { 4160 4371 wc_AesEncrypt(aes, iv, aes->H); 4161 #if def GCM_TABLE4372 #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) 4162 4373 GenerateM0(aes); 4163 4374 #endif /* GCM_TABLE */ … … 4180 4391 ForceZero(local, sizeof(local)); 4181 4392 #endif 4182 4183 4393 return ret; 4184 4394 } … … 4196 4406 void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, 4197 4407 const unsigned char* addt, const unsigned char* ivec, 4198 unsigned char *tag, unsigned intnbytes,4199 unsigned int abytes, unsigned intibytes,4200 unsigned inttbytes, const unsigned char* key, int nr)4408 unsigned char *tag, word32 nbytes, 4409 word32 abytes, word32 ibytes, 4410 word32 tbytes, const unsigned char* key, int nr) 4201 4411 XASM_LINK("AES_GCM_encrypt"); 4202 4412 #ifdef HAVE_INTEL_AVX1 4203 4413 void AES_GCM_encrypt_avx1(const unsigned char *in, unsigned char *out, 4204 4414 const unsigned char* addt, const unsigned char* ivec, 4205 unsigned char *tag, unsigned intnbytes,4206 unsigned int abytes, unsigned intibytes,4207 unsigned inttbytes, const unsigned char* key,4415 unsigned char *tag, word32 nbytes, 4416 word32 abytes, word32 ibytes, 4417 word32 tbytes, const unsigned char* key, 4208 4418 int nr) 4209 4419 XASM_LINK("AES_GCM_encrypt_avx1"); … … 4211 4421 void AES_GCM_encrypt_avx2(const unsigned char *in, unsigned char *out, 4212 4422 const unsigned char* addt, const unsigned char* ivec, 4213 unsigned char *tag, unsigned intnbytes,4214 unsigned int abytes, unsigned intibytes,4215 unsigned inttbytes, const unsigned char* key,4423 unsigned char *tag, word32 nbytes, 4424 word32 abytes, word32 ibytes, 4425 word32 tbytes, const unsigned char* key, 4216 4426 int nr) 4217 4427 XASM_LINK("AES_GCM_encrypt_avx2"); … … 4222 4432 void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, 4223 4433 const unsigned char* addt, const unsigned char* ivec, 4224 const unsigned char *tag, int nbytes, intabytes,4225 int ibytes, int tbytes, const unsigned char* key, int nr,4226 int * res)4434 const unsigned char *tag, word32 nbytes, word32 abytes, 4435 word32 ibytes, word32 tbytes, const unsigned char* key, 4436 int nr, int* res) 4227 4437 XASM_LINK("AES_GCM_decrypt"); 4228 4438 #ifdef HAVE_INTEL_AVX1 4229 4439 void AES_GCM_decrypt_avx1(const unsigned char *in, unsigned char *out, 4230 4440 const unsigned char* addt, const unsigned char* ivec, 4231 const unsigned char *tag, int nbytes, int abytes,4232 int ibytes, int tbytes, const unsigned char* key,4233 int nr, int* res)4441 const unsigned char *tag, word32 nbytes, 4442 word32 abytes, word32 ibytes, word32 tbytes, 4443 const unsigned char* key, int nr, int* res) 4234 4444 XASM_LINK("AES_GCM_decrypt_avx1"); 4235 4445 #ifdef HAVE_INTEL_AVX2 4236 4446 void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, 4237 4447 const unsigned char* addt, const unsigned char* ivec, 4238 const unsigned char *tag, int nbytes, int abytes,4239 int ibytes, int tbytes, const unsigned char* key,4240 int nr, int* res)4448 const unsigned char *tag, word32 nbytes, 4449 word32 abytes, word32 ibytes, word32 tbytes, 4450 const unsigned char* key, int nr, int* res) 4241 4451 XASM_LINK("AES_GCM_decrypt_avx2"); 4242 4452 #endif /* HAVE_INTEL_AVX2 */ … … 4585 4795 4586 4796 4587 static void AES_GCM_encrypt(const unsigned char *in, 4588 unsigned char *out, 4589 const unsigned char* addt, 4590 const unsigned char* ivec, 4591 unsigned char *tag, unsigned int nbytes, 4592 unsigned int abytes, unsigned int ibytes, 4593 unsigned int tbytes, 4594 const unsigned char* key, int nr) 4797 static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, 4798 const unsigned char* addt, 4799 const unsigned char* ivec, unsigned char *tag, 4800 word32 nbytes, word32 abytes, word32 ibytes, 4801 wrd32 tbytes, const unsigned char* key, int nr) 4595 4802 { 4596 4803 int i, j ,k; … … 5013 5220 X = gfmul_shifted(X, H); 5014 5221 } 5015 tmp1 = _mm_insert_epi64(tmp1, nbytes*8, 0);5016 tmp1 = _mm_insert_epi64(tmp1, abytes*8, 1);5222 tmp1 = _mm_insert_epi64(tmp1, ((word64)nbytes)*8, 0); 5223 tmp1 = _mm_insert_epi64(tmp1, ((word64)abytes)*8, 1); 5017 5224 X = _mm_xor_si128(X, tmp1); 5018 5225 X = gfmul_shifted(X, H); … … 5021 5228 /*_mm_storeu_si128((__m128i*)tag, T);*/ 5022 5229 XMEMCPY(tag, &T, tbytes); 5230 ForceZero(&lastKey, sizeof(lastKey)); 5023 5231 } 5024 5232 5025 5233 #ifdef HAVE_AES_DECRYPT 5026 5234 5027 static void AES_GCM_decrypt(const unsigned char *in, 5028 unsigned char *out, 5029 const unsigned char* addt, 5030 const unsigned char* ivec, 5031 const unsigned char *tag, int nbytes, int abytes, 5032 int ibytes, word32 tbytes, const unsigned char* key, 5033 int nr, int* res) 5235 static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, 5236 const unsigned char* addt, 5237 const unsigned char* ivec, const unsigned char *tag, 5238 word32 nbytes, word32 abytes, word32 ibytes, 5239 word32 tbytes, const unsigned char* key, int nr, 5240 int* res) 5034 5241 { 5035 5242 int i, j ,k; … … 5337 5544 } 5338 5545 5339 tmp1 = _mm_insert_epi64(tmp1, nbytes*8, 0);5340 tmp1 = _mm_insert_epi64(tmp1, abytes*8, 1);5546 tmp1 = _mm_insert_epi64(tmp1, ((word64)nbytes)*8, 0); 5547 tmp1 = _mm_insert_epi64(tmp1, ((word64)abytes)*8, 1); 5341 5548 /* 128 x 128 Carryless Multiply */ 5342 5549 X = _mm_xor_si128(X, tmp1); … … 5351 5558 else 5352 5559 *res = 1; /* when successful returns 1 */ 5560 ForceZero(&lastKey, sizeof(lastKey)); 5353 5561 } 5354 5562 … … 5510 5718 static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE]) 5511 5719 { 5720 #if !defined(WORD64_AVAILABLE) || defined(BIG_ENDIAN_ORDER) 5512 5721 int i, j; 5513 5722 byte Z[AES_BLOCK_SIZE]; … … 5524 5733 } 5525 5734 5526 Z[0] = R[a][0];5735 Z[0] = R[a][0]; 5527 5736 Z[1] ^= R[a][1]; 5528 5737 } … … 5530 5739 5531 5740 XMEMCPY(x, Z, AES_BLOCK_SIZE); 5532 } 5533 5741 #else 5742 byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE]; 5743 byte a; 5744 word64* pZ; 5745 word64* pm; 5746 word64* px = (word64*)(x); 5747 int i; 5748 5749 pZ = (word64*)(Z + 15 + 1); 5750 pm = (word64*)(m[x[15]]); 5751 pZ[0] = pm[0]; 5752 pZ[1] = pm[1]; 5753 a = Z[16 + 15]; 5754 Z[15] = R[a][0]; 5755 Z[16] ^= R[a][1]; 5756 for (i = 14; i > 0; i--) { 5757 pZ = (word64*)(Z + i + 1); 5758 pm = (word64*)(m[x[i]]); 5759 pZ[0] ^= pm[0]; 5760 pZ[1] ^= pm[1]; 5761 a = Z[16 + i]; 5762 Z[i] = R[a][0]; 5763 Z[i+1] ^= R[a][1]; 5764 } 5765 pZ = (word64*)(Z + 1); 5766 pm = (word64*)(m[x[0]]); 5767 px[0] = pZ[0] ^ pm[0]; px[1] = pZ[1] ^ pm[1]; 5768 #endif 5769 } 5534 5770 5535 5771 void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, … … 5587 5823 5588 5824 /* end GCM_TABLE */ 5825 #elif defined(GCM_TABLE_4BIT) 5826 5827 /* remainder = x^7 + x^2 + x^1 + 1 => 0xe1 5828 * R shifts right a reverse bit pair of bytes such that: 5829 * R(b0, b1) => b1 = (b1 >> 1) | (b0 << 7); b0 >>= 1 5830 * 0 => 0, 0, 0, 0 => R(R(R(00,00) ^ 00,00) ^ 00,00) ^ 00,00 = 00,00 5831 * 8 => 0, 0, 0, 1 => R(R(R(00,00) ^ 00,00) ^ 00,00) ^ e1,00 = e1,00 5832 * 4 => 0, 0, 1, 0 => R(R(R(00,00) ^ 00,00) ^ e1,00) ^ 00,00 = 70,80 5833 * 2 => 0, 1, 0, 0 => R(R(R(00,00) ^ e1,00) ^ 00,00) ^ 00,00 = 38,40 5834 * 1 => 1, 0, 0, 0 => R(R(R(e1,00) ^ 00,00) ^ 00,00) ^ 00,00 = 1c,20 5835 * To calculate te rest, XOR result for each bit. 5836 * e.g. 6 = 4 ^ 2 => 48,c0 5837 * 5838 * Second half is same values rotated by 4-bits. 5839 */ 5840 #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) 5841 static const byte R[16][2] = { 5842 {0x00, 0x00}, {0x1c, 0x20}, {0x38, 0x40}, {0x24, 0x60}, 5843 {0x70, 0x80}, {0x6c, 0xa0}, {0x48, 0xc0}, {0x54, 0xe0}, 5844 {0xe1, 0x00}, {0xfd, 0x20}, {0xd9, 0x40}, {0xc5, 0x60}, 5845 {0x91, 0x80}, {0x8d, 0xa0}, {0xa9, 0xc0}, {0xb5, 0xe0}, 5846 }; 5847 #else 5848 static const word16 R[32] = { 5849 0x0000, 0x201c, 0x4038, 0x6024, 5850 0x8070, 0xa06c, 0xc048, 0xe054, 5851 0x00e1, 0x20fd, 0x40d9, 0x60c5, 5852 0x8091, 0xa08d, 0xc0a9, 0xe0b5, 5853 5854 0x0000, 0xc201, 0x8403, 0x4602, 5855 0x0807, 0xca06, 0x8c04, 0x4e05, 5856 0x100e, 0xd20f, 0x940d, 0x560c, 5857 0x1809, 0xda08, 0x9c0a, 0x5e0b, 5858 }; 5859 #endif 5860 5861 /* Multiply in GF(2^128) defined by polynomial: 5862 * x^128 + x^7 + x^2 + x^1 + 1. 5863 * 5864 * H: hash key = encrypt(key, 0) 5865 * x = x * H in field 5866 * 5867 * x: cumlative result 5868 * m: 4-bit table 5869 * [0..15] * H 5870 */ 5871 #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) 5872 static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE]) 5873 { 5874 int i, j, n; 5875 byte Z[AES_BLOCK_SIZE]; 5876 byte a; 5877 5878 XMEMSET(Z, 0, sizeof(Z)); 5879 5880 for (i = 15; i >= 0; i--) { 5881 for (n = 0; n < 2; n++) { 5882 if (n == 0) 5883 xorbuf(Z, m[x[i] & 0xf], AES_BLOCK_SIZE); 5884 else { 5885 xorbuf(Z, m[x[i] >> 4], AES_BLOCK_SIZE); 5886 if (i == 0) 5887 break; 5888 } 5889 a = Z[15] & 0xf; 5890 5891 for (j = 15; j > 0; j--) 5892 Z[j] = (Z[j-1] << 4) | (Z[j] >> 4); 5893 Z[0] >>= 4; 5894 5895 Z[0] ^= R[a][0]; 5896 Z[1] ^= R[a][1]; 5897 } 5898 } 5899 5900 XMEMCPY(x, Z, AES_BLOCK_SIZE); 5901 } 5902 #elif defined(WC_32BIT_CPU) 5903 static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) 5904 { 5905 int i; 5906 word32 z8[4] = {0, 0, 0, 0}; 5907 byte a; 5908 word32* x8 = (word32*)x; 5909 word32* m8; 5910 byte xi; 5911 word32 n7, n6, n5, n4, n3, n2, n1, n0; 5912 5913 for (i = 15; i > 0; i--) { 5914 xi = x[i]; 5915 5916 /* XOR in (msn * H) */ 5917 m8 = (word32*)m[xi & 0xf]; 5918 z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; 5919 5920 /* Cache top byte for remainder calculations - lost in rotate. */ 5921 a = z8[3] >> 24; 5922 5923 /* Rotate Z by 8-bits */ 5924 z8[3] = (z8[2] >> 24) | (z8[3] << 8); 5925 z8[2] = (z8[1] >> 24) | (z8[2] << 8); 5926 z8[1] = (z8[0] >> 24) | (z8[1] << 8); 5927 z8[0] <<= 8; 5928 5929 /* XOR in (msn * remainder) [pre-rotated by 4 bits] */ 5930 z8[0] ^= (word32)R[16 + (a & 0xf)]; 5931 5932 xi >>= 4; 5933 /* XOR in next significant nibble (XORed with H) * remainder */ 5934 m8 = (word32*)m[xi]; 5935 a ^= (byte)(m8[3] >> 20); 5936 z8[0] ^= (word32)R[a >> 4]; 5937 5938 /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */ 5939 m8 = (word32*)m[16 + xi]; 5940 z8[0] ^= m8[0]; z8[1] ^= m8[1]; 5941 z8[2] ^= m8[2]; z8[3] ^= m8[3]; 5942 } 5943 5944 xi = x[0]; 5945 5946 /* XOR in most significant nibble * H */ 5947 m8 = (word32*)m[xi & 0xf]; 5948 z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; 5949 5950 /* Cache top byte for remainder calculations - lost in rotate. */ 5951 a = (z8[3] >> 24) & 0xf; 5952 5953 /* Rotate z by 4-bits */ 5954 n7 = z8[3] & 0xf0f0f0f0ULL; 5955 n6 = z8[3] & 0x0f0f0f0fULL; 5956 n5 = z8[2] & 0xf0f0f0f0ULL; 5957 n4 = z8[2] & 0x0f0f0f0fULL; 5958 n3 = z8[1] & 0xf0f0f0f0ULL; 5959 n2 = z8[1] & 0x0f0f0f0fULL; 5960 n1 = z8[0] & 0xf0f0f0f0ULL; 5961 n0 = z8[0] & 0x0f0f0f0fULL; 5962 z8[3] = (n7 >> 4) | (n6 << 12) | (n4 >> 20); 5963 z8[2] = (n5 >> 4) | (n4 << 12) | (n2 >> 20); 5964 z8[1] = (n3 >> 4) | (n2 << 12) | (n0 >> 20); 5965 z8[0] = (n1 >> 4) | (n0 << 12); 5966 5967 /* XOR in most significant nibble * remainder */ 5968 z8[0] ^= (word32)R[a]; 5969 /* XOR in next significant nibble * H */ 5970 m8 = (word32*)m[xi >> 4]; 5971 z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; 5972 5973 /* Write back result. */ 5974 x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3]; 5975 } 5976 #else 5977 static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) 5978 { 5979 int i; 5980 word64 z8[2] = {0, 0}; 5981 byte a; 5982 word64* x8 = (word64*)x; 5983 word64* m8; 5984 word64 n0, n1, n2, n3; 5985 byte xi; 5986 5987 for (i = 15; i > 0; i--) { 5988 xi = x[i]; 5989 5990 /* XOR in (msn * H) */ 5991 m8 = (word64*)m[xi & 0xf]; 5992 z8[0] ^= m8[0]; 5993 z8[1] ^= m8[1]; 5994 5995 /* Cache top byte for remainder calculations - lost in rotate. */ 5996 a = z8[1] >> 56; 5997 5998 /* Rotate Z by 8-bits */ 5999 z8[1] = (z8[0] >> 56) | (z8[1] << 8); 6000 z8[0] <<= 8; 6001 6002 /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */ 6003 m8 = (word64*)m[16 + (xi >> 4)]; 6004 z8[0] ^= m8[0]; 6005 z8[1] ^= m8[1]; 6006 6007 /* XOR in (msn * remainder) [pre-rotated by 4 bits] */ 6008 z8[0] ^= (word64)R[16 + (a & 0xf)]; 6009 /* XOR in next significant nibble (XORed with H) * remainder */ 6010 m8 = (word64*)m[xi >> 4]; 6011 a ^= (byte)(m8[1] >> 52); 6012 z8[0] ^= (word64)R[a >> 4]; 6013 } 6014 6015 xi = x[0]; 6016 6017 /* XOR in most significant nibble * H */ 6018 m8 = (word64*)m[xi & 0xf]; 6019 z8[0] ^= m8[0]; 6020 z8[1] ^= m8[1]; 6021 6022 /* Cache top byte for remainder calculations - lost in rotate. */ 6023 a = (z8[1] >> 56) & 0xf; 6024 6025 /* Rotate z by 4-bits */ 6026 n3 = z8[1] & 0xf0f0f0f0f0f0f0f0ULL; 6027 n2 = z8[1] & 0x0f0f0f0f0f0f0f0fULL; 6028 n1 = z8[0] & 0xf0f0f0f0f0f0f0f0ULL; 6029 n0 = z8[0] & 0x0f0f0f0f0f0f0f0fULL; 6030 z8[1] = (n3 >> 4) | (n2 << 12) | (n0 >> 52); 6031 z8[0] = (n1 >> 4) | (n0 << 12); 6032 6033 /* XOR in next significant nibble * H */ 6034 m8 = (word64*)m[xi >> 4]; 6035 z8[0] ^= m8[0]; 6036 z8[1] ^= m8[1]; 6037 /* XOR in most significant nibble * remainder */ 6038 z8[0] ^= (word64)R[a]; 6039 6040 /* Write back result. */ 6041 x8[0] = z8[0]; 6042 x8[1] = z8[1]; 6043 } 6044 #endif 6045 6046 void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, 6047 word32 cSz, byte* s, word32 sSz) 6048 { 6049 byte x[AES_BLOCK_SIZE]; 6050 byte scratch[AES_BLOCK_SIZE]; 6051 word32 blocks, partial; 6052 6053 XMEMSET(x, 0, AES_BLOCK_SIZE); 6054 6055 /* Hash in A, the Additional Authentication Data */ 6056 if (aSz != 0 && a != NULL) { 6057 blocks = aSz / AES_BLOCK_SIZE; 6058 partial = aSz % AES_BLOCK_SIZE; 6059 while (blocks--) { 6060 xorbuf(x, a, AES_BLOCK_SIZE); 6061 GMULT(x, aes->M0); 6062 a += AES_BLOCK_SIZE; 6063 } 6064 if (partial != 0) { 6065 XMEMSET(scratch, 0, AES_BLOCK_SIZE); 6066 XMEMCPY(scratch, a, partial); 6067 xorbuf(x, scratch, AES_BLOCK_SIZE); 6068 GMULT(x, aes->M0); 6069 } 6070 } 6071 6072 /* Hash in C, the Ciphertext */ 6073 if (cSz != 0 && c != NULL) { 6074 blocks = cSz / AES_BLOCK_SIZE; 6075 partial = cSz % AES_BLOCK_SIZE; 6076 while (blocks--) { 6077 xorbuf(x, c, AES_BLOCK_SIZE); 6078 GMULT(x, aes->M0); 6079 c += AES_BLOCK_SIZE; 6080 } 6081 if (partial != 0) { 6082 XMEMSET(scratch, 0, AES_BLOCK_SIZE); 6083 XMEMCPY(scratch, c, partial); 6084 xorbuf(x, scratch, AES_BLOCK_SIZE); 6085 GMULT(x, aes->M0); 6086 } 6087 } 6088 6089 /* Hash in the lengths of A and C in bits */ 6090 FlattenSzInBits(&scratch[0], aSz); 6091 FlattenSzInBits(&scratch[8], cSz); 6092 xorbuf(x, scratch, AES_BLOCK_SIZE); 6093 GMULT(x, aes->M0); 6094 6095 /* Copy the result into s. */ 6096 XMEMCPY(s, x, sSz); 6097 } 6098 5589 6099 #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) 5590 6100 … … 5595 6105 word64 V[2]; 5596 6106 int i, j; 6107 #ifdef AES_GCM_GMULT_CT 6108 word64 v1; 6109 #endif 5597 6110 V[0] = X[0]; V[1] = X[1]; 5598 6111 … … 5602 6115 for (j = 0; j < 64; j++) 5603 6116 { 6117 #ifdef AES_GCM_GMULT_CT 6118 word64 mask = 0 - (y >> 63); 6119 Z[0] ^= V[0] & mask; 6120 Z[1] ^= V[1] & mask; 6121 #else 5604 6122 if (y & 0x8000000000000000ULL) { 5605 6123 Z[0] ^= V[0]; 5606 6124 Z[1] ^= V[1]; 5607 6125 } 5608 6126 #endif 6127 6128 #ifdef AES_GCM_GMULT_CT 6129 v1 = (0 - (V[1] & 1)) & 0xE100000000000000ULL; 6130 V[1] >>= 1; 6131 V[1] |= V[0] << 63; 6132 V[0] >>= 1; 6133 V[0] ^= v1; 6134 #else 5609 6135 if (V[1] & 0x0000000000000001) { 5610 6136 V[1] >>= 1; … … 5620 6146 V[0] >>= 1; 5621 6147 } 6148 #endif 5622 6149 y <<= 1; 5623 6150 } … … 5905 6432 return status; 5906 6433 6434 status = wolfSSL_CryptHwMutexLock(); 6435 if (status != 0) 6436 return status; 6437 5907 6438 status = LTC_AES_EncryptTagGcm(LTC_BASE, in, out, sz, iv, ivSz, 5908 6439 authIn, authInSz, (byte*)aes->key, keySize, authTag, authTagSz); 6440 wolfSSL_CryptHwMutexUnLock(); 5909 6441 5910 6442 return (status == kStatus_Success) ? 0 : AES_GCM_AUTH_E; … … 5916 6448 5917 6449 /* this function supports inline encrypt */ 6450 /* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround 6451 for handling partial packets to improve auth tag calculation performance by 6452 using hardware */ 5918 6453 static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz, 5919 6454 const byte* iv, word32 ivSz, … … 5928 6463 #endif 5929 6464 word32 keySize; 6465 #ifdef WOLFSSL_STM32_CUBEMX 5930 6466 int status = HAL_OK; 5931 6467 word32 blocks = sz / AES_BLOCK_SIZE; 6468 word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; 6469 #else 6470 int status = SUCCESS; 6471 #endif 5932 6472 word32 partial = sz % AES_BLOCK_SIZE; 5933 byte tag[AES_BLOCK_SIZE]; 5934 byte partialBlock[AES_BLOCK_SIZE]; 5935 byte ctr[AES_BLOCK_SIZE]; 6473 word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; 6474 word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)]; 6475 word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; 6476 word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; 5936 6477 byte* authInPadded = NULL; 5937 int authPadSz ;6478 int authPadSz, wasAlloc = 0, useSwGhash = 0; 5938 6479 5939 6480 ret = wc_AesGetKeySize(aes, &keySize); … … 5947 6488 #endif 5948 6489 5949 ret = wolfSSL_CryptHwMutexLock();5950 if (ret != 0) {5951 return ret;5952 }5953 5954 6490 XMEMSET(ctr, 0, AES_BLOCK_SIZE); 5955 6491 if (ivSz == GCM_NONCE_MID_SZ) { 6492 byte* pCtr = (byte*)ctr; 5956 6493 XMEMCPY(ctr, iv, ivSz); 5957 ctr[AES_BLOCK_SIZE - 1] = 1;6494 pCtr[AES_BLOCK_SIZE - 1] = 1; 5958 6495 } 5959 6496 else { 5960 GHASH(aes, NULL, 0, iv, ivSz, ctr, AES_BLOCK_SIZE); 5961 } 5962 /* Hardware requires counter + 1 */ 5963 IncrementGcmCounter(ctr); 5964 5965 if (authInSz == 0 || (authInSz % AES_BLOCK_SIZE) != 0) { 5966 /* Need to pad the AAD to a full block with zeros. */ 5967 authPadSz = ((authInSz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; 5968 authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, 5969 DYNAMIC_TYPE_TMP_BUFFER); 5970 if (authInPadded == NULL) { 5971 wolfSSL_CryptHwMutexUnLock(); 5972 return MEMORY_E; 6497 GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); 6498 } 6499 XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */ 6500 6501 /* Authentication buffer - must be 4-byte multiple zero padded */ 6502 authPadSz = authInSz % sizeof(word32); 6503 if (authPadSz != 0) { 6504 authPadSz = authInSz + sizeof(word32) - authPadSz; 6505 if (authPadSz <= sizeof(authhdr)) { 6506 authInPadded = (byte*)authhdr; 6507 } 6508 else { 6509 authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, 6510 DYNAMIC_TYPE_TMP_BUFFER); 6511 if (authInPadded == NULL) { 6512 wolfSSL_CryptHwMutexUnLock(); 6513 return MEMORY_E; 6514 } 6515 wasAlloc = 1; 5973 6516 } 5974 6517 XMEMSET(authInPadded, 0, authPadSz); … … 5979 6522 } 5980 6523 6524 /* for cases where hardware cannot be used for authTag calculate it */ 6525 /* if IV is not 12 calculate GHASH using software */ 6526 if (ivSz != GCM_NONCE_MID_SZ 6527 #ifndef STM32_AESGCM_PARTIAL 6528 /* or authIn is not a multiple of 4 */ 6529 || authPadSz != authInSz || sz == 0 || partial != 0 6530 #endif 6531 ) { 6532 useSwGhash = 1; 6533 } 6534 6535 /* Hardware requires counter + 1 */ 6536 IncrementGcmCounter((byte*)ctr); 6537 6538 ret = wolfSSL_CryptHwMutexLock(); 6539 if (ret != 0) { 6540 return ret; 6541 } 5981 6542 #ifdef WOLFSSL_STM32_CUBEMX 5982 6543 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; 5983 6544 hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; 5984 hcryp.Init.HeaderSize = authInSz; 5985 5986 #ifdef STM32_CRYPTO_AES_ONLY 6545 6546 #if defined(STM32_HAL_V2) 6547 hcryp.Init.Algorithm = CRYP_AES_GCM; 6548 hcryp.Init.HeaderSize = authPadSz/sizeof(word32); 6549 #ifdef STM32_AESGCM_PARTIAL 6550 hcryp.Init.HeaderPadSize = authPadSz - authInSz; 6551 #endif 6552 ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); 6553 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; 6554 HAL_CRYP_Init(&hcryp); 6555 6556 /* GCM payload phase - can handle partial blocks */ 6557 status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, 6558 (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); 6559 if (status == HAL_OK && !useSwGhash) { 6560 /* Compute the authTag */ 6561 status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, 6562 STM32_HAL_TIMEOUT); 6563 } 6564 #elif defined(STM32_CRYPTO_AES_ONLY) 5987 6565 /* Set the CRYP parameters */ 6566 hcryp.Init.HeaderSize = authPadSz; 6567 if (authPadSz == 0) 6568 hcryp.Init.Header = NULL; /* cannot pass pointer here when authIn == 0 */ 5988 6569 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; 5989 6570 hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; … … 5995 6576 if (status == HAL_OK) { 5996 6577 /* GCM header phase */ 5997 hcryp.Init.GCMCMACPhase 6578 hcryp.Init.GCMCMACPhase = CRYP_HEADER_PHASE; 5998 6579 status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, 0, NULL, STM32_HAL_TIMEOUT); 5999 6580 } 6000 6581 if (status == HAL_OK) { 6001 6582 /* GCM payload phase - blocks */ 6002 hcryp.Init.GCMCMACPhase 6583 hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE; 6003 6584 if (blocks) { 6004 6585 status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in, … … 6006 6587 } 6007 6588 } 6008 if (status == HAL_OK && (partial != 0 || blocks == 0)) {6589 if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { 6009 6590 /* GCM payload phase - partial remainder */ 6010 6591 XMEMSET(partialBlock, 0, sizeof(partialBlock)); 6011 6592 XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); 6012 status = HAL_CRYPEx_AES_Auth(&hcryp, partialBlock, partial,6013 partialBlock, STM32_HAL_TIMEOUT);6593 status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, 6594 (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); 6014 6595 XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); 6015 6596 } 6016 if (status == HAL_OK ) {6597 if (status == HAL_OK && !useSwGhash) { 6017 6598 /* GCM final phase */ 6018 6599 hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; 6019 status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); 6020 } 6021 #elif defined(STM32_HAL_V2) 6022 hcryp.Init.Algorithm = CRYP_AES_GCM; 6023 ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); 6024 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; 6025 HAL_CRYP_Init(&hcryp); 6026 6027 /* GCM payload phase - can handle partial blocks */ 6028 status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, 6029 (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); 6030 if (status == HAL_OK) { 6031 /* Compute the authTag */ 6032 status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, 6033 STM32_HAL_TIMEOUT); 6600 status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); 6034 6601 } 6035 6602 #else 6603 hcryp.Init.HeaderSize = authPadSz; 6036 6604 HAL_CRYP_Init(&hcryp); 6037 6605 if (blocks) { … … 6044 6612 XMEMSET(partialBlock, 0, sizeof(partialBlock)); 6045 6613 XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); 6046 status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, partialBlock, partial,6047 partialBlock, STM32_HAL_TIMEOUT);6614 status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial, 6615 (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); 6048 6616 XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); 6049 6617 } 6050 if (status == HAL_OK ) {6618 if (status == HAL_OK && !useSwGhash) { 6051 6619 /* Compute the authTag */ 6052 status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, tag, STM32_HAL_TIMEOUT);6620 status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); 6053 6621 } 6054 6622 #endif … … 6058 6626 HAL_CRYP_DeInit(&hcryp); 6059 6627 6060 #else /* S TD_PERI_LIB*/6628 #else /* Standard Peripheral Library */ 6061 6629 ByteReverseWords(keyCopy, (word32*)aes->key, keySize); 6062 6630 status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)ctr, … … 6064 6632 (uint8_t*)in, sz, 6065 6633 (uint8_t*)authInPadded, authInSz, 6066 (uint8_t*)out, tag);6634 (uint8_t*)out, (uint8_t*)tag); 6067 6635 if (status != SUCCESS) 6068 6636 ret = AES_GCM_AUTH_E; 6069 6637 #endif /* WOLFSSL_STM32_CUBEMX */ 6638 wolfSSL_CryptHwMutexUnLock(); 6070 6639 6071 6640 if (ret == 0) { 6072 6641 /* return authTag */ 6073 6642 if (authTag) { 6074 /* STM32 GCM won't compute Auth correctly for partial or 6075 when IV != 12, so use software here */ 6076 if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { 6077 DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ 6643 if (useSwGhash) { 6078 6644 GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); 6079 wc_AesEncrypt(aes, ctr,tag);6645 wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)tag); 6080 6646 xorbuf(authTag, tag, authTagSz); 6081 6647 } 6082 6648 else { 6649 /* use hardware calculated tag */ 6083 6650 XMEMCPY(authTag, tag, authTagSz); 6084 6651 } … … 6086 6653 } 6087 6654 6088 /* Free memory if not a multiple of AES_BLOCK_SZ*/6089 if ( authInPadded != authIn) {6655 /* Free memory */ 6656 if (wasAlloc) { 6090 6657 XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); 6091 6658 } 6092 6093 wolfSSL_CryptHwMutexUnLock();6094 6659 6095 6660 return ret; … … 6116 6681 const byte* p = in; 6117 6682 byte* c = out; 6118 byte counter[AES_BLOCK_SIZE]; 6119 byte initialCounter[AES_BLOCK_SIZE]; 6120 byte *ctr; 6121 byte scratch[AES_BLOCK_SIZE]; 6683 ALIGN32 byte counter[AES_BLOCK_SIZE]; 6684 ALIGN32 byte initialCounter[AES_BLOCK_SIZE]; 6685 ALIGN32 byte scratch[AES_BLOCK_SIZE]; 6686 6687 if (ivSz == GCM_NONCE_MID_SZ) { 6688 /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ 6689 XMEMCPY(counter, iv, ivSz); 6690 XMEMSET(counter + GCM_NONCE_MID_SZ, 0, 6691 AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); 6692 counter[AES_BLOCK_SIZE - 1] = 1; 6693 } 6694 else { 6695 /* Counter is GHASH of IV. */ 6122 6696 #ifdef OPENSSL_EXTRA 6123 word32 aadTemp; 6124 #endif 6125 ctr = counter; 6126 XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); 6127 XMEMSET(scratch, 0, AES_BLOCK_SIZE); 6128 if (ivSz == GCM_NONCE_MID_SZ) { 6129 XMEMCPY(initialCounter, iv, ivSz); 6130 initialCounter[AES_BLOCK_SIZE - 1] = 1; 6131 } 6132 else { 6133 #ifdef OPENSSL_EXTRA 6134 aadTemp = aes->aadLen; 6697 word32 aadTemp = aes->aadLen; 6135 6698 aes->aadLen = 0; 6136 6699 #endif 6137 GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);6700 GHASH(aes, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); 6138 6701 #ifdef OPENSSL_EXTRA 6139 6702 aes->aadLen = aadTemp; 6140 6703 #endif 6141 6704 } 6142 XMEMCPY( ctr, initialCounter, AES_BLOCK_SIZE);6705 XMEMCPY(initialCounter, counter, AES_BLOCK_SIZE); 6143 6706 6144 6707 #ifdef WOLFSSL_PIC32MZ_CRYPT 6145 6708 if (blocks) { 6146 6709 /* use initial IV for HW, but don't use it below */ 6147 XMEMCPY(aes->reg, c tr, AES_BLOCK_SIZE);6710 XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE); 6148 6711 6149 6712 ret = wc_Pic32AesCrypt( … … 6162 6725 if (c != p && blocks > 0) { /* can not handle inline encryption */ 6163 6726 while (blocks--) { 6164 IncrementGcmCounter(c tr);6165 XMEMCPY(c, c tr, AES_BLOCK_SIZE);6727 IncrementGcmCounter(counter); 6728 XMEMCPY(c, counter, AES_BLOCK_SIZE); 6166 6729 c += AES_BLOCK_SIZE; 6167 6730 } … … 6175 6738 else 6176 6739 #endif /* HAVE_AES_ECB && !WOLFSSL_PIC32MZ_CRYPT */ 6177 6178 while (blocks--) {6179 IncrementGcmCounter(ctr);6180 #if !defined(WOLFSSL_PIC32MZ_CRYPT)6181 wc_AesEncrypt(aes, ctr, scratch);6182 xorbuf(scratch, p, AES_BLOCK_SIZE);6183 XMEMCPY(c, scratch, AES_BLOCK_SIZE);6184 #endif6185 p+= AES_BLOCK_SIZE;6186 c += AES_BLOCK_SIZE;6740 { 6741 while (blocks--) { 6742 IncrementGcmCounter(counter); 6743 #if !defined(WOLFSSL_PIC32MZ_CRYPT) 6744 wc_AesEncrypt(aes, counter, scratch); 6745 xorbufout(c, scratch, p, AES_BLOCK_SIZE); 6746 #endif 6747 p += AES_BLOCK_SIZE; 6748 c += AES_BLOCK_SIZE; 6749 } 6187 6750 } 6188 6751 6189 6752 if (partial != 0) { 6190 IncrementGcmCounter(ctr); 6191 wc_AesEncrypt(aes, ctr, scratch); 6192 xorbuf(scratch, p, partial); 6193 XMEMCPY(c, scratch, partial); 6753 IncrementGcmCounter(counter); 6754 wc_AesEncrypt(aes, counter, scratch); 6755 xorbufout(c, scratch, p, partial); 6194 6756 } 6195 6757 if (authTag) { … … 6269 6831 #endif /* WOLFSSL_ASYNC_CRYPT */ 6270 6832 6833 #ifdef WOLFSSL_SILABS_SE_ACCEL 6834 return wc_AesGcmEncrypt_silabs( 6835 aes, out, in, sz, 6836 iv, ivSz, 6837 authTag, authTagSz, 6838 authIn, authInSz); 6839 #endif 6840 6271 6841 #ifdef STM32_CRYPTO_AES_GCM 6272 /* The STM standard peripheral library API's doesn't support partial blocks */ 6273 #ifdef STD_PERI_LIB 6274 if (partial == 0) 6275 #endif 6276 { 6277 return wc_AesGcmEncrypt_STM32( 6278 aes, out, in, sz, iv, ivSz, 6279 authTag, authTagSz, authIn, authInSz); 6280 } 6842 return wc_AesGcmEncrypt_STM32( 6843 aes, out, in, sz, iv, ivSz, 6844 authTag, authTagSz, authIn, authInSz); 6281 6845 #endif /* STM32_CRYPTO_AES_GCM */ 6282 6846 … … 6284 6848 #ifdef HAVE_INTEL_AVX2 6285 6849 if (IS_INTEL_AVX2(intel_flags)) { 6850 SAVE_VECTOR_REGISTERS(); 6286 6851 AES_GCM_encrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz, 6287 6852 authTagSz, (const byte*)aes->key, aes->rounds); 6853 RESTORE_VECTOR_REGISTERS(); 6288 6854 return 0; 6289 6855 } … … 6292 6858 #ifdef HAVE_INTEL_AVX1 6293 6859 if (IS_INTEL_AVX1(intel_flags)) { 6860 SAVE_VECTOR_REGISTERS(); 6294 6861 AES_GCM_encrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz, 6295 6862 authTagSz, (const byte*)aes->key, aes->rounds); 6863 RESTORE_VECTOR_REGISTERS(); 6296 6864 return 0; 6297 6865 } … … 6341 6909 } 6342 6910 6911 status = wolfSSL_CryptHwMutexLock(); 6912 if (status != 0) 6913 return status; 6914 6343 6915 status = LTC_AES_DecryptTagGcm(LTC_BASE, in, out, sz, iv, ivSz, 6344 6916 authIn, authInSz, (byte*)aes->key, keySize, authTag, authTagSz); 6917 wolfSSL_CryptHwMutexUnLock(); 6345 6918 6346 6919 return (status == kStatus_Success) ? 0 : AES_GCM_AUTH_E; … … 6359 6932 int ret; 6360 6933 #ifdef WOLFSSL_STM32_CUBEMX 6934 int status = HAL_OK; 6361 6935 CRYP_HandleTypeDef hcryp; 6936 word32 blocks = sz / AES_BLOCK_SIZE; 6362 6937 #else 6938 int status = SUCCESS; 6363 6939 word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; 6364 6940 #endif 6365 6941 word32 keySize; 6366 int status = HAL_OK;6367 word32 blocks = sz / AES_BLOCK_SIZE;6368 6942 word32 partial = sz % AES_BLOCK_SIZE; 6369 byte tag[AES_BLOCK_SIZE]; 6370 byte partialBlock[AES_BLOCK_SIZE]; 6371 byte ctr[AES_BLOCK_SIZE]; 6943 word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; 6944 word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)]; 6945 word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; 6946 word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; 6947 word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; 6372 6948 byte* authInPadded = NULL; 6373 int authPadSz ;6949 int authPadSz, wasAlloc = 0, tagComputed = 0; 6374 6950 6375 6951 ret = wc_AesGetKeySize(aes, &keySize); … … 6383 6959 #endif 6384 6960 6961 XMEMSET(ctr, 0, AES_BLOCK_SIZE); 6962 if (ivSz == GCM_NONCE_MID_SZ) { 6963 byte* pCtr = (byte*)ctr; 6964 XMEMCPY(ctr, iv, ivSz); 6965 pCtr[AES_BLOCK_SIZE - 1] = 1; 6966 } 6967 else { 6968 GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); 6969 } 6970 6971 /* Make copy of expected authTag, which could get corrupted in some 6972 * Cube HAL versions without proper partial block support. 6973 * For TLS blocks the authTag is after the output buffer, so save it */ 6974 XMEMCPY(tagExpected, authTag, authTagSz); 6975 6976 /* Authentication buffer - must be 4-byte multiple zero padded */ 6977 authPadSz = authInSz % sizeof(word32); 6978 if (authPadSz != 0) { 6979 authPadSz = authInSz + sizeof(word32) - authPadSz; 6980 } 6981 else { 6982 authPadSz = authInSz; 6983 } 6984 6985 /* for cases where hardware cannot be used for authTag calculate it */ 6986 /* if IV is not 12 calculate GHASH using software */ 6987 if (ivSz != GCM_NONCE_MID_SZ || sz == 0 || partial != 0 6988 #ifndef STM32_AESGCM_PARTIAL 6989 /* or authIn is not a multiple of 4 */ 6990 || authPadSz != authInSz 6991 #endif 6992 ) { 6993 GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); 6994 wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock); 6995 xorbuf(tag, partialBlock, sizeof(tag)); 6996 tagComputed = 1; 6997 } 6998 6999 /* if using hardware for authentication tag make sure its aligned and zero padded */ 7000 if (authPadSz != authInSz && !tagComputed) { 7001 if (authPadSz <= sizeof(authhdr)) { 7002 authInPadded = (byte*)authhdr; 7003 } 7004 else { 7005 authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, 7006 DYNAMIC_TYPE_TMP_BUFFER); 7007 if (authInPadded == NULL) { 7008 wolfSSL_CryptHwMutexUnLock(); 7009 return MEMORY_E; 7010 } 7011 wasAlloc = 1; 7012 } 7013 XMEMSET(authInPadded, 0, authPadSz); 7014 XMEMCPY(authInPadded, authIn, authInSz); 7015 } else { 7016 authInPadded = (byte*)authIn; 7017 } 7018 7019 /* Hardware requires counter + 1 */ 7020 IncrementGcmCounter((byte*)ctr); 7021 6385 7022 ret = wolfSSL_CryptHwMutexLock(); 6386 7023 if (ret != 0) { 6387 7024 return ret; 6388 7025 } 6389 6390 XMEMSET(ctr, 0, AES_BLOCK_SIZE);6391 if (ivSz == GCM_NONCE_MID_SZ) {6392 XMEMCPY(ctr, iv, ivSz);6393 ctr[AES_BLOCK_SIZE - 1] = 1;6394 }6395 else {6396 GHASH(aes, NULL, 0, iv, ivSz, ctr, AES_BLOCK_SIZE);6397 }6398 /* Hardware requires counter + 1 */6399 IncrementGcmCounter(ctr);6400 6401 if (authInSz == 0 || (authInSz % AES_BLOCK_SIZE) != 0) {6402 /* Need to pad the AAD to a full block with zeros. */6403 authPadSz = ((authInSz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;6404 authInPadded = (byte*)XMALLOC(authPadSz, aes->heap,6405 DYNAMIC_TYPE_TMP_BUFFER);6406 if (authInPadded == NULL) {6407 wolfSSL_CryptHwMutexUnLock();6408 return MEMORY_E;6409 }6410 XMEMSET(authInPadded, 0, authPadSz);6411 XMEMCPY(authInPadded, authIn, authInSz);6412 } else {6413 authPadSz = authInSz;6414 authInPadded = (byte*)authIn;6415 }6416 6417 7026 #ifdef WOLFSSL_STM32_CUBEMX 6418 7027 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; 6419 7028 hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; 6420 hcryp.Init.HeaderSize = authInSz; 6421 6422 #ifdef STM32_CRYPTO_AES_ONLY 7029 7030 #if defined(STM32_HAL_V2) 7031 hcryp.Init.Algorithm = CRYP_AES_GCM; 7032 hcryp.Init.HeaderSize = authPadSz/sizeof(word32); 7033 #ifdef STM32_AESGCM_PARTIAL 7034 hcryp.Init.HeaderPadSize = authPadSz - authInSz; 7035 #endif 7036 ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); 7037 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; 7038 HAL_CRYP_Init(&hcryp); 7039 7040 /* GCM payload phase - can handle partial blocks */ 7041 status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, 7042 (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); 7043 if (status == HAL_OK && tagComputed == 0) { 7044 /* Compute the authTag */ 7045 status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, 7046 STM32_HAL_TIMEOUT); 7047 } 7048 #elif defined(STM32_CRYPTO_AES_ONLY) 6423 7049 /* Set the CRYP parameters */ 7050 hcryp.Init.HeaderSize = authPadSz; 7051 if (authPadSz == 0) 7052 hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ 6424 7053 hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; 6425 7054 hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; … … 6436 7065 if (status == HAL_OK) { 6437 7066 /* GCM payload phase - blocks */ 6438 hcryp.Init.GCMCMACPhase 7067 hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE; 6439 7068 if (blocks) { 6440 7069 status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in, … … 6442 7071 } 6443 7072 } 6444 if (status == HAL_OK && (partial != 0 || blocks == 0)) {7073 if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { 6445 7074 /* GCM payload phase - partial remainder */ 6446 7075 XMEMSET(partialBlock, 0, sizeof(partialBlock)); 6447 7076 XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); 6448 status = HAL_CRYPEx_AES_Auth(&hcryp, partialBlock, partial,6449 partialBlock, STM32_HAL_TIMEOUT);7077 status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial, 7078 (byte*)partialBlock, STM32_HAL_TIMEOUT); 6450 7079 XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); 6451 7080 } 6452 if (status == HAL_OK ) {7081 if (status == HAL_OK && tagComputed == 0) { 6453 7082 /* GCM final phase */ 6454 7083 hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; 6455 status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); 6456 } 6457 #elif defined(STM32_HAL_V2) 6458 hcryp.Init.Algorithm = CRYP_AES_GCM; 6459 ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); 6460 hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; 6461 HAL_CRYP_Init(&hcryp); 6462 6463 /* GCM payload phase - can handle partial blocks */ 6464 status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, 6465 (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); 6466 if (status == HAL_OK) { 6467 /* Compute the authTag */ 6468 status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, 6469 STM32_HAL_TIMEOUT); 7084 status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); 6470 7085 } 6471 7086 #else 7087 hcryp.Init.HeaderSize = authPadSz; 6472 7088 HAL_CRYP_Init(&hcryp); 6473 7089 if (blocks) { … … 6480 7096 XMEMSET(partialBlock, 0, sizeof(partialBlock)); 6481 7097 XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); 6482 status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, partialBlock, partial,6483 partialBlock, STM32_HAL_TIMEOUT);7098 status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)partialBlock, partial, 7099 (byte*)partialBlock, STM32_HAL_TIMEOUT); 6484 7100 XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); 6485 7101 } 6486 if (status == HAL_OK ) {7102 if (status == HAL_OK && tagComputed == 0) { 6487 7103 /* Compute the authTag */ 6488 status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, tag, STM32_HAL_TIMEOUT);7104 status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT); 6489 7105 } 6490 7106 #endif … … 6495 7111 HAL_CRYP_DeInit(&hcryp); 6496 7112 6497 #else /* S TD_PERI_LIB*/7113 #else /* Standard Peripheral Library */ 6498 7114 ByteReverseWords(keyCopy, (word32*)aes->key, aes->keylen); 6499 7115 … … 6501 7117 * they are not block aligned, because this length (in bits) is used 6502 7118 * in the final GHASH. */ 7119 XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */ 6503 7120 status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr, 6504 7121 (uint8_t*)keyCopy, keySize * 8, 6505 7122 (uint8_t*)in, sz, 6506 7123 (uint8_t*)authInPadded, authInSz, 6507 (uint8_t*)out, tag);7124 (uint8_t*)out, (uint8_t*)partialBlock); 6508 7125 if (status != SUCCESS) 6509 7126 ret = AES_GCM_AUTH_E; 7127 if (tagComputed == 0) 7128 XMEMCPY(tag, partialBlock, authTagSz); 6510 7129 #endif /* WOLFSSL_STM32_CUBEMX */ 6511 6512 /* STM32 GCM hardware only supports IV of 12 bytes, so use software for auth */ 6513 if (sz == 0 || ivSz != GCM_NONCE_MID_SZ) { 6514 DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ 6515 GHASH(aes, authIn, authInSz, in, sz, tag, sizeof(tag)); 6516 wc_AesEncrypt(aes, ctr, partialBlock); 6517 xorbuf(tag, partialBlock, sizeof(tag)); 6518 } 6519 6520 if (ConstantCompare(authTag, tag, authTagSz) != 0) { 7130 wolfSSL_CryptHwMutexUnLock(); 7131 7132 /* Check authentication tag */ 7133 if (ConstantCompare((const byte*)tagExpected, (byte*)tag, authTagSz) != 0) { 6521 7134 ret = AES_GCM_AUTH_E; 6522 7135 } 6523 7136 6524 /* Free memory if not a multiple of AES_BLOCK_SZ*/6525 if ( authInPadded != authIn) {7137 /* Free memory */ 7138 if (wasAlloc) { 6526 7139 XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); 6527 7140 } 6528 6529 wolfSSL_CryptHwMutexUnLock();6530 7141 6531 7142 return ret; … … 6552 7163 const byte* c = in; 6553 7164 byte* p = out; 6554 byte counter[AES_BLOCK_SIZE]; 6555 byte initialCounter[AES_BLOCK_SIZE]; 6556 byte *ctr; 6557 byte scratch[AES_BLOCK_SIZE]; 6558 byte Tprime[AES_BLOCK_SIZE]; 6559 byte EKY0[AES_BLOCK_SIZE]; 7165 ALIGN32 byte counter[AES_BLOCK_SIZE]; 7166 ALIGN32 byte scratch[AES_BLOCK_SIZE]; 7167 ALIGN32 byte Tprime[AES_BLOCK_SIZE]; 7168 ALIGN32 byte EKY0[AES_BLOCK_SIZE]; 7169 7170 if (ivSz == GCM_NONCE_MID_SZ) { 7171 /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ 7172 XMEMCPY(counter, iv, ivSz); 7173 XMEMSET(counter + GCM_NONCE_MID_SZ, 0, 7174 AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); 7175 counter[AES_BLOCK_SIZE - 1] = 1; 7176 } 7177 else { 7178 /* Counter is GHASH of IV. */ 6560 7179 #ifdef OPENSSL_EXTRA 6561 word32 aadTemp; 6562 #endif 6563 ctr = counter; 6564 XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); 6565 if (ivSz == GCM_NONCE_MID_SZ) { 6566 XMEMCPY(initialCounter, iv, ivSz); 6567 initialCounter[AES_BLOCK_SIZE - 1] = 1; 6568 } 6569 else { 6570 #ifdef OPENSSL_EXTRA 6571 aadTemp = aes->aadLen; 7180 word32 aadTemp = aes->aadLen; 6572 7181 aes->aadLen = 0; 6573 7182 #endif 6574 GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);7183 GHASH(aes, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); 6575 7184 #ifdef OPENSSL_EXTRA 6576 7185 aes->aadLen = aadTemp; 6577 7186 #endif 6578 7187 } 6579 XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE); 6580 6581 /* Calc the authTag again using the received auth data and the cipher text */ 7188 7189 /* Calc the authTag again using received auth data and the cipher text */ 6582 7190 GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime)); 6583 wc_AesEncrypt(aes, c tr, EKY0);7191 wc_AesEncrypt(aes, counter, EKY0); 6584 7192 xorbuf(Tprime, EKY0, sizeof(Tprime)); 6585 7193 … … 6598 7206 if (blocks) { 6599 7207 /* use initial IV for HW, but don't use it below */ 6600 XMEMCPY(aes->reg, c tr, AES_BLOCK_SIZE);7208 XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE); 6601 7209 6602 7210 ret = wc_Pic32AesCrypt( … … 6615 7223 if (c != p && blocks > 0) { /* can not handle inline decryption */ 6616 7224 while (blocks--) { 6617 IncrementGcmCounter(c tr);6618 XMEMCPY(p, c tr, AES_BLOCK_SIZE);7225 IncrementGcmCounter(counter); 7226 XMEMCPY(p, counter, AES_BLOCK_SIZE); 6619 7227 p += AES_BLOCK_SIZE; 6620 7228 } … … 6629 7237 else 6630 7238 #endif /* HAVE_AES_ECB && !PIC32MZ */ 6631 while (blocks--) { 6632 IncrementGcmCounter(ctr); 6633 #if !defined(WOLFSSL_PIC32MZ_CRYPT) 6634 wc_AesEncrypt(aes, ctr, scratch); 6635 xorbuf(scratch, c, AES_BLOCK_SIZE); 6636 XMEMCPY(p, scratch, AES_BLOCK_SIZE); 6637 #endif 6638 p += AES_BLOCK_SIZE; 6639 c += AES_BLOCK_SIZE; 7239 { 7240 while (blocks--) { 7241 IncrementGcmCounter(counter); 7242 #if !defined(WOLFSSL_PIC32MZ_CRYPT) 7243 wc_AesEncrypt(aes, counter, scratch); 7244 xorbufout(p, scratch, c, AES_BLOCK_SIZE); 7245 #endif 7246 p += AES_BLOCK_SIZE; 7247 c += AES_BLOCK_SIZE; 7248 } 6640 7249 } 6641 7250 6642 7251 if (partial != 0) { 6643 IncrementGcmCounter(c tr);6644 wc_AesEncrypt(aes, c tr, scratch);7252 IncrementGcmCounter(counter); 7253 wc_AesEncrypt(aes, counter, scratch); 6645 7254 xorbuf(scratch, c, partial); 6646 7255 XMEMCPY(p, scratch, partial); … … 6716 7325 #endif /* WOLFSSL_ASYNC_CRYPT */ 6717 7326 7327 #ifdef WOLFSSL_SILABS_SE_ACCEL 7328 return wc_AesGcmDecrypt_silabs( 7329 aes, out, in, sz, iv, ivSz, 7330 authTag, authTagSz, authIn, authInSz); 7331 7332 #endif 7333 6718 7334 #ifdef STM32_CRYPTO_AES_GCM 6719 7335 /* The STM standard peripheral library API's doesn't support partial blocks */ 6720 #ifdef STD_PERI_LIB 6721 if (partial == 0) 6722 #endif 6723 { 6724 return wc_AesGcmDecrypt_STM32( 6725 aes, out, in, sz, iv, ivSz, 6726 authTag, authTagSz, authIn, authInSz); 6727 } 7336 return wc_AesGcmDecrypt_STM32( 7337 aes, out, in, sz, iv, ivSz, 7338 authTag, authTagSz, authIn, authInSz); 6728 7339 #endif /* STM32_CRYPTO_AES_GCM */ 6729 7340 … … 6731 7342 #ifdef HAVE_INTEL_AVX2 6732 7343 if (IS_INTEL_AVX2(intel_flags)) { 7344 SAVE_VECTOR_REGISTERS(); 6733 7345 AES_GCM_decrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz, 6734 7346 authTagSz, (byte*)aes->key, aes->rounds, &res); 7347 RESTORE_VECTOR_REGISTERS(); 6735 7348 if (res == 0) 6736 7349 return AES_GCM_AUTH_E; … … 6741 7354 #ifdef HAVE_INTEL_AVX1 6742 7355 if (IS_INTEL_AVX1(intel_flags)) { 7356 SAVE_VECTOR_REGISTERS(); 6743 7357 AES_GCM_decrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz, 6744 7358 authTagSz, (byte*)aes->key, aes->rounds, &res); 7359 RESTORE_VECTOR_REGISTERS(); 6745 7360 if (res == 0) 6746 7361 return AES_GCM_AUTH_E; … … 6876 7491 byte* authTag, word32 authTagSz, WC_RNG* rng) 6877 7492 { 6878 Aes aes; 7493 #ifdef WOLFSSL_SMALL_STACK 7494 Aes *aes = NULL; 7495 #else 7496 Aes aes[1]; 7497 #endif 6879 7498 int ret; 6880 7499 … … 6885 7504 } 6886 7505 6887 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 7506 #ifdef WOLFSSL_SMALL_STACK 7507 if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, 7508 DYNAMIC_TYPE_AES)) == NULL) 7509 return MEMORY_E; 7510 #endif 7511 7512 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 6888 7513 if (ret == 0) { 6889 ret = wc_AesGcmSetKey( &aes, key, keySz);7514 ret = wc_AesGcmSetKey(aes, key, keySz); 6890 7515 if (ret == 0) 6891 ret = wc_AesGcmSetIV( &aes, ivSz, NULL, 0, rng);7516 ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); 6892 7517 if (ret == 0) 6893 ret = wc_AesGcmEncrypt_ex( &aes, NULL, NULL, 0, iv, ivSz,7518 ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, 6894 7519 authTag, authTagSz, authIn, authInSz); 6895 wc_AesFree(&aes); 6896 } 6897 ForceZero(&aes, sizeof(aes)); 7520 wc_AesFree(aes); 7521 } 7522 ForceZero(aes, sizeof *aes); 7523 #ifdef WOLFSSL_SMALL_STACK 7524 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 7525 #endif 6898 7526 6899 7527 return ret; … … 6906 7534 { 6907 7535 int ret; 6908 #ifndef NO_AES_DECRYPT 6909 Aes aes; 7536 #ifdef HAVE_AES_DECRYPT 7537 #ifdef WOLFSSL_SMALL_STACK 7538 Aes *aes = NULL; 7539 #else 7540 Aes aes[1]; 7541 #endif 6910 7542 6911 7543 if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) || … … 6915 7547 } 6916 7548 6917 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 7549 #ifdef WOLFSSL_SMALL_STACK 7550 if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, 7551 DYNAMIC_TYPE_AES)) == NULL) 7552 return MEMORY_E; 7553 #endif 7554 7555 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 6918 7556 if (ret == 0) { 6919 ret = wc_AesGcmSetKey( &aes, key, keySz);7557 ret = wc_AesGcmSetKey(aes, key, keySz); 6920 7558 if (ret == 0) 6921 ret = wc_AesGcmDecrypt( &aes, NULL, NULL, 0, iv, ivSz,7559 ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, 6922 7560 authTag, authTagSz, authIn, authInSz); 6923 wc_AesFree(&aes); 6924 } 6925 ForceZero(&aes, sizeof(aes)); 7561 wc_AesFree(aes); 7562 } 7563 ForceZero(aes, sizeof *aes); 7564 #ifdef WOLFSSL_SMALL_STACK 7565 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 7566 #endif 6926 7567 #else 6927 7568 (void)key; … … 6971 7612 } 6972 7613 7614 7615 /* Checks if the tag size is an accepted value based on RFC 3610 section 2 7616 * returns 0 if tag size is ok 7617 */ 7618 int wc_AesCcmCheckTagSize(int sz) 7619 { 7620 /* values here are from RFC 3610 section 2 */ 7621 if (sz != 4 && sz != 6 && sz != 8 && sz != 10 && sz != 12 && sz != 14 7622 && sz != 16) { 7623 WOLFSSL_MSG("Bad auth tag size AES-CCM"); 7624 return BAD_FUNC_ARG; 7625 } 7626 return 0; 7627 } 7628 6973 7629 #ifdef WOLFSSL_ARMASM 6974 7630 /* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */ … … 6980 7636 /* implemented in wolfcrypt/src/port/caam_aes.c */ 6981 7637 7638 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 7639 /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ 7640 int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, 7641 const byte* nonce, word32 nonceSz, 7642 byte* authTag, word32 authTagSz, 7643 const byte* authIn, word32 authInSz) 7644 { 7645 return wc_AesCcmEncrypt_silabs( 7646 aes, out, in, inSz, 7647 nonce, nonceSz, 7648 authTag, authTagSz, 7649 authIn, authInSz); 7650 } 7651 7652 #ifdef HAVE_AES_DECRYPT 7653 int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, 7654 const byte* nonce, word32 nonceSz, 7655 const byte* authTag, word32 authTagSz, 7656 const byte* authIn, word32 authInSz) 7657 { 7658 return wc_AesCcmDecrypt_silabs( 7659 aes, out, in, inSz, 7660 nonce, nonceSz, 7661 authTag, authTagSz, 7662 authIn, authInSz); 7663 } 7664 #endif 6982 7665 #elif defined(FREESCALE_LTC) 6983 7666 … … 6989 7672 { 6990 7673 byte *key; 6991 uint32_tkeySize;7674 word32 keySize; 6992 7675 status_t status; 6993 7676 6994 7677 /* sanity check on arguments */ 7678 /* note, LTC_AES_EncryptTagCcm() doesn't allow null src or dst 7679 * ptrs even if inSz is zero (ltc_aes_ccm_check_input_args()), so 7680 * don't allow it here either. 7681 */ 6995 7682 if (aes == NULL || out == NULL || in == NULL || nonce == NULL 6996 || authTag == NULL || nonceSz < 7 || nonceSz > 13) 7683 || authTag == NULL || nonceSz < 7 || nonceSz > 13) { 6997 7684 return BAD_FUNC_ARG; 7685 } 7686 7687 if (wc_AesCcmCheckTagSize(authTagSz) != 0) { 7688 return BAD_FUNC_ARG; 7689 } 6998 7690 6999 7691 key = (byte*)aes->key; … … 7004 7696 } 7005 7697 7698 status = wolfSSL_CryptHwMutexLock(); 7699 if (status != 0) 7700 return status; 7701 7006 7702 status = LTC_AES_EncryptTagCcm(LTC_BASE, in, out, inSz, 7007 7703 nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz); 7704 wolfSSL_CryptHwMutexUnLock(); 7008 7705 7009 7706 return (kStatus_Success == status) ? 0 : BAD_FUNC_ARG; … … 7017 7714 { 7018 7715 byte *key; 7019 uint32_tkeySize;7716 word32 keySize; 7020 7717 status_t status; 7021 7718 7022 7719 /* sanity check on arguments */ 7023 7720 if (aes == NULL || out == NULL || in == NULL || nonce == NULL 7024 || authTag == NULL || nonceSz < 7 || nonceSz > 13) 7721 || authTag == NULL || nonceSz < 7 || nonceSz > 13) { 7025 7722 return BAD_FUNC_ARG; 7723 } 7026 7724 7027 7725 key = (byte*)aes->key; … … 7031 7729 return status; 7032 7730 } 7033 7731 7732 status = wolfSSL_CryptHwMutexLock(); 7733 if (status != 0) 7734 return status; 7034 7735 status = LTC_AES_DecryptTagCcm(LTC_BASE, in, out, inSz, 7035 7736 nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz); 7036 7037 if (status == kStatus_Success) { 7038 return 0; 7039 } 7040 else { 7737 wolfSSL_CryptHwMutexUnLock(); 7738 7739 if (status != kStatus_Success) { 7041 7740 XMEMSET(out, 0, inSz); 7042 7741 return AES_CCM_AUTH_E; 7043 7742 } 7743 return 0; 7044 7744 } 7045 7745 #endif /* HAVE_AES_DECRYPT */ … … 7131 7831 7132 7832 for (i = 0; i < lenSz; i++) { 7133 if (++B[AES_BLOCK_SIZE * 1 - 1 - i] != 0) break; 7134 } 7135 B[AES_BLOCK_SIZE * 2 - 1] += 2; 7136 if (B[AES_BLOCK_SIZE * 2 - 1] < 2) { 7137 for (i = 1; i < lenSz; i++) { 7138 if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break; 7139 } 7140 } 7141 B[AES_BLOCK_SIZE * 3 - 1] += 3; 7142 if (B[AES_BLOCK_SIZE * 3 - 1] < 3) { 7833 if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break; 7834 } 7835 B[AES_BLOCK_SIZE * 3 - 1] += 2; 7836 if (B[AES_BLOCK_SIZE * 3 - 1] < 2) { 7143 7837 for (i = 1; i < lenSz; i++) { 7144 7838 if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break; 7839 } 7840 } 7841 B[AES_BLOCK_SIZE * 4 - 1] += 3; 7842 if (B[AES_BLOCK_SIZE * 4 - 1] < 3) { 7843 for (i = 1; i < lenSz; i++) { 7844 if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break; 7145 7845 } 7146 7846 } … … 7180 7880 7181 7881 /* sanity check on arguments */ 7182 if (aes == NULL || out == NULL || in == NULL || nonce == NULL7183 7882 if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) || 7883 nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 || 7184 7884 authTagSz > AES_BLOCK_SIZE) 7185 7885 return BAD_FUNC_ARG; 7886 7887 /* sanity check on tag size */ 7888 if (wc_AesCcmCheckTagSize(authTagSz) != 0) { 7889 return BAD_FUNC_ARG; 7890 } 7186 7891 7187 7892 XMEMSET(A, 0, sizeof(A)); … … 7217 7922 AesCcmCtrIncSet4(B, lenSz); 7218 7923 7924 SAVE_VECTOR_REGISTERS(); 7219 7925 AES_ECB_encrypt(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key, 7220 7926 aes->rounds); 7927 RESTORE_VECTOR_REGISTERS(); 7928 7221 7929 xorbuf(A, in, AES_BLOCK_SIZE * 4); 7222 7930 XMEMCPY(out, A, AES_BLOCK_SIZE * 4); … … 7226 7934 out += AES_BLOCK_SIZE * 4; 7227 7935 7228 if (inSz < AES_BLOCK_SIZE * 4) { 7229 AesCcmCtrInc4(B, lenSz); 7230 } 7936 AesCcmCtrInc4(B, lenSz); 7231 7937 } 7232 7938 } … … 7276 7982 7277 7983 /* sanity check on arguments */ 7278 if (aes == NULL || out == NULL || in == NULL || nonce == NULL7279 7280 7984 if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) || 7985 nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 || 7986 authTagSz > AES_BLOCK_SIZE) 7281 7987 return BAD_FUNC_ARG; 7988 7989 /* sanity check on tag size */ 7990 if (wc_AesCcmCheckTagSize(authTagSz) != 0) { 7991 return BAD_FUNC_ARG; 7992 } 7282 7993 7283 7994 o = out; … … 7296 8007 AesCcmCtrIncSet4(B, lenSz); 7297 8008 8009 SAVE_VECTOR_REGISTERS(); 7298 8010 AES_ECB_encrypt(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key, 7299 8011 aes->rounds); 8012 RESTORE_VECTOR_REGISTERS(); 8013 7300 8014 xorbuf(A, in, AES_BLOCK_SIZE * 4); 7301 8015 XMEMCPY(o, A, AES_BLOCK_SIZE * 4); … … 7305 8019 o += AES_BLOCK_SIZE * 4; 7306 8020 7307 if (oSz < AES_BLOCK_SIZE * 4) { 7308 AesCcmCtrInc4(B, lenSz); 7309 } 8021 AesCcmCtrInc4(B, lenSz); 7310 8022 } 7311 8023 } … … 7360 8072 * Unfortunately, you need the decrypted data to calculate the 7361 8073 * check value. */ 7362 XMEMSET(out, 0, inSz); 8074 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) && \ 8075 defined(ACVP_VECTOR_TESTING) 8076 WOLFSSL_MSG("Preserve output for vector responses"); 8077 #else 8078 if (inSz > 0) 8079 XMEMSET(out, 0, inSz); 8080 #endif 7363 8081 result = AES_CCM_AUTH_E; 7364 8082 } … … 7476 8194 XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); 7477 8195 #endif 8196 #if defined(WOLFSSL_IMXRT_DCP) 8197 DCPAesInit(aes); 8198 #endif 8199 8200 7478 8201 #ifdef HAVE_AESGCM 7479 8202 #ifdef OPENSSL_EXTRA … … 7496 8219 7497 8220 if (ret == 0) 7498 ret 8221 ret = wc_AesInit(aes, heap, devId); 7499 8222 if (ret == 0) { 7500 8223 XMEMCPY(aes->id, id, len); 7501 8224 aes->idLen = len; 8225 aes->labelLen = 0; 8226 } 8227 8228 return ret; 8229 } 8230 8231 int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) 8232 { 8233 int ret = 0; 8234 int labelLen = 0; 8235 8236 if (aes == NULL || label == NULL) 8237 ret = BAD_FUNC_ARG; 8238 if (ret == 0) { 8239 labelLen = (int)XSTRLEN(label); 8240 if (labelLen == 0 || labelLen > AES_MAX_LABEL_LEN) 8241 ret = BUFFER_E; 8242 } 8243 8244 if (ret == 0) 8245 ret = wc_AesInit(aes, heap, devId); 8246 if (ret == 0) { 8247 XMEMCPY(aes->label, label, labelLen); 8248 aes->labelLen = labelLen; 8249 aes->idLen = 0; 7502 8250 } 7503 8251 … … 7532 8280 ForceZero((byte*)aes->devKey, AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE); 7533 8281 #endif 8282 #if defined(WOLFSSL_IMXRT_DCP) 8283 DCPAesFree(aes); 8284 #endif 7534 8285 } 7535 8286 … … 7590 8341 return BAD_FUNC_ARG; 7591 8342 7592 8343 return AES_ECB_encrypt(aes, in, out, sz); 7593 8344 } 7594 8345 … … 7599 8350 return BAD_FUNC_ARG; 7600 8351 7601 8352 return AES_ECB_decrypt(aes, in, out, sz); 7602 8353 } 7603 8354 … … 7611 8362 if ((in == NULL) || (out == NULL) || (aes == NULL)) 7612 8363 return BAD_FUNC_ARG; 7613 while (blocks>0) { 8364 #ifdef WOLFSSL_IMXRT_DCP 8365 if (aes->keylen == 16) 8366 return DCPAesEcbEncrypt(aes, out, in, sz); 8367 #endif 8368 while (blocks > 0) { 7614 8369 wc_AesEncryptDirect(aes, out, in); 7615 8370 out += AES_BLOCK_SIZE; … … 7628 8383 if ((in == NULL) || (out == NULL) || (aes == NULL)) 7629 8384 return BAD_FUNC_ARG; 7630 while (blocks>0) { 8385 #ifdef WOLFSSL_IMXRT_DCP 8386 if (aes->keylen == 16) 8387 return DCPAesEcbDecrypt(aes, out, in, sz); 8388 #endif 8389 while (blocks > 0) { 7631 8390 wc_AesDecryptDirect(aes, out, in); 7632 8391 out += AES_BLOCK_SIZE; … … 7910 8669 7911 8670 /* MSB + XOR */ 8671 #ifdef BIG_ENDIAN_ORDER 8672 ByteReverseWords(aes->tmp, aes->tmp, AES_BLOCK_SIZE); 8673 #endif 7912 8674 out[0] = aes->tmp[0] ^ in[0]; 7913 8675 if (dir == AES_ENCRYPTION) { … … 8141 8903 byte* out, word32 outSz, const byte* iv) 8142 8904 { 8143 Aes aes; 8905 #ifdef WOLFSSL_SMALL_STACK 8906 Aes *aes = NULL; 8907 #else 8908 Aes aes[1]; 8909 #endif 8910 int aes_inited = 0; 8144 8911 byte* r; 8145 8912 word32 i; … … 8157 8924 if (inSz % KEYWRAP_BLOCK_SIZE != 0) 8158 8925 return BAD_FUNC_ARG; 8926 8927 #ifdef WOLFSSL_SMALL_STACK 8928 if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, 8929 DYNAMIC_TYPE_AES)) == NULL) 8930 return MEMORY_E; 8931 #endif 8159 8932 8160 8933 /* user IV is optional */ … … 8169 8942 XMEMSET(t, 0, sizeof(t)); 8170 8943 8171 ret = wc_AesInit( &aes, NULL, INVALID_DEVID);8944 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 8172 8945 if (ret != 0) 8173 return ret; 8174 8175 ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_ENCRYPTION); 8946 goto out; 8947 else 8948 aes_inited = 1; 8949 8950 ret = wc_AesSetKey(aes, key, keySz, NULL, AES_ENCRYPTION); 8176 8951 if (ret != 0) 8177 return ret;8952 goto out; 8178 8953 8179 8954 for (j = 0; j <= 5; j++) { … … 8183 8958 XMEMCPY(tmp + KEYWRAP_BLOCK_SIZE, r, KEYWRAP_BLOCK_SIZE); 8184 8959 8185 wc_AesEncryptDirect( &aes, tmp, tmp);8960 wc_AesEncryptDirect(aes, tmp, tmp); 8186 8961 8187 8962 /* calculate new A */ … … 8199 8974 XMEMCPY(out, tmp, KEYWRAP_BLOCK_SIZE); 8200 8975 8201 wc_AesFree(&aes); 8202 8203 return inSz + KEYWRAP_BLOCK_SIZE; 8976 ret = 0; 8977 8978 out: 8979 8980 if (aes_inited) 8981 wc_AesFree(aes); 8982 #ifdef WOLFSSL_SMALL_STACK 8983 if (aes) 8984 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 8985 #endif 8986 8987 if (ret != 0) 8988 return ret; 8989 else 8990 return inSz + KEYWRAP_BLOCK_SIZE; 8204 8991 } 8205 8992 … … 8207 8994 byte* out, word32 outSz, const byte* iv) 8208 8995 { 8209 Aes aes; 8996 #ifdef WOLFSSL_SMALL_STACK 8997 Aes *aes = NULL; 8998 #else 8999 Aes aes[1]; 9000 #endif 9001 int aes_inited = 0; 8210 9002 byte* r; 8211 9003 word32 i, n; … … 8229 9021 if (inSz % KEYWRAP_BLOCK_SIZE != 0) 8230 9022 return BAD_FUNC_ARG; 9023 9024 #ifdef WOLFSSL_SMALL_STACK 9025 if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, 9026 DYNAMIC_TYPE_AES)) == NULL) 9027 return MEMORY_E; 9028 #endif 8231 9029 8232 9030 /* user IV optional */ … … 8242 9040 XMEMSET(t, 0, sizeof(t)); 8243 9041 8244 ret = wc_AesInit( &aes, NULL, INVALID_DEVID);9042 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 8245 9043 if (ret != 0) 8246 return ret; 8247 8248 ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_DECRYPTION); 9044 goto out; 9045 else 9046 aes_inited = 1; 9047 9048 ret = wc_AesSetKey(aes, key, keySz, NULL, AES_DECRYPTION); 8249 9049 if (ret != 0) 8250 return ret;9050 goto out; 8251 9051 8252 9052 /* initialize counter to 6n */ … … 8264 9064 r = out + ((i - 1) * KEYWRAP_BLOCK_SIZE); 8265 9065 XMEMCPY(tmp + KEYWRAP_BLOCK_SIZE, r, KEYWRAP_BLOCK_SIZE); 8266 wc_AesDecryptDirect( &aes, tmp, tmp);9066 wc_AesDecryptDirect(aes, tmp, tmp); 8267 9067 8268 9068 /* save R[i] */ … … 8271 9071 } 8272 9072 8273 wc_AesFree(&aes);8274 8275 9073 /* verify IV */ 8276 if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) 8277 return BAD_KEYWRAP_IV_E; 8278 8279 return inSz - KEYWRAP_BLOCK_SIZE; 9074 if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) { 9075 ret = BAD_KEYWRAP_IV_E; 9076 goto out; 9077 } 9078 9079 out: 9080 9081 if (aes_inited) 9082 wc_AesFree(aes); 9083 #ifdef WOLFSSL_SMALL_STACK 9084 if (aes) 9085 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 9086 #endif 9087 9088 if (ret != 0) 9089 return ret; 9090 else 9091 return inSz - KEYWRAP_BLOCK_SIZE; 8280 9092 } 8281 9093 -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/asn.c
r457 r464 20 20 */ 21 21 22 22 /* 23 24 DESCRIPTION 25 This library provides the interface to Abstract Syntax Notation One (ASN.1) objects. 26 ASN.1 is a standard interface description language for defining data structures 27 that can be serialized and deserialized in a cross-platform way. 28 29 */ 23 30 #ifdef HAVE_CONFIG_H 24 31 #include <config.h> … … 67 74 #include <wolfssl/wolfcrypt/des3.h> 68 75 #include <wolfssl/wolfcrypt/aes.h> 76 #include <wolfssl/wolfcrypt/rc2.h> 69 77 #include <wolfssl/wolfcrypt/wc_encrypt.h> 70 78 #include <wolfssl/wolfcrypt/logging.h> … … 114 122 #endif 115 123 124 #ifndef NO_DSA 125 #include <wolfssl/wolfcrypt/dsa.h> 126 #else 127 typedef void* DsaKey; 128 #endif 129 116 130 #ifdef WOLF_CRYPTO_CB 117 131 #include <wolfssl/wolfcrypt/cryptocb.h> … … 129 143 #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } 130 144 131 #if defined(HAVE_SELFTEST) || ( !defined(NO_SKID) && \ 132 ( !defined(HAVE_FIPS) || \ 133 !defined(HAVE_FIPS_VERSION) )) 145 #if !defined(NO_SKID) && (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION)) 146 #if !defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST) && \ 147 (!defined(HAVE_SELFTEST_VERSION) || \ 148 HAVE_SELFTEST_VERSION < 2)) 134 149 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM 135 150 #define WOLFSSL_AES_KEY_SIZE_ENUM … … 141 156 }; 142 157 #endif 158 #endif /* HAVE_SELFTEST */ 143 159 #endif 144 160 #ifdef WOLFSSL_RENESAS_TSIP_TLS … … 456 472 457 473 if (*len > 0) { 474 475 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY 476 /* check for invalid padding on negative integer. 477 * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1 478 */ 479 if (*len > 1) { 480 if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) 481 return ASN_PARSE_E; 482 } 483 #endif 484 458 485 /* remove leading zero, unless there is only one 0x00 byte */ 459 486 if ((input[*inOutIdx] == 0x00) && (*len > 1)) { … … 461 488 (*len)--; 462 489 490 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY 463 491 if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) 464 492 return ASN_PARSE_E; 493 #endif 465 494 } 466 495 } … … 502 531 #if !defined(NO_DSA) && !defined(NO_SHA) 503 532 static const char sigSha1wDsaName[] = "SHAwDSA"; 533 static const char sigSha256wDsaName[] = "SHA256wDSA"; 504 534 #endif /* NO_DSA */ 505 535 #ifndef NO_RSA … … 555 585 case CTC_SHAwDSA: 556 586 return sigSha1wDsaName; 587 case CTC_SHA256wDSA: 588 return sigSha256wDsaName; 557 589 #endif /* NO_DSA && NO_SHA */ 558 590 #ifndef NO_RSA … … 625 657 * returns the number of bytes added to the buffer. 626 658 */ 627 staticint SetASNInt(int len, byte firstByte, byte* output)659 int SetASNInt(int len, byte firstByte, byte* output) 628 660 { 629 661 word32 idx = 0; … … 668 700 leadingBit = mp_leading_bit(n); 669 701 length = mp_unsigned_bin_size(n); 702 if (maxSz >= 0 && (1 + length + (leadingBit ? 1 : 0)) > maxSz) 703 return BUFFER_E; 670 704 idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output); 671 705 if (maxSz >= 0 && (idx + length) > maxSz) … … 840 874 841 875 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { 876 int ret; 877 842 878 *inOutIdx = ++idx; /* skip header */ 843 return GetMyVersion(input, inOutIdx, version, maxIdx); 879 ret = GetMyVersion(input, inOutIdx, version, maxIdx); 880 if (ret >= 0) { 881 /* check if version is expected value rfc 5280 4.1 {0, 1, 2} */ 882 if (*version > MAX_X509_VERSION || *version < MIN_X509_VERSION) { 883 WOLFSSL_MSG("Unexpected certificate version"); 884 ret = ASN_VERSION_E; 885 } 886 } 887 return ret; 844 888 } 845 889 … … 881 925 882 926 #if (!defined(WOLFSSL_KEY_GEN) && !defined(OPENSSL_EXTRA) && defined(RSA_LOW_MEM)) \ 883 || defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DSA) && defined(WOLFSSL_QT))884 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)927 || defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DSA)) 928 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA) 885 929 static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx) 886 930 { … … 900 944 #endif 901 945 902 staticint CheckBitString(const byte* input, word32* inOutIdx, int* len,946 int CheckBitString(const byte* input, word32* inOutIdx, int* len, 903 947 word32 maxIdx, int zeroBits, byte* unusedBits) 904 948 { … … 956 1000 (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \ 957 1001 ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ 958 (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) 1002 (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ 1003 (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) 959 1004 960 1005 /* Set the DER/BER encoding of the ASN.1 BIT_STRING header. … … 1158 1203 1159 1204 #ifdef WOLFSSL_SMALL_STACK 1160 indefItems = XMALLOC(sizeof(IndefItems), NULL, DYNAMIC_TYPE_TMP_BUFFER);1205 indefItems = (IndefItems *)XMALLOC(sizeof(IndefItems), NULL, DYNAMIC_TYPE_TMP_BUFFER); 1161 1206 if (indefItems == NULL) { 1162 1207 ret = MEMORY_E; … … 1357 1402 #endif 1358 1403 1359 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) 1360 1361 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || \ 1362 defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 1363 1364 #ifdef WOLFSSL_CERT_EXT 1404 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) 1365 1405 /* Set the DER/BER encoding of the ASN.1 BIT_STRING with a 16-bit value. 1366 1406 * … … 1395 1435 return idx; 1396 1436 } 1397 #endif /* WOLFSSL_CERT_EXT */ 1398 #endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || defined(HAVE_ED448) */ 1399 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN */ 1400 1401 1437 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_CERT_GEN */ 1402 1438 1403 1439 /* hashType */ … … 1443 1479 #if !defined(NO_DSA) && !defined(NO_SHA) 1444 1480 static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3}; 1481 static const byte sigSha256wDsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 2}; 1445 1482 #endif /* NO_DSA */ 1446 1483 #ifndef NO_RSA … … 1510 1547 static const byte keyEd448Oid[] = {43, 101, 113}; 1511 1548 #endif /* HAVE_ED448 */ 1512 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))1549 #ifndef NO_DH 1513 1550 static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1}; 1514 #endif /* ! NO_DH ...*/1551 #endif /* !NO_DH */ 1515 1552 1516 1553 /* curveType */ … … 1594 1631 /* ocspType */ 1595 1632 #ifdef HAVE_OCSP 1596 static const byte ocspBasicOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 1}; 1597 static const byte ocspNonceOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 2}; 1633 static const byte ocspBasicOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 1}; 1634 static const byte ocspNonceOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 2}; 1635 static const byte ocspNoCheckOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 5}; 1598 1636 #endif /* HAVE_OCSP */ 1599 1637 … … 1633 1671 static const byte extExtKeyUsageTimestampOid[] = {43, 6, 1, 5, 5, 7, 3, 8}; 1634 1672 static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9}; 1673 1674 #ifdef WOLFSSL_CERT_REQ 1675 /* csrAttrType */ 1676 static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7}; 1677 static const byte attrSerialNumberOid[] = {85, 4, 5}; 1678 #endif 1635 1679 1636 1680 /* kdfType */ … … 1725 1769 oid = sigSha1wDsaOid; 1726 1770 *oidSz = sizeof(sigSha1wDsaOid); 1771 break; 1772 case CTC_SHA256wDSA: 1773 oid = sigSha256wDsaOid; 1774 *oidSz = sizeof(sigSha256wDsaOid); 1727 1775 break; 1728 1776 #endif /* NO_DSA */ … … 1858 1906 break; 1859 1907 #endif /* HAVE_ED448 */ 1860 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))1908 #ifndef NO_DH 1861 1909 case DHk: 1862 1910 oid = keyDhOid; 1863 1911 *oidSz = sizeof(keyDhOid); 1864 1912 break; 1865 #endif /* ! NO_DH && (WOLFSSL_QT || OPENSSL_ALL*/1913 #endif /* !NO_DH */ 1866 1914 default: 1867 1915 break; … … 2015 2063 break; 2016 2064 #endif 2065 #ifdef HAVE_OCSP 2066 case OCSP_NOCHECK_OID: 2067 oid = ocspNoCheckOid; 2068 *oidSz = sizeof(ocspNoCheckOid); 2069 break; 2070 #endif 2017 2071 } 2018 2072 break; … … 2255 2309 break; 2256 2310 #endif /* WOLFSSL_APACHE_HTTPD */ 2311 #ifdef WOLFSSL_CERT_REQ 2312 case oidCsrAttrType: 2313 switch (id) { 2314 case CHALLENGE_PASSWORD_OID: 2315 oid = attrChallengePasswordOid; 2316 *oidSz = sizeof(attrChallengePasswordOid); 2317 break; 2318 case SERIAL_NUMBER_OID: 2319 oid = attrSerialNumberOid; 2320 *oidSz = sizeof(attrSerialNumberOid); 2321 break; 2322 } 2323 break; 2324 #endif 2257 2325 case oidIgnoreType: 2258 2326 default: … … 2422 2490 int idx = 0; 2423 2491 2424 output[idx++] = ASN_OBJECT_ID; 2425 idx += SetLength(len, output + idx); 2492 if (output) 2493 output[idx++] = ASN_OBJECT_ID; 2494 else 2495 idx++; 2496 idx += SetLength(len, output ? output + idx : NULL); 2426 2497 2427 2498 return idx; … … 2570 2641 int version, length; 2571 2642 2572 if (inOutIdx == NULL ) {2643 if (inOutIdx == NULL || input == NULL || key == NULL) { 2573 2644 return BAD_FUNC_ARG; 2574 2645 } … … 2683 2754 if (length < 0) 2684 2755 return length; 2756 2757 if (length + inOutIdx > sz) 2758 return BUFFER_E; 2685 2759 2686 2760 XMEMMOVE(input, input + inOutIdx, length); … … 2831 2905 2832 2906 #if defined(HAVE_PKCS12) || !defined(NO_CHECK_PRIVATE_KEY) 2833 /* check that the private key is a pair for the public key in certificate2907 /* check that the private key is a pair for the public key 2834 2908 * return 1 (true) on match 2835 2909 * return 0 or negative value on failure/error 2836 2910 * 2837 * key : buffer holding DER format key 2838 * keySz : size of key buffer 2839 * der : a initialized and parsed DecodedCert holding a certificate */ 2840 int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) 2911 * privKey : buffer holding DER format private key 2912 * privKeySz : size of private key buffer 2913 * pubKey : buffer holding DER format public key 2914 * pubKeySz : size of public key buffer 2915 * ks : type of key */ 2916 int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, 2917 const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) 2841 2918 { 2842 2919 int ret; 2843 (void)keySz; 2844 2845 if (key == NULL || der == NULL) { 2920 (void)privKeySz; 2921 (void)pubKeySz; 2922 (void)ks; 2923 2924 if (privKey == NULL || pubKey == NULL) { 2846 2925 return BAD_FUNC_ARG; 2847 2926 } … … 2849 2928 #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) 2850 2929 /* test if RSA key */ 2851 if ( der->keyOID== RSAk) {2930 if (ks == RSAk) { 2852 2931 #ifdef WOLFSSL_SMALL_STACK 2853 2932 RsaKey* a; … … 2884 2963 return ret; 2885 2964 } 2886 if ((ret = wc_RsaPrivateKeyDecode( key, &keyIdx, a, keySz)) == 0) {2965 if ((ret = wc_RsaPrivateKeyDecode(privKey, &keyIdx, a, privKeySz)) == 0) { 2887 2966 WOLFSSL_MSG("Checking RSA key pair"); 2888 2967 keyIdx = 0; /* reset to 0 for parsing public key */ 2889 2968 2890 if ((ret = wc_RsaPublicKeyDecode( der->publicKey, &keyIdx, b,2891 der->pubKeySize)) == 0) {2969 if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b, 2970 pubKeySz)) == 0) { 2892 2971 /* limit for user RSA crypto because of RsaKey 2893 2972 * dereference. */ … … 2918 2997 2919 2998 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) 2920 if ( der->keyOID== ECDSAk) {2999 if (ks == ECDSAk) { 2921 3000 #ifdef WOLFSSL_SMALL_STACK 2922 3001 ecc_key* key_pair; … … 2948 3027 } 2949 3028 2950 if ((ret = wc_EccPrivateKeyDecode( key, &keyIdx, key_pair,2951 keySz)) == 0) {3029 if ((ret = wc_EccPrivateKeyDecode(privKey, &keyIdx, key_pair, 3030 privKeySz)) == 0) { 2952 3031 WOLFSSL_MSG("Checking ECC key pair"); 2953 3032 … … 2957 3036 ret = wc_ecc_init(key_pair); 2958 3037 if (ret == 0) { 2959 ret = wc_ecc_import_private_key( (const byte*)privDer,2960 privSz, (const byte*)der->publicKey,2961 der->pubKeySize, key_pair);3038 ret = wc_ecc_import_private_key(privDer, 3039 privSz, pubKey, 3040 pubKeySz, key_pair); 2962 3041 } 2963 3042 … … 2983 3062 2984 3063 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) 2985 if ( der->keyOID== ED25519k) {3064 if (ks == ED25519k) { 2986 3065 #ifdef WOLFSSL_SMALL_STACK 2987 3066 ed25519_key* key_pair; … … 3004 3083 return ret; 3005 3084 } 3006 if ((ret = wc_Ed25519PrivateKeyDecode( key, &keyIdx, key_pair,3007 keySz)) == 0) {3085 if ((ret = wc_Ed25519PrivateKeyDecode(privKey, &keyIdx, key_pair, 3086 privKeySz)) == 0) { 3008 3087 WOLFSSL_MSG("Checking ED25519 key pair"); 3009 3088 keyIdx = 0; 3010 if ((ret = wc_ed25519_import_public( der->publicKey, der->pubKeySize,3011 3089 if ((ret = wc_ed25519_import_public(pubKey, pubKeySz, 3090 key_pair)) == 0) { 3012 3091 /* public and private extracted successfully no check if is 3013 3092 * a pair and also do sanity checks on key. wc_ecc_check_key … … 3026 3105 3027 3106 #if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) 3028 if ( der->keyOID== ED448k) {3107 if (ks == ED448k) { 3029 3108 #ifdef WOLFSSL_SMALL_STACK 3030 3109 ed448_key* key_pair = NULL; … … 3047 3126 return ret; 3048 3127 } 3049 if ((ret = wc_Ed448PrivateKeyDecode( key, &keyIdx, key_pair,3050 keySz)) == 0) {3128 if ((ret = wc_Ed448PrivateKeyDecode(privKey, &keyIdx, key_pair, 3129 privKeySz)) == 0) { 3051 3130 WOLFSSL_MSG("Checking ED448 key pair"); 3052 3131 keyIdx = 0; 3053 if ((ret = wc_ed448_import_public( der->publicKey, der->pubKeySize,3054 3132 if ((ret = wc_ed448_import_public(pubKey, pubKeySz, 3133 key_pair)) == 0) { 3055 3134 /* public and private extracted successfully no check if is 3056 3135 * a pair and also do sanity checks on key. wc_ecc_check_key … … 3071 3150 } 3072 3151 3073 (void)keySz;3074 3075 3152 return ret; 3153 } 3154 3155 /* check that the private key is a pair for the public key in certificate 3156 * return 1 (true) on match 3157 * return 0 or negative value on failure/error 3158 * 3159 * key : buffer holding DER format key 3160 * keySz : size of key buffer 3161 * der : a initialized and parsed DecodedCert holding a certificate */ 3162 int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der) 3163 { 3164 if (key == NULL || der == NULL) { 3165 return BAD_FUNC_ARG; 3166 } 3167 3168 return wc_CheckPrivateKey(key, keySz, der->publicKey, 3169 der->pubKeySize, (enum Key_Sum) der->keyOID); 3076 3170 } 3077 3171 … … 3110 3204 return 0; 3111 3205 #endif 3206 #ifdef WC_RC2 3207 case PBE_SHA1_40RC2_CBC: 3208 *id = PBE_SHA1_40RC2_CBC; 3209 *version = PKCS12v1; 3210 if (blockSz) *blockSz = RC2_BLOCK_SIZE; 3211 return 0; 3212 #endif 3112 3213 #endif /* !NO_SHA */ 3113 3214 default: … … 3197 3298 #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) 3198 3299 { 3199 RsaKey rsa; 3200 3201 wc_InitRsaKey(&rsa, heap); 3202 if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) { 3300 RsaKey *rsa = (RsaKey *)XMALLOC(sizeof *rsa, heap, DYNAMIC_TYPE_TMP_BUFFER); 3301 if (rsa == NULL) 3302 return MEMORY_E; 3303 3304 wc_InitRsaKey(rsa, heap); 3305 if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) { 3203 3306 *algoID = RSAk; 3204 3307 } … … 3206 3309 WOLFSSL_MSG("Not RSA DER key"); 3207 3310 } 3208 wc_FreeRsaKey(&rsa); 3311 wc_FreeRsaKey(rsa); 3312 XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER); 3209 3313 } 3210 3314 #endif /* !NO_RSA && !NO_ASN_CRYPT */ 3211 3315 #if defined(HAVE_ECC) && !defined(NO_ASN_CRYPT) 3212 3316 if (*algoID == 0) { 3213 ecc_key ecc; 3317 ecc_key *ecc = (ecc_key *)XMALLOC(sizeof *ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3318 if (ecc == NULL) 3319 return MEMORY_E; 3214 3320 3215 3321 tmpIdx = 0; 3216 wc_ecc_init_ex( &ecc, heap, INVALID_DEVID);3217 if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {3322 wc_ecc_init_ex(ecc, heap, INVALID_DEVID); 3323 if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) { 3218 3324 *algoID = ECDSAk; 3219 3325 3220 3326 /* now find oid */ 3221 if (wc_ecc_get_oid(ecc .dp->oidSum, curveOID, oidSz) < 0) {3327 if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) { 3222 3328 WOLFSSL_MSG("Error getting ECC curve OID"); 3223 wc_ecc_free(&ecc); 3329 wc_ecc_free(ecc); 3330 XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3224 3331 return BAD_FUNC_ARG; 3225 3332 } … … 3228 3335 WOLFSSL_MSG("Not ECC DER key either"); 3229 3336 } 3230 wc_ecc_free(&ecc); 3337 wc_ecc_free(ecc); 3338 XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3231 3339 } 3232 3340 #endif /* HAVE_ECC && !NO_ASN_CRYPT */ 3233 3341 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) 3234 3342 if (*algoID != RSAk && *algoID != ECDSAk) { 3235 ed25519_key ed25519; 3343 ed25519_key *ed25519 = (ed25519_key *)XMALLOC(sizeof *ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); 3344 if (ed25519 == NULL) 3345 return MEMORY_E; 3236 3346 3237 3347 tmpIdx = 0; 3238 if (wc_ed25519_init(&ed25519) == 0) { 3239 if (wc_Ed25519PrivateKeyDecode(key, &tmpIdx, &ed25519, keySz) 3240 == 0) { 3348 if (wc_ed25519_init(ed25519) == 0) { 3349 if (wc_Ed25519PrivateKeyDecode(key, &tmpIdx, ed25519, keySz) == 0) { 3241 3350 *algoID = ED25519k; 3242 3351 } … … 3244 3353 WOLFSSL_MSG("Not ED25519 DER key"); 3245 3354 } 3246 wc_ed25519_free( &ed25519);3355 wc_ed25519_free(ed25519); 3247 3356 } 3248 3357 else { 3249 3358 WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed"); 3250 3359 } 3360 XFREE(ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); 3251 3361 } 3252 3362 #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ 3253 3363 #if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) 3254 3364 if (*algoID != RSAk && *algoID != ECDSAk && *algoID != ED25519k) { 3255 ed448_key ed448; 3365 ed448_key *ed448 = (ed448_key *)XMALLOC(sizeof *ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); 3366 if (ed448 == NULL) 3367 return MEMORY_E; 3256 3368 3257 3369 tmpIdx = 0; 3258 if (wc_ed448_init( &ed448) == 0) {3259 if (wc_Ed448PrivateKeyDecode(key, &tmpIdx, &ed448, keySz) == 0) {3370 if (wc_ed448_init(ed448) == 0) { 3371 if (wc_Ed448PrivateKeyDecode(key, &tmpIdx, ed448, keySz) == 0) { 3260 3372 *algoID = ED448k; 3261 3373 } … … 3263 3375 WOLFSSL_MSG("Not ED448 DER key"); 3264 3376 } 3265 wc_ed448_free( &ed448);3377 wc_ed448_free(ed448); 3266 3378 } 3267 3379 else { 3268 3380 WOLFSSL_MSG("GetKeyOID wc_ed448_init failed"); 3269 3381 } 3382 XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); 3270 3383 } 3271 3384 #endif /* HAVE_ED448 && !NO_ASN_CRYPT */ … … 3405 3518 ret = SetShortInt(out, &inOutIdx, itt, *outSz); 3406 3519 if (ret < 0) { 3520 #ifdef WOLFSSL_SMALL_STACK 3521 if (saltTmp != NULL) 3522 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3523 #endif 3407 3524 return ret; 3408 3525 } … … 3428 3545 if ((ret = wc_GetKeyOID(key, keySz, &curveOID, &oidSz, &algoID, heap))< 0) { 3429 3546 WOLFSSL_MSG("Error getting key OID"); 3547 #ifdef WOLFSSL_SMALL_STACK 3548 if (saltTmp != NULL) 3549 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3550 #endif 3430 3551 return ret; 3431 3552 } … … 3454 3575 *outSz = tmpSz + MAX_ALGO_SZ + MAX_LENGTH_SZ +MAX_LENGTH_SZ + MAX_SEQ_SZ 3455 3576 + MAX_LENGTH_SZ + MAX_SEQ_SZ + 3; 3577 #ifdef WOLFSSL_SMALL_STACK 3578 if (saltTmp != NULL) 3579 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3580 #endif 3456 3581 return LENGTH_ONLY_E; 3457 3582 } … … 3487 3612 if (saltTmp != NULL) 3488 3613 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3489 XFREE( salt, heap, DYNAMIC_TYPE_TMP_BUFFER);3614 XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3490 3615 return MEMORY_E; 3491 3616 } … … 4390 4515 4391 4516 #ifndef NO_DH 4392 4517 /* Supports either: 4518 * - DH params G/P (PKCS#3 DH) file or 4519 * - DH key file (if WOLFSSL_DH_EXTRA enabled) */ 4520 /* The wc_DhParamsLoad function also loads DH params, but directly into buffers, not DhKey */ 4393 4521 int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) 4394 4522 { 4395 4523 int ret = 0; 4396 4524 int length; 4397 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4525 #ifdef WOLFSSL_DH_EXTRA 4526 #if !defined(HAVE_FIPS) || \ 4527 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4398 4528 word32 oid = 0, temp = 0; 4399 4529 #endif 4530 #endif 4400 4531 4401 4532 WOLFSSL_ENTER("wc_DhKeyDecode"); … … 4407 4538 return ASN_PARSE_E; 4408 4539 4409 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4540 #ifdef WOLFSSL_DH_EXTRA 4541 #if !defined(HAVE_FIPS) || \ 4542 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4410 4543 temp = *inOutIdx; 4411 4544 #endif 4412 4545 #endif 4413 4546 /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */ 4414 if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || 4415 GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4547 if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { 4416 4548 ret = ASN_DH_KEY_E; 4417 4549 } 4418 4419 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4550 if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4551 mp_clear(&key->p); 4552 ret = ASN_DH_KEY_E; 4553 } 4554 4555 #ifdef WOLFSSL_DH_EXTRA 4556 #if !defined(HAVE_FIPS) || \ 4557 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4420 4558 /* If ASN_DH_KEY_E: Check if input started at beginning of key */ 4421 4559 if (ret == ASN_DH_KEY_E) { 4422 /* rewind back to after the first sequence */4423 4560 *inOutIdx = temp; 4561 4562 /* the version (0) */ 4563 if (GetASNInt(input, inOutIdx, &length, inSz) < 0) { 4564 return ASN_PARSE_E; 4565 } 4566 *inOutIdx += length; 4567 4568 /* Size of dhKeyAgreement section */ 4424 4569 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 4425 4570 return ASN_PARSE_E; … … 4433 4578 return ASN_PARSE_E; 4434 4579 4435 if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || 4436 GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4580 if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { 4581 return ASN_DH_KEY_E; 4582 } 4583 if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4584 mp_clear(&key->p); 4437 4585 return ASN_DH_KEY_E; 4438 4586 } … … 4454 4602 if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) { 4455 4603 WOLFSSL_MSG("Found Private Key"); 4456 ret = 0; 4604 4605 /* Compute public */ 4606 ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub); 4457 4607 } 4458 4608 } else { … … 4462 4612 } 4463 4613 } 4464 #endif /* WOLFSSL_QT || OPENSSL_ALL */ 4465 4466 WOLFSSL_MSG("wc_DhKeyDecode Success"); 4614 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 4615 #endif /* WOLFSSL_DH_EXTRA */ 4616 4617 WOLFSSL_LEAVE("wc_DhKeyDecode", ret); 4467 4618 4468 4619 return ret; 4469 4620 } 4470 4471 4621 4472 4622 int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, … … 4507 4657 return 0; 4508 4658 } 4509 #endif /* NO_DH */4659 #endif /* !NO_DH */ 4510 4660 4511 4661 … … 4663 4813 } 4664 4814 4665 #if !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) 4815 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ 4816 defined(WOLFSSL_CERT_GEN)) 4666 4817 /* Write a public DSA key to output */ 4667 4818 int wc_SetDsaPublicKey(byte* output, DsaKey* key, … … 4852 5003 return wc_SetDsaPublicKey(output, key, inLen, 1); 4853 5004 } 4854 #endif /* !HAVE_SELFTEST && WOLFSSL_KEY_GEN*/5005 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ 4855 5006 4856 5007 /* Convert private DsaKey key to DER format, write to output (inLen), … … 4999 5150 if (cert->altEmailNames) 5000 5151 FreeAltNames(cert->altEmailNames, cert->heap); 5152 if (cert->altDirNames) 5153 FreeAltNames(cert->altDirNames, cert->heap); 5001 5154 if (cert->permittedNames) 5002 5155 FreeNameSubtrees(cert->permittedNames, cert->heap); … … 5009 5162 XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); 5010 5163 #endif /* WOLFSSL_SEP */ 5011 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5012 if (cert->issuerName.fullName != NULL) 5013 XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); 5014 if (cert->subjectName.fullName != NULL) 5015 XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509); 5164 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5165 !defined(WOLFCRYPT_ONLY) 5166 if (cert->issuerName != NULL) 5167 wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName); 5168 if (cert->subjectName != NULL) 5169 wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName); 5016 5170 #endif /* OPENSSL_EXTRA */ 5017 5171 #ifdef WOLFSSL_RENESAS_TSIP_TLS … … 5101 5255 { 5102 5256 int length; 5103 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5257 #ifndef NO_DSA 5104 5258 int tmpLen; 5105 5259 #endif 5106 #if defined(HAVE_ECC) || defined(HAVE_NTRU) 5260 #if defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DSA) 5107 5261 int tmpIdx = cert->srcIdx; 5108 5262 #endif … … 5111 5265 return ASN_PARSE_E; 5112 5266 5113 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5267 #ifndef NO_DSA 5114 5268 tmpLen = length + 4; 5115 5269 #endif … … 5324 5478 } 5325 5479 #endif /* HAVE_ED448 */ 5326 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5480 #ifndef NO_DSA 5327 5481 case DSAk: 5328 5482 { … … 5357 5511 return 0; 5358 5512 } 5359 #endif /* NO_DSA && QT*/5513 #endif /* NO_DSA */ 5360 5514 default: 5515 WOLFSSL_MSG("Unknown or not compiled in key OID"); 5361 5516 return ASN_UNKNOWN_OID_E; 5362 5517 } … … 5449 5604 {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, 5450 5605 {NULL, -1}}; 5451 5452 5606 int i; 5453 5607 #ifdef HAVE_ECC 5608 char curveName[16]; /* Same as MAX_CURVE_NAME_SZ but can't include that 5609 * symbol in this file */ 5454 5610 int eccEnum; 5455 5611 #endif … … 5464 5620 if (XSTRNCMP(sn, "prime256v1", 10) == 0) 5465 5621 sn = "SECP256R1"; 5466 if (XSTRNCMP(sn, "secp384r1", 10) == 0) 5467 sn = "SECP384R1"; 5622 /* OpenSSL allows lowercase curve names */ 5623 for (i = 0; i < (int)(sizeof(curveName) - 1) && *sn; i++) { 5624 curveName[i] = (char)XTOUPPER(*sn++); 5625 } 5626 curveName[i] = '\0'; 5468 5627 /* find based on name and return NID */ 5469 for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) { 5470 if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { 5628 for (i = 0; 5629 #ifndef WOLFSSL_ECC_CURVE_STATIC 5630 ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; 5631 #else 5632 ecc_sets[i].size != 0; 5633 #endif 5634 i++) { 5635 if (XSTRNCMP(curveName, ecc_sets[i].name, ECC_MAXNAME) == 0) { 5471 5636 eccEnum = ecc_sets[i].id; 5472 5637 /* Convert enum value in ecc_curve_id to OpenSSL NID */ … … 5484 5649 { 5485 5650 int ret; 5486 5487 #ifdef WOLF_CRYPTO_CB5488 /* try to use a registered crypto callback */5489 ret = wc_CryptoCb_Sha256Hash(NULL, data, len, hash);5490 if (ret != CRYPTOCB_UNAVAILABLE)5491 return ret;5492 /* fall-through when unavailable */5493 #endif5494 5651 5495 5652 #if defined(NO_SHA) && !defined(NO_SHA256) … … 5504 5661 } 5505 5662 5506 /* process NAME, either issuer or subject */ 5507 static int GetName(DecodedCert* cert, int nameType, int maxIdx) 5663 /* process NAME, either issuer or subject 5664 * returns 0 on success and negative values on fail */ 5665 int GetName(DecodedCert* cert, int nameType, int maxIdx) 5508 5666 { 5509 5667 int length; /* length of all distinguished names */ … … 5514 5672 word32 idx, localIdx = 0; 5515 5673 byte tag; 5516 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5517 DecodedName* dName = 5518 (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; 5519 int dcnum = 0; 5520 #ifdef OPENSSL_EXTRA 5521 int count = 0; 5522 #endif 5523 #endif /* OPENSSL_EXTRA */ 5674 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5675 !defined(WOLFCRYPT_ONLY) 5676 WOLFSSL_X509_NAME* dName; 5677 #endif /* OPENSSL_EXTRA */ 5524 5678 5525 5679 WOLFSSL_MSG("Getting Cert Name"); … … 5578 5732 } 5579 5733 #endif 5734 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5735 !defined(WOLFCRYPT_ONLY) 5736 dName = wolfSSL_X509_NAME_new(); 5737 if (dName == NULL) { 5738 return MEMORY_E; 5739 } 5740 #endif /* OPENSSL_EXTRA */ 5580 5741 5581 5742 while (cert->srcIdx < (word32)length) { … … 5588 5749 int strLen = 0; 5589 5750 byte id = 0; 5751 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5752 && !defined(WOLFCRYPT_ONLY) 5753 int nid = NID_undef; 5754 int enc; 5755 #endif /* OPENSSL_EXTRA */ 5590 5756 5591 5757 if (GetSet(cert->source, &cert->srcIdx, &dummy, maxIdx) < 0) { … … 5593 5759 } 5594 5760 5595 if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) 5761 if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) { 5762 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5763 !defined(WOLFCRYPT_ONLY) 5764 wolfSSL_X509_NAME_free(dName); 5765 #endif /* OPENSSL_EXTRA */ 5596 5766 return ASN_PARSE_E; 5767 } 5597 5768 5598 5769 ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx); 5599 if (ret != 0) 5770 if (ret != 0) { 5771 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5772 !defined(WOLFCRYPT_ONLY) 5773 wolfSSL_X509_NAME_free(dName); 5774 #endif /* OPENSSL_EXTRA */ 5600 5775 return ret; 5776 } 5601 5777 5602 5778 /* make sure there is room for joint */ 5603 if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) 5779 if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) { 5780 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5781 !defined(WOLFCRYPT_ONLY) 5782 wolfSSL_X509_NAME_free(dName); 5783 #endif /* OPENSSL_EXTRA */ 5604 5784 return ASN_PARSE_E; 5785 } 5605 5786 5606 5787 XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint)); … … 5612 5793 if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen, 5613 5794 maxIdx, 1) < 0) { 5795 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5796 !defined(WOLFCRYPT_ONLY) 5797 wolfSSL_X509_NAME_free(dName); 5798 #endif /* OPENSSL_EXTRA */ 5614 5799 return ASN_PARSE_E; 5615 5800 } … … 5624 5809 copy = WOLFSSL_COMMON_NAME; 5625 5810 copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; 5626 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)5627 dName->cnIdx = cert->srcIdx;5628 dName->cnLen = strLen;5629 5811 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5812 && !defined(WOLFCRYPT_ONLY) 5813 nid = NID_commonName; 5814 #endif /* OPENSSL_EXTRA */ 5630 5815 } 5631 5816 else if (id == ASN_SUR_NAME) { … … 5639 5824 } 5640 5825 #endif /* WOLFSSL_CERT_GEN */ 5641 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5642 dName->snIdx = cert->srcIdx; 5643 dName->snLen = strLen; 5826 #if (defined(OPENSSL_EXTRA) || \ 5827 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5828 && !defined(WOLFCRYPT_ONLY) 5829 nid = NID_surname; 5644 5830 #endif /* OPENSSL_EXTRA */ 5645 5831 } … … 5654 5840 } 5655 5841 #endif /* WOLFSSL_CERT_GEN */ 5656 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5657 dName->cIdx = cert->srcIdx; 5658 dName->cLen = strLen; 5842 #if (defined(OPENSSL_EXTRA) || \ 5843 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5844 && !defined(WOLFCRYPT_ONLY) 5845 nid = NID_countryName; 5659 5846 #endif /* OPENSSL_EXTRA */ 5660 5847 } … … 5669 5856 } 5670 5857 #endif /* WOLFSSL_CERT_GEN */ 5671 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5672 dName->lIdx = cert->srcIdx; 5673 dName->lLen = strLen; 5858 #if (defined(OPENSSL_EXTRA) || \ 5859 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5860 && !defined(WOLFCRYPT_ONLY) 5861 nid = NID_localityName; 5674 5862 #endif /* OPENSSL_EXTRA */ 5675 5863 } … … 5684 5872 } 5685 5873 #endif /* WOLFSSL_CERT_GEN */ 5686 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5687 dName->stIdx = cert->srcIdx; 5688 dName->stLen = strLen; 5874 #if (defined(OPENSSL_EXTRA) || \ 5875 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5876 && !defined(WOLFCRYPT_ONLY) 5877 nid = NID_stateOrProvinceName; 5689 5878 #endif /* OPENSSL_EXTRA */ 5690 5879 } … … 5699 5888 } 5700 5889 #endif /* WOLFSSL_CERT_GEN */ 5701 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5702 dName->oIdx = cert->srcIdx; 5703 dName->oLen = strLen; 5890 #if (defined(OPENSSL_EXTRA) || \ 5891 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5892 && !defined(WOLFCRYPT_ONLY) 5893 nid = NID_organizationName; 5704 5894 #endif /* OPENSSL_EXTRA */ 5705 5895 } … … 5714 5904 } 5715 5905 #endif /* WOLFSSL_CERT_GEN */ 5716 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5717 dName->ouIdx = cert->srcIdx; 5718 dName->ouLen = strLen; 5906 #if (defined(OPENSSL_EXTRA) || \ 5907 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5908 && !defined(WOLFCRYPT_ONLY) 5909 nid = NID_organizationalUnitName; 5719 5910 #endif /* OPENSSL_EXTRA */ 5720 5911 } … … 5729 5920 } 5730 5921 #endif /* WOLFSSL_CERT_GEN */ 5731 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5732 dName->snIdx = cert->srcIdx; 5733 dName->snLen = strLen; 5922 #if (defined(OPENSSL_EXTRA) || \ 5923 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5924 && !defined(WOLFCRYPT_ONLY) 5925 nid = NID_serialNumber; 5734 5926 #endif /* OPENSSL_EXTRA */ 5735 5927 } … … 5745 5937 } 5746 5938 #endif /* WOLFSSL_CERT_GEN */ 5747 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)5748 dName->bcIdx = cert->srcIdx;5749 dName->bcLen = strLen;5939 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5940 && !defined(WOLFCRYPT_ONLY) 5941 nid = NID_businessCategory; 5750 5942 #endif /* OPENSSL_EXTRA */ 5751 5943 } … … 5764 5956 5765 5957 if (GetLength(cert->source, &cert->srcIdx, &strLen, 5766 maxIdx) < 0) 5958 maxIdx) < 0) { 5959 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5960 !defined(WOLFCRYPT_ONLY) 5961 wolfSSL_X509_NAME_free(dName); 5962 #endif /* OPENSSL_EXTRA */ 5767 5963 return ASN_PARSE_E; 5964 } 5768 5965 5769 5966 /* Check for jurisdiction of incorporation country name */ … … 5778 5975 } 5779 5976 #endif /* WOLFSSL_CERT_GEN */ 5780 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5781 dName->jcIdx = cert->srcIdx; 5782 dName->jcLen = strLen; 5977 #if (defined(OPENSSL_EXTRA) || \ 5978 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5979 && !defined(WOLFCRYPT_ONLY) 5980 nid = NID_jurisdictionCountryName; 5783 5981 #endif /* OPENSSL_EXTRA */ 5784 5982 } … … 5795 5993 } 5796 5994 #endif /* WOLFSSL_CERT_GEN */ 5797 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5798 dName->jsIdx = cert->srcIdx; 5799 dName->jsLen = strLen; 5995 #if (defined(OPENSSL_EXTRA) || \ 5996 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5997 && !defined(WOLFCRYPT_ONLY) 5998 nid = NID_jurisdictionStateOrProvinceName; 5800 5999 #endif /* OPENSSL_EXTRA */ 5801 6000 } … … 5825 6024 cert->srcIdx += oidSz + 1; 5826 6025 5827 if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) 6026 if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) { 6027 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6028 !defined(WOLFCRYPT_ONLY) 6029 wolfSSL_X509_NAME_free(dName); 6030 #endif /* OPENSSL_EXTRA */ 5828 6031 return ASN_PARSE_E; 6032 } 5829 6033 5830 6034 if (strLen > (int)(ASN_NAME_MAX - idx)) { … … 5849 6053 } 5850 6054 #endif /* WOLFSSL_CERT_GEN */ 5851 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5852 dName->emailIdx = cert->srcIdx; 5853 dName->emailLen = strLen; 6055 #if (defined(OPENSSL_EXTRA) || \ 6056 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6057 && !defined(WOLFCRYPT_ONLY) 6058 nid = NID_emailAddress; 5854 6059 #endif /* OPENSSL_EXTRA */ 5855 6060 #ifndef IGNORE_NAME_CONSTRAINTS … … 5861 6066 if (emailName == NULL) { 5862 6067 WOLFSSL_MSG("\tOut of Memory"); 6068 #if (defined(OPENSSL_EXTRA) || \ 6069 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6070 !defined(WOLFCRYPT_ONLY) 6071 wolfSSL_X509_NAME_free(dName); 6072 #endif /* OPENSSL_EXTRA */ 5863 6073 return MEMORY_E; 5864 6074 } … … 5869 6079 WOLFSSL_MSG("\tOut of Memory"); 5870 6080 XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); 6081 #if (defined(OPENSSL_EXTRA) || \ 6082 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6083 !defined(WOLFCRYPT_ONLY) 6084 wolfSSL_X509_NAME_free(dName); 6085 #endif /* OPENSSL_EXTRA */ 5871 6086 return MEMORY_E; 5872 6087 } … … 5887 6102 copy = WOLFSSL_USER_ID; 5888 6103 copyLen = sizeof(WOLFSSL_USER_ID) - 1; 5889 #if defined(OPENSSL_EXTRA) || \5890 defined(OPENSSL_EXTRA_X509_SMALL) 5891 dName->uidIdx = cert->srcIdx;5892 dName->uidLen = strLen;6104 #if (defined(OPENSSL_EXTRA) || \ 6105 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6106 && !defined(WOLFCRYPT_ONLY) 6107 nid = NID_userId; 5893 6108 #endif /* OPENSSL_EXTRA */ 5894 6109 break; … … 5897 6112 copy = WOLFSSL_DOMAIN_COMPONENT; 5898 6113 copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; 5899 #if defined(OPENSSL_EXTRA) || \ 5900 defined(OPENSSL_EXTRA_X509_SMALL) 5901 dName->dcIdx[dcnum] = cert->srcIdx; 5902 dName->dcLen[dcnum] = strLen; 5903 dName->dcNum = dcnum + 1; 5904 dcnum++; 6114 #if (defined(OPENSSL_EXTRA) || \ 6115 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6116 && !defined(WOLFCRYPT_ONLY) 6117 nid = NID_domainComponent; 5905 6118 #endif /* OPENSSL_EXTRA */ 5906 6119 break; … … 5908 6121 default: 5909 6122 WOLFSSL_MSG("Unknown pilot attribute type"); 6123 #if (defined(OPENSSL_EXTRA) || \ 6124 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6125 !defined(WOLFCRYPT_ONLY) 6126 wolfSSL_X509_NAME_free(dName); 6127 #endif /* OPENSSL_EXTRA */ 5910 6128 return ASN_PARSE_E; 5911 6129 } … … 5922 6140 XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); 5923 6141 idx += strLen; 5924 5925 #ifdef OPENSSL_EXTRA 5926 if (count < DOMAIN_COMPONENT_MAX) { 5927 /* store order that DN was parsed */ 5928 dName->loc[count++] = id; 5929 } 5930 #endif 5931 } 6142 } 6143 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6144 !defined(WOLFCRYPT_ONLY) 6145 switch (b) { 6146 case CTC_UTF8: 6147 enc = MBSTRING_UTF8; 6148 break; 6149 case CTC_PRINTABLE: 6150 enc = V_ASN1_PRINTABLESTRING; 6151 break; 6152 default: 6153 WOLFSSL_MSG("Unknown encoding type, using UTF8 by default"); 6154 enc = MBSTRING_UTF8; 6155 } 6156 6157 if (nid != NID_undef) { 6158 if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, 6159 &cert->source[cert->srcIdx], strLen, -1, -1) != 6160 WOLFSSL_SUCCESS) { 6161 wolfSSL_X509_NAME_free(dName); 6162 return ASN_PARSE_E; 6163 } 6164 } 6165 #endif /* OPENSSL_EXTRA */ 5932 6166 cert->srcIdx += strLen; 5933 6167 } 5934 6168 full[idx++] = 0; 5935 #if defined(OPENSSL_EXTRA) 5936 /* store order that DN was parsed */ 5937 dName->locSz = count; 5938 #endif 5939 5940 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5941 { 5942 int totalLen = 0; 5943 int i = 0; 5944 5945 if (dName->cnLen != 0) 5946 totalLen += dName->cnLen + 4; 5947 if (dName->snLen != 0) 5948 totalLen += dName->snLen + 4; 5949 if (dName->cLen != 0) 5950 totalLen += dName->cLen + 3; 5951 if (dName->lLen != 0) 5952 totalLen += dName->lLen + 3; 5953 if (dName->stLen != 0) 5954 totalLen += dName->stLen + 4; 5955 if (dName->oLen != 0) 5956 totalLen += dName->oLen + 3; 5957 if (dName->ouLen != 0) 5958 totalLen += dName->ouLen + 4; 5959 if (dName->emailLen != 0) 5960 totalLen += dName->emailLen + 14; 5961 if (dName->uidLen != 0) 5962 totalLen += dName->uidLen + 5; 5963 if (dName->serialLen != 0) 5964 totalLen += dName->serialLen + 14; 5965 if (dName->dcNum != 0){ 5966 for (i = 0;i < dName->dcNum;i++) 5967 totalLen += dName->dcLen[i] + 4; 5968 } 5969 5970 dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap, 5971 DYNAMIC_TYPE_X509); 5972 if (dName->fullName != NULL) { 5973 idx = 0; 5974 5975 if (dName->cnLen != 0) { 5976 dName->entryCount++; 5977 XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4); 5978 dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME); 5979 idx += 4; 5980 XMEMCPY(&dName->fullName[idx], 5981 &cert->source[dName->cnIdx], dName->cnLen); 5982 dName->cnIdx = idx; 5983 idx += dName->cnLen; 5984 } 5985 if (dName->snLen != 0) { 5986 dName->entryCount++; 5987 XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4); 5988 dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME); 5989 idx += 4; 5990 XMEMCPY(&dName->fullName[idx], 5991 &cert->source[dName->snIdx], dName->snLen); 5992 dName->snIdx = idx; 5993 idx += dName->snLen; 5994 } 5995 if (dName->cLen != 0) { 5996 dName->entryCount++; 5997 XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3); 5998 dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME); 5999 idx += 3; 6000 XMEMCPY(&dName->fullName[idx], 6001 &cert->source[dName->cIdx], dName->cLen); 6002 dName->cIdx = idx; 6003 idx += dName->cLen; 6004 } 6005 if (dName->lLen != 0) { 6006 dName->entryCount++; 6007 XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3); 6008 dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME); 6009 idx += 3; 6010 XMEMCPY(&dName->fullName[idx], 6011 &cert->source[dName->lIdx], dName->lLen); 6012 dName->lIdx = idx; 6013 idx += dName->lLen; 6014 } 6015 if (dName->stLen != 0) { 6016 dName->entryCount++; 6017 XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4); 6018 dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME); 6019 idx += 4; 6020 XMEMCPY(&dName->fullName[idx], 6021 &cert->source[dName->stIdx], dName->stLen); 6022 dName->stIdx = idx; 6023 idx += dName->stLen; 6024 } 6025 if (dName->oLen != 0) { 6026 dName->entryCount++; 6027 XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3); 6028 dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME); 6029 idx += 3; 6030 XMEMCPY(&dName->fullName[idx], 6031 &cert->source[dName->oIdx], dName->oLen); 6032 dName->oIdx = idx; 6033 idx += dName->oLen; 6034 } 6035 if (dName->ouLen != 0) { 6036 dName->entryCount++; 6037 XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4); 6038 dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME); 6039 idx += 4; 6040 XMEMCPY(&dName->fullName[idx], 6041 &cert->source[dName->ouIdx], dName->ouLen); 6042 dName->ouIdx = idx; 6043 idx += dName->ouLen; 6044 } 6045 if (dName->emailLen != 0) { 6046 dName->entryCount++; 6047 XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14); 6048 dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress="); 6049 idx += 14; 6050 XMEMCPY(&dName->fullName[idx], 6051 &cert->source[dName->emailIdx], dName->emailLen); 6052 dName->emailIdx = idx; 6053 idx += dName->emailLen; 6054 } 6055 for (i = 0;i < dName->dcNum;i++){ 6056 if (dName->dcLen[i] != 0) { 6057 dName->entryCount++; 6058 XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4); 6059 idx += 4; 6060 XMEMCPY(&dName->fullName[idx], 6061 &cert->source[dName->dcIdx[i]], dName->dcLen[i]); 6062 dName->dcIdx[i] = idx; 6063 idx += dName->dcLen[i]; 6064 } 6065 } 6066 if (dName->uidLen != 0) { 6067 dName->entryCount++; 6068 XMEMCPY(&dName->fullName[idx], "/UID=", 5); 6069 dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID="); 6070 idx += 5; 6071 XMEMCPY(&dName->fullName[idx], 6072 &cert->source[dName->uidIdx], dName->uidLen); 6073 dName->uidIdx = idx; 6074 idx += dName->uidLen; 6075 } 6076 if (dName->serialLen != 0) { 6077 dName->entryCount++; 6078 XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14); 6079 dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER); 6080 idx += 14; 6081 XMEMCPY(&dName->fullName[idx], 6082 &cert->source[dName->serialIdx], dName->serialLen); 6083 dName->serialIdx = idx; 6084 idx += dName->serialLen; 6085 } 6086 dName->fullName[idx] = '\0'; 6087 dName->fullNameLen = totalLen; 6088 } 6089 } 6090 #endif /* OPENSSL_EXTRA */ 6091 6169 6170 6171 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6172 !defined(WOLFCRYPT_ONLY) 6173 if (nameType == ISSUER) { 6174 cert->issuerName = dName; 6175 } 6176 else { 6177 cert->subjectName = dName; 6178 } 6179 #endif 6092 6180 return 0; 6093 6181 } … … 6113 6201 return 0; 6114 6202 } 6203 6204 #ifdef WOLFSSL_LINUXKM 6205 static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx) 6206 { 6207 int i = *idx; 6208 6209 if (date[i] < 0x30 || date[i] > 0x39 || date[i+1] < 0x30 || 6210 date[i+1] > 0x39) { 6211 return ASN_PARSE_E; 6212 } 6213 6214 *value += (long)btoi(date[i++]) * 10; 6215 *value += (long)btoi(date[i++]); 6216 6217 *idx = i; 6218 6219 return 0; 6220 } 6221 #endif 6115 6222 6116 6223 int ExtractDate(const unsigned char* date, unsigned char format, … … 6126 6233 } 6127 6234 else { /* format == GENERALIZED_TIME */ 6235 #ifdef WOLFSSL_LINUXKM 6236 if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; 6237 #else 6128 6238 if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; 6239 #endif 6129 6240 certTime->tm_year *= 100; 6130 6241 } 6131 6242 6243 #ifdef AVR 6244 /* Extract the time from the struct tm and adjust tm_year, tm_mon */ 6245 /* AVR libc stores these as uint8_t instead of int */ 6246 /* AVR time_t also offsets from midnight 1 Jan 2000 */ 6247 int tm_year = certTime->tm_year - 2000; 6248 int tm_mon = certTime->tm_mon - 1; 6249 int tm_mday = certTime->tm_mday; 6250 int tm_hour = certTime->tm_hour; 6251 int tm_min = certTime->tm_min; 6252 int tm_sec = certTime->tm_sec; 6253 6254 #ifdef WOLFSSL_LINUXKM 6255 if (GetTime_Long(&tm_year, date, idx) != 0) return 0; 6256 #else 6257 if (GetTime(&tm_year, date, idx) != 0) return 0; 6258 #endif 6259 if (GetTime(&tm_mon , date, idx) != 0) return 0; 6260 if (GetTime(&tm_mday, date, idx) != 0) return 0; 6261 if (GetTime(&tm_hour, date, idx) != 0) return 0; 6262 if (GetTime(&tm_min , date, idx) != 0) return 0; 6263 if (GetTime(&tm_sec , date, idx) != 0) return 0; 6264 6265 /* Re-populate certTime with computed values */ 6266 certTime->tm_year = tm_year; 6267 certTime->tm_mon = tm_mon; 6268 certTime->tm_mday = tm_mday; 6269 certTime->tm_hour = tm_hour; 6270 certTime->tm_min = tm_min; 6271 certTime->tm_sec = tm_sec; 6272 #else 6132 6273 /* adjust tm_year, tm_mon */ 6274 #ifdef WOLFSSL_LINUXKM 6275 if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; 6276 #else 6133 6277 if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; 6278 #endif 6134 6279 certTime->tm_year -= 1900; 6135 6280 if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0; … … 6139 6284 if (GetTime(&certTime->tm_min , date, idx) != 0) return 0; 6140 6285 if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0; 6286 #endif 6141 6287 6142 6288 return 1; … … 6182 6328 6183 6329 XSNPRINTF(buf + idx, len - idx, "%2d %02d:%02d:%02d %d GMT", 6184 t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, t.tm_year + 1900);6330 t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, (int)t.tm_year + 1900); 6185 6331 6186 6332 return 1; … … 6199 6345 struct tm* ts = NULL; 6200 6346 struct tm* tmpTime = NULL; 6347 byte* data_ptr = buf; 6348 word32 data_len = 0; 6349 int year, mon, day, hour, mini, sec; 6201 6350 #if defined(NEED_TMP_TIME) 6202 6351 struct tm tmpTimeStorage; … … 6205 6354 (void)tmpTime; 6206 6355 #endif 6207 byte* data_ptr = buf;6208 word32 data_len = 0;6209 int year, mon, day, hour, mini, sec;6210 6356 6211 6357 WOLFSSL_ENTER("SetAsnTimeString"); … … 6320 6466 /* like atoi but only use first byte */ 6321 6467 /* Make sure before and after dates are valid */ 6322 int ValidateDate(const byte* date, byte format, int dateType)6468 int wc_ValidateDate(const byte* date, byte format, int dateType) 6323 6469 { 6324 6470 time_t ltime; … … 6592 6738 WOLFSSL_MSG("Got Cert Header"); 6593 6739 6594 /* Using the sigIndex as the upper bound because that's where the 6595 * actual certificate data ends. */ 6596 if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, 6597 oidSigType, cert->sigIndex)) < 0) 6598 return ret; 6599 6600 WOLFSSL_MSG("Got Algo ID"); 6601 6602 if ( (ret = GetName(cert, ISSUER, cert->sigIndex)) < 0) 6603 return ret; 6604 6605 if ( (ret = GetValidity(cert, verify, cert->sigIndex)) < 0) 6606 *badDate = ret; 6740 #ifdef WOLFSSL_CERT_REQ 6741 if (!cert->isCSR) { 6742 #endif 6743 /* Using the sigIndex as the upper bound because that's where the 6744 * actual certificate data ends. */ 6745 if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, 6746 oidSigType, cert->sigIndex)) < 0) 6747 return ret; 6748 6749 WOLFSSL_MSG("Got Algo ID"); 6750 6751 if ( (ret = GetName(cert, ISSUER, cert->sigIndex)) < 0) 6752 return ret; 6753 6754 if ( (ret = GetValidity(cert, verify, cert->sigIndex)) < 0) 6755 *badDate = ret; 6756 #ifdef WOLFSSL_CERT_REQ 6757 } 6758 #endif 6607 6759 6608 6760 if ( (ret = GetName(cert, SUBJECT, cert->sigIndex)) < 0) … … 6641 6793 int length; 6642 6794 int ret; 6795 6643 6796 ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1, 6644 6797 NULL); … … 6649 6802 cert->signature = &cert->source[cert->srcIdx]; 6650 6803 cert->srcIdx += cert->sigLength; 6804 6805 if (cert->srcIdx != cert->maxIdx) 6806 return ASN_PARSE_E; 6651 6807 6652 6808 return 0; … … 6903 7059 sigCtx->digest = NULL; 6904 7060 } 6905 #if ndef NO_RSA6906 if (sigCtx-> plain) {6907 XFREE(sigCtx-> plain, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);6908 sigCtx-> plain= NULL;7061 #if !(defined(NO_RSA) && defined(NO_DSA)) 7062 if (sigCtx->sigCpy) { 7063 XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7064 sigCtx->sigCpy = NULL; 6909 7065 } 6910 7066 #endif … … 6918 7074 break; 6919 7075 #endif /* !NO_RSA */ 7076 #ifndef NO_DSA 7077 case DSAk: 7078 wc_FreeDsaKey(sigCtx->key.dsa); 7079 XFREE(sigCtx->key.dsa, sigCtx->heap, DYNAMIC_TYPE_DSA); 7080 break; 7081 #endif 6920 7082 #ifdef HAVE_ECC 6921 7083 case ECDSAk: … … 6998 7160 case CTC_SHA256wRSA: 6999 7161 case CTC_SHA256wECDSA: 7162 case CTC_SHA256wDSA: 7000 7163 if ((ret = wc_Sha256Hash(buf, bufSz, digest)) == 0) { 7001 7164 *typeH = SHA256h; … … 7105 7268 sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), 7106 7269 sigCtx->heap, DYNAMIC_TYPE_RSA); 7107 sigCtx-> plain= (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,7270 sigCtx->sigCpy = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, 7108 7271 sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7109 if (sigCtx->key.rsa == NULL || sigCtx-> plain== NULL) {7272 if (sigCtx->key.rsa == NULL || sigCtx->sigCpy == NULL) { 7110 7273 ERROR_OUT(MEMORY_E, exit_cs); 7111 7274 } … … 7123 7286 goto exit_cs; 7124 7287 } 7125 XMEMCPY(sigCtx-> plain, sig, sigSz);7288 XMEMCPY(sigCtx->sigCpy, sig, sigSz); 7126 7289 sigCtx->out = NULL; 7127 7290 … … 7132 7295 } 7133 7296 #endif /* !NO_RSA */ 7297 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7298 case DSAk: 7299 { 7300 word32 idx = 0; 7301 7302 if (sigSz < DSA_SIG_SIZE) { 7303 WOLFSSL_MSG("Verify Signature is too small"); 7304 ERROR_OUT(BUFFER_E, exit_cs); 7305 } 7306 sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), 7307 sigCtx->heap, DYNAMIC_TYPE_DSA); 7308 sigCtx->sigCpy = (byte*)XMALLOC(sigSz, 7309 sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7310 if (sigCtx->key.dsa == NULL || sigCtx->sigCpy == NULL) { 7311 ERROR_OUT(MEMORY_E, exit_cs); 7312 } 7313 if ((ret = wc_InitDsaKey_h(sigCtx->key.dsa, sigCtx->heap)) != 0) { 7314 WOLFSSL_MSG("wc_InitDsaKey_h error"); 7315 goto exit_cs; 7316 } 7317 if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa, 7318 keySz)) != 0) { 7319 WOLFSSL_MSG("ASN Key decode error RSA"); 7320 goto exit_cs; 7321 } 7322 if (sigSz != DSA_SIG_SIZE) { 7323 #ifdef HAVE_ECC 7324 /* Try to parse it as the contents of a bitstring */ 7325 mp_int r, s; 7326 idx = 0; 7327 if (DecodeECC_DSA_Sig(sig + idx, sigSz - idx, 7328 &r, &s) != 0) { 7329 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7330 "incorrect format"); 7331 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7332 } 7333 if (mp_to_unsigned_bin_len(&r, sigCtx->sigCpy, 7334 DSA_HALF_SIZE) != MP_OKAY || 7335 mp_to_unsigned_bin_len(&s, 7336 sigCtx->sigCpy + DSA_HALF_SIZE, 7337 DSA_HALF_SIZE) != MP_OKAY) { 7338 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7339 "incorrect format"); 7340 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7341 } 7342 mp_free(&r); 7343 mp_free(&s); 7344 #else 7345 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7346 "incorrect format"); 7347 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7348 #endif 7349 } 7350 else { 7351 XMEMCPY(sigCtx->sigCpy, sig, DSA_SIG_SIZE); 7352 } 7353 break; 7354 } 7355 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7134 7356 #ifdef HAVE_ECC 7135 7357 case ECDSAk: … … 7239 7461 if (sigCtx->pkCbRsa) { 7240 7462 ret = sigCtx->pkCbRsa( 7241 sigCtx-> plain, sigSz, &sigCtx->out,7463 sigCtx->sigCpy, sigSz, &sigCtx->out, 7242 7464 key, keySz, 7243 7465 sigCtx->pkCtxRsa); … … 7249 7471 if (rsaKeyIdx != NULL) 7250 7472 { 7251 ret = tsip_tls_CertVerify(buf, bufSz, sigCtx-> plain,7473 ret = tsip_tls_CertVerify(buf, bufSz, sigCtx->sigCpy, 7252 7474 sigSz, 7253 7475 sigCtx->pubkey_n_start - sigCtx->certBegin, … … 7266 7488 } else 7267 7489 #endif 7268 ret = wc_RsaSSL_VerifyInline(sigCtx-> plain, sigSz,7490 ret = wc_RsaSSL_VerifyInline(sigCtx->sigCpy, sigSz, 7269 7491 &sigCtx->out, sigCtx->key.rsa); 7270 7492 } … … 7272 7494 } 7273 7495 #endif /* !NO_RSA */ 7496 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7497 case DSAk: 7498 { 7499 ret = wc_DsaVerify(sigCtx->digest, sigCtx->sigCpy, 7500 sigCtx->key.dsa, &sigCtx->verify); 7501 break; 7502 } 7503 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7274 7504 #if defined(HAVE_ECC) 7275 7505 case ECDSAk: … … 7370 7600 } 7371 7601 #endif /* NO_RSA */ 7602 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7603 case DSAk: 7604 { 7605 if (sigCtx->verify == 1) { 7606 ret = 0; 7607 } 7608 else { 7609 WOLFSSL_MSG("DSA Verify didn't match"); 7610 ret = ASN_SIG_CONFIRM_E; 7611 } 7612 break; 7613 } 7614 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7372 7615 #ifdef HAVE_ECC 7373 7616 case ECDSAk: … … 7547 7790 return 0; 7548 7791 } 7792 #ifndef WOLFSSL_NO_ASN_STRICT 7793 /* RFC 5280 section 4.2.1.10 7794 "Restrictions of the form directoryName MUST be 7795 applied to the subject field .... and to any names 7796 of type directoryName in the subjectAltName 7797 extension" 7798 */ 7799 if (cert->altDirNames != NULL) { 7800 DNS_entry* cur = cert->altDirNames; 7801 while (cur != NULL) { 7802 if (XMEMCMP(cur->name, base->name, base->nameSz) 7803 == 0) { 7804 WOLFSSL_MSG("DIR alt name constraint err"); 7805 return 0; 7806 } 7807 cur = cur->next; 7808 } 7809 } 7810 #endif /* !WOLFSSL_NO_ASN_STRICT */ 7549 7811 break; 7550 7812 } … … 7605 7867 base->nameSz) == 0) { 7606 7868 matchDir = 1; 7869 7870 #ifndef WOLFSSL_NO_ASN_STRICT 7871 /* RFC 5280 section 4.2.1.10 7872 "Restrictions of the form directoryName MUST be 7873 applied to the subject field .... and to any names 7874 of type directoryName in the subjectAltName 7875 extension" 7876 */ 7877 if (cert->altDirNames != NULL) { 7878 DNS_entry* cur = cert->altDirNames; 7879 while (cur != NULL) { 7880 if (XMEMCMP(cur->name, base->name, base->nameSz) 7881 != 0) { 7882 WOLFSSL_MSG("DIR alt name constraint err"); 7883 matchDir = 0; /* did not match */ 7884 } 7885 cur = cur->next; 7886 } 7887 } 7888 #endif /* !WOLFSSL_NO_ASN_STRICT */ 7607 7889 } 7608 7890 break; … … 7689 7971 } 7690 7972 #ifndef IGNORE_NAME_CONSTRAINTS 7973 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { 7974 DNS_entry* dirEntry; 7975 int strLen; 7976 word32 lenStartIdx = idx; 7977 7978 if (GetLength(input, &idx, &strLen, sz) < 0) { 7979 WOLFSSL_MSG("\tfail: str length"); 7980 return ASN_PARSE_E; 7981 } 7982 7983 if (GetSequence(input, &idx, &strLen, sz) < 0) { 7984 WOLFSSL_MSG("\tfail: seq length"); 7985 return ASN_PARSE_E; 7986 } 7987 length -= (idx - lenStartIdx); 7988 7989 dirEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, 7990 DYNAMIC_TYPE_ALTNAME); 7991 if (dirEntry == NULL) { 7992 WOLFSSL_MSG("\tOut of Memory"); 7993 return MEMORY_E; 7994 } 7995 7996 dirEntry->type = ASN_DIR_TYPE; 7997 dirEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, 7998 DYNAMIC_TYPE_ALTNAME); 7999 if (dirEntry->name == NULL) { 8000 WOLFSSL_MSG("\tOut of Memory"); 8001 XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); 8002 return MEMORY_E; 8003 } 8004 dirEntry->len = strLen; 8005 XMEMCPY(dirEntry->name, &input[idx], strLen); 8006 dirEntry->name[strLen] = '\0'; 8007 8008 dirEntry->next = cert->altDirNames; 8009 cert->altDirNames = dirEntry; 8010 8011 length -= strLen; 8012 idx += strLen; 8013 } 7691 8014 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { 7692 8015 DNS_entry* emailEntry; … … 7796 8119 idx += strLen; 7797 8120 } 7798 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 8121 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) 7799 8122 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { 7800 8123 DNS_entry* ipAddr; … … 8396 8719 } 8397 8720 8398 DecodeSubtree(input + idx, length, subtree, cert->heap); 8721 if (DecodeSubtree(input + idx, length, subtree, cert->heap) < 0) { 8722 WOLFSSL_MSG("\terror parsing subtree"); 8723 return ASN_PARSE_E; 8724 } 8399 8725 8400 8726 idx += length; … … 8405 8731 #endif /* IGNORE_NAME_CONSTRAINTS */ 8406 8732 8407 #if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA) 8733 #if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ 8734 defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8408 8735 8409 8736 /* Decode ITU-T X.690 OID format to a string representation … … 8597 8924 return BAD_FUNC_ARG; 8598 8925 8599 if (GetASNTag(input, &idx, &tag, sz) < 0) { 8600 return ASN_PARSE_E; 8601 } 8602 8603 if (tag != ASN_EXTENSIONS) { 8604 WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); 8605 return ASN_PARSE_E; 8606 } 8607 8608 if (GetLength(input, &idx, &length, sz) < 0) { 8609 WOLFSSL_MSG("\tfail: invalid length"); 8610 return ASN_PARSE_E; 8926 #ifdef WOLFSSL_CERT_REQ 8927 if (!cert->isCSR) 8928 #endif 8929 { /* Not included in CSR */ 8930 if (GetASNTag(input, &idx, &tag, sz) < 0) { 8931 return ASN_PARSE_E; 8932 } 8933 8934 if (tag != ASN_EXTENSIONS) { 8935 WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); 8936 return ASN_PARSE_E; 8937 } 8938 8939 if (GetLength(input, &idx, &length, sz) < 0) { 8940 WOLFSSL_MSG("\tfail: invalid length"); 8941 return ASN_PARSE_E; 8942 } 8611 8943 } 8612 8944 … … 8807 9139 break; 8808 9140 #endif 8809 9141 #ifdef HAVE_OCSP 9142 case OCSP_NOCHECK_OID: 9143 VERIFY_AND_SET_OID(cert->ocspNoCheckSet); 9144 ret = GetASNNull(input, &idx, sz); 9145 length = 0; /* idx is already incremented, reset length to 0 */ 9146 if (ret != 0) 9147 return ASN_PARSE_E; 9148 break; 9149 #endif 8810 9150 default: 8811 9151 #ifndef WOLFSSL_NO_ASN_STRICT … … 8914 9254 * in certificate signature verification. 8915 9255 * Must use the signature OID from the signed part of the certificate. 9256 * Works also on certificate signing requests. 8916 9257 * 8917 9258 * This is only for minimizing dynamic memory usage during TLS certificate … … 8921 9262 */ 8922 9263 static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, 8923 void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID )9264 void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req) 8924 9265 { 8925 9266 #ifndef WOLFSSL_SMALL_STACK … … 8998 9339 8999 9340 /* signature */ 9000 if (GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) 9341 if (!req && 9342 GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) 9001 9343 ret = ASN_PARSE_E; 9002 9344 } … … 9004 9346 if (ret == 0) { 9005 9347 issuerIdx = idx; 9006 /* issuer */9348 /* issuer for cert or subject for csr */ 9007 9349 if (GetSequence(cert, &idx, &len, certSz) < 0) 9008 9350 ret = ASN_PARSE_E; … … 9012 9354 } 9013 9355 #ifndef NO_SKID 9014 if ( ret == 0) {9356 if (!req && ret == 0) { 9015 9357 idx += len; 9016 9358 … … 9019 9361 ret = ASN_PARSE_E; 9020 9362 } 9021 if ( ret == 0) {9363 if (!req && ret == 0) { 9022 9364 idx += len; 9023 9365 … … 9033 9375 ret = ASN_PARSE_E; 9034 9376 } 9035 if (re t == 0) {9377 if (req && ret == 0) { 9036 9378 idx += len; 9037 9379 9038 if ((idx + 1) > certSz) 9039 ret = BUFFER_E; 9040 } 9041 if (ret == 0) { 9042 /* issuerUniqueID - optional */ 9380 /* attributes */ 9381 if (GetASNHeader_ex(cert, 9382 ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, 9383 &len, certSz, 1) < 0) 9384 ret = ASN_PARSE_E; 9385 } 9386 if (!req) { 9387 if (ret == 0) { 9388 idx += len; 9389 9390 if ((idx + 1) > certSz) 9391 ret = BUFFER_E; 9392 } 9393 if (ret == 0) { 9394 /* issuerUniqueID - optional */ 9395 localIdx = idx; 9396 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9397 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { 9398 idx++; 9399 if (GetLength(cert, &idx, &len, certSz) < 0) 9400 ret = ASN_PARSE_E; 9401 idx += len; 9402 } 9403 } 9404 } 9405 if (ret == 0) { 9406 if ((idx + 1) > certSz) 9407 ret = BUFFER_E; 9408 } 9409 if (ret == 0) { 9410 /* subjectUniqueID - optional */ 9411 localIdx = idx; 9412 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9413 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { 9414 idx++; 9415 if (GetLength(cert, &idx, &len, certSz) < 0) 9416 ret = ASN_PARSE_E; 9417 idx += len; 9418 } 9419 } 9420 } 9421 9422 if (ret == 0) { 9423 if ((idx + 1) > certSz) 9424 ret = BUFFER_E; 9425 } 9426 /* extensions - optional */ 9043 9427 localIdx = idx; 9044 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9045 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { 9046 idx++; 9047 if (GetLength(cert, &idx, &len, certSz) < 0) 9428 if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9429 tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { 9430 idx++; 9431 if (GetLength(cert, &idx, &extLen, certSz) < 0) 9432 ret = ASN_PARSE_E; 9433 if (ret == 0) { 9434 if (GetSequence(cert, &idx, &extLen, certSz) < 0) 9048 9435 ret = ASN_PARSE_E; 9049 idx += len; 9050 } 9051 } 9052 } 9053 if (ret == 0) { 9054 if ((idx + 1) > certSz) 9055 ret = BUFFER_E; 9056 } 9057 if (ret == 0) { 9058 /* subjectUniqueID - optional */ 9059 localIdx = idx; 9060 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9061 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { 9062 idx++; 9063 if (GetLength(cert, &idx, &len, certSz) < 0) 9064 ret = ASN_PARSE_E; 9065 idx += len; 9066 } 9067 } 9068 } 9069 9070 if (ret == 0) { 9071 if ((idx + 1) > certSz) 9072 ret = BUFFER_E; 9073 } 9074 /* extensions - optional */ 9075 localIdx = idx; 9076 if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9077 tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { 9078 idx++; 9079 if (GetLength(cert, &idx, &extLen, certSz) < 0) 9080 ret = ASN_PARSE_E; 9081 if (ret == 0) { 9082 if (GetSequence(cert, &idx, &extLen, certSz) < 0) 9083 ret = ASN_PARSE_E; 9084 } 9085 if (ret == 0) { 9086 extEndIdx = idx + extLen; 9087 9088 /* Check each extension for the ones we want. */ 9089 while (ret == 0 && idx < extEndIdx) { 9090 if (GetSequence(cert, &idx, &len, certSz) < 0) 9091 ret = ASN_PARSE_E; 9092 if (ret == 0) { 9093 extIdx = idx; 9094 if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, 9095 certSz) < 0) { 9436 } 9437 if (ret == 0) { 9438 extEndIdx = idx + extLen; 9439 9440 /* Check each extension for the ones we want. */ 9441 while (ret == 0 && idx < extEndIdx) { 9442 if (GetSequence(cert, &idx, &len, certSz) < 0) 9096 9443 ret = ASN_PARSE_E; 9444 if (ret == 0) { 9445 extIdx = idx; 9446 if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, 9447 certSz) < 0) { 9448 ret = ASN_PARSE_E; 9449 } 9450 9451 if (ret == 0) { 9452 if ((extIdx + 1) > certSz) 9453 ret = BUFFER_E; 9454 } 9097 9455 } 9098 9456 9099 9457 if (ret == 0) { 9100 if ((extIdx + 1) > certSz) 9101 ret = BUFFER_E; 9458 localIdx = extIdx; 9459 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9460 tag == ASN_BOOLEAN) { 9461 if (GetBoolean(cert, &extIdx, certSz) < 0) 9462 ret = ASN_PARSE_E; 9463 } 9102 9464 } 9103 } 9104 9105 if (ret == 0) { 9106 localIdx = extIdx; 9107 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9108 tag == ASN_BOOLEAN) { 9109 if (GetBoolean(cert, &extIdx, certSz) < 0) 9465 if (ret == 0) { 9466 if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) 9110 9467 ret = ASN_PARSE_E; 9111 9468 } 9112 } 9113 if (ret == 0) { 9114 if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) 9115 ret = ASN_PARSE_E; 9116 } 9117 9118 if (ret == 0) { 9119 switch (oid) { 9120 case AUTH_KEY_OID: 9121 if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) 9122 ret = ASN_PARSE_E; 9123 9124 if (ret == 0 && (extIdx + 1) >= certSz) 9125 ret = BUFFER_E; 9126 9127 if (ret == 0 && 9128 GetASNTag(cert, &extIdx, &tag, certSz) == 0 && 9129 tag == (ASN_CONTEXT_SPECIFIC | 0)) { 9130 if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) 9469 9470 if (ret == 0) { 9471 switch (oid) { 9472 case AUTH_KEY_OID: 9473 if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) 9131 9474 ret = ASN_PARSE_E; 9132 if (ret == 0) { 9133 extAuthKeyIdSet = 1; 9134 if (extLen == KEYID_SIZE) 9135 XMEMCPY(hash, cert + extIdx, extLen); 9136 else { 9137 ret = CalcHashId(cert + extIdx, extLen, 9138 hash); 9475 9476 if (ret == 0 && (extIdx + 1) >= certSz) 9477 ret = BUFFER_E; 9478 9479 if (ret == 0 && 9480 GetASNTag(cert, &extIdx, &tag, certSz) == 0 && 9481 tag == (ASN_CONTEXT_SPECIFIC | 0)) { 9482 if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) 9483 ret = ASN_PARSE_E; 9484 if (ret == 0) { 9485 extAuthKeyIdSet = 1; 9486 if (extLen == KEYID_SIZE) 9487 XMEMCPY(hash, cert + extIdx, extLen); 9488 else { 9489 ret = CalcHashId(cert + extIdx, extLen, 9490 hash); 9491 } 9139 9492 } 9140 9493 } 9494 break; 9495 9496 default: 9497 break; 9141 9498 } 9142 break;9143 9144 default:9145 break;9146 9499 } 9500 idx += len; 9147 9501 } 9148 idx += len; 9149 } 9150 } 9502 } 9503 } 9504 } 9505 else if (ret == 0) { 9506 idx += len; 9151 9507 } 9152 9508 … … 9175 9531 if (GetAlgoId(cert, &idx, &oid, oidSigType, certSz) < 0) 9176 9532 ret = ASN_PARSE_E; 9533 /* In CSR signature data is not present in body */ 9534 if (req) 9535 signatureOID = oid; 9177 9536 } 9178 9537 if (ret == 0) { … … 9219 9578 { 9220 9579 return CheckCertSignature_ex(cert, certSz, heap, NULL, 9221 pubKey, pubKeySz, pubKeyOID); 9222 } 9580 pubKey, pubKeySz, pubKeyOID, 0); 9581 } 9582 #ifdef WOLFSSL_CERT_REQ 9583 int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, 9584 const byte* pubKey, word32 pubKeySz, int pubKeyOID) 9585 { 9586 return CheckCertSignature_ex(cert, certSz, heap, NULL, 9587 pubKey, pubKeySz, pubKeyOID, 1); 9588 } 9589 #endif /* WOLFSSL_CERT_REQ */ 9223 9590 #endif /* OPENSSL_EXTRA */ 9224 9591 #ifdef WOLFSSL_SMALL_CERT_VERIFY … … 9227 9594 int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) 9228 9595 { 9229 return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0 );9596 return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0); 9230 9597 } 9231 9598 #endif /* WOLFSSL_SMALL_CERT_VERIFY */ … … 9237 9604 int checkPathLen = 0; 9238 9605 int decrementMaxPathLen = 0; 9239 word32 confirmOID ;9606 word32 confirmOID = 0; 9240 9607 #if defined(WOLFSSL_RENESAS_TSIP) 9241 9608 int idx = 0; 9242 9609 #endif 9243 9610 byte* tsip_encRsaKeyIdx; 9611 #ifdef WOLFSSL_CERT_REQ 9612 int len = 0; 9613 #endif 9244 9614 9245 9615 if (cert == NULL) { 9246 9616 return BAD_FUNC_ARG; 9247 9617 } 9618 9619 #ifdef WOLFSSL_CERT_REQ 9620 if (type == CERTREQ_TYPE) 9621 cert->isCSR = 1; 9622 #endif 9248 9623 9249 9624 if (cert->sigCtx.state == SIG_STATE_BEGIN) { … … 9259 9634 WOLFSSL_MSG("Parsed Past Key"); 9260 9635 9636 9637 #ifdef WOLFSSL_CERT_REQ 9638 /* Read attributes */ 9639 if (cert->isCSR) { 9640 if (GetASNHeader_ex(cert->source, 9641 ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &cert->srcIdx, 9642 &len, cert->maxIdx, 1) < 0) { 9643 WOLFSSL_MSG("GetASNHeader_ex error"); 9644 return ASN_PARSE_E; 9645 } 9646 9647 if (len) { 9648 word32 attrMaxIdx = cert->srcIdx + len; 9649 word32 oid; 9650 byte tag; 9651 9652 if (attrMaxIdx > cert->maxIdx) { 9653 WOLFSSL_MSG("Attribute length greater than CSR length"); 9654 return ASN_PARSE_E; 9655 } 9656 9657 while (cert->srcIdx < attrMaxIdx) { 9658 /* Attributes have the structure: 9659 * SEQ -> OID -> SET -> ATTRIBUTE */ 9660 if (GetSequence(cert->source, &cert->srcIdx, &len, 9661 attrMaxIdx) < 0) { 9662 WOLFSSL_MSG("attr GetSequence error"); 9663 return ASN_PARSE_E; 9664 } 9665 if (GetObjectId(cert->source, &cert->srcIdx, &oid, 9666 oidCsrAttrType, attrMaxIdx) < 0) { 9667 WOLFSSL_MSG("attr GetObjectId error"); 9668 return ASN_PARSE_E; 9669 } 9670 if (GetSet(cert->source, &cert->srcIdx, &len, 9671 attrMaxIdx) < 0) { 9672 WOLFSSL_MSG("attr GetSet error"); 9673 return ASN_PARSE_E; 9674 } 9675 switch (oid) { 9676 case CHALLENGE_PASSWORD_OID: 9677 if (GetHeader(cert->source, &tag, 9678 &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { 9679 WOLFSSL_MSG("attr GetHeader error"); 9680 return ASN_PARSE_E; 9681 } 9682 if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && 9683 tag != ASN_IA5_STRING) { 9684 WOLFSSL_MSG("Unsupported attribute value format"); 9685 return ASN_PARSE_E; 9686 } 9687 cert->cPwd = (char*)cert->source + cert->srcIdx; 9688 cert->cPwdLen = len; 9689 cert->srcIdx += len; 9690 break; 9691 case SERIAL_NUMBER_OID: 9692 if (GetHeader(cert->source, &tag, 9693 &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { 9694 WOLFSSL_MSG("attr GetHeader error"); 9695 return ASN_PARSE_E; 9696 } 9697 if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && 9698 tag != ASN_IA5_STRING) { 9699 WOLFSSL_MSG("Unsupported attribute value format"); 9700 return ASN_PARSE_E; 9701 } 9702 cert->sNum = (char*)cert->source + cert->srcIdx; 9703 cert->sNumLen = len; 9704 cert->srcIdx += len; 9705 if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) { 9706 XMEMCPY(cert->serial, cert->sNum, cert->sNumLen); 9707 cert->serialSz = cert->sNumLen; 9708 } 9709 break; 9710 case EXTENSION_REQUEST_OID: 9711 /* save extensions */ 9712 cert->extensions = &cert->source[cert->srcIdx]; 9713 cert->extensionsSz = len; 9714 cert->extensionsIdx = cert->srcIdx; /* for potential later use */ 9715 9716 if ((ret = DecodeCertExtensions(cert)) < 0) { 9717 if (ret == ASN_CRIT_EXT_E) 9718 cert->criticalExt = ret; 9719 else 9720 return ret; 9721 } 9722 cert->srcIdx += len; 9723 break; 9724 default: 9725 WOLFSSL_MSG("Unsupported attribute type"); 9726 return ASN_PARSE_E; 9727 } 9728 } 9729 } 9730 } 9731 #endif 9732 9261 9733 if (cert->srcIdx < cert->sigIndex) { 9262 9734 #ifndef ALLOW_V1_EXTENSIONS … … 9279 9751 } 9280 9752 9753 #ifdef HAVE_OCSP 9754 /* trust for the lifetime of the responder's cert*/ 9755 if (cert->ocspNoCheckSet && verify == VERIFY_OCSP) 9756 verify = NO_VERIFY; 9757 #endif 9281 9758 /* advance past extensions */ 9282 9759 cert->srcIdx = cert->sigIndex; 9283 9760 } 9284 9761 9285 if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID, 9286 oidSigType, cert->maxIdx)) < 0) 9762 if ((ret = GetAlgoId(cert->source, &cert->srcIdx, 9763 #ifdef WOLFSSL_CERT_REQ 9764 !cert->isCSR ? &confirmOID : &cert->signatureOID, 9765 #else 9766 &confirmOID, 9767 #endif 9768 oidSigType, cert->maxIdx)) < 0) 9287 9769 return ret; 9288 9770 … … 9290 9772 return ret; 9291 9773 9292 if (confirmOID != cert->signatureOID) 9774 if (confirmOID != cert->signatureOID 9775 #ifdef WOLFSSL_CERT_REQ 9776 && !cert->isCSR 9777 #endif 9778 ) 9293 9779 return ASN_SIG_OID_E; 9294 9780 … … 9341 9827 cert->ca = GetCA(cm, cert->issuerHash); 9342 9828 #endif /* !NO_SKID */ 9829 9830 if (cert->ca) { 9831 WOLFSSL_MSG("CA found"); 9832 } 9343 9833 } 9344 9834 … … 9425 9915 } 9426 9916 } 9427 #ifdef HAVE_OCSP9428 if (verify != NO_VERIFY && type != CA_TYPE && 9429 type != TRUSTED_PEER_TYPE) {9430 if (cert->ca) {9431 /* Need the CA's public key hash for OCSP */9432 XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash,9433 KEYID_SIZE);9434 }9435 9436 } 9437 #endif /* HAVE_OCSP */9438 }9917 } 9918 9919 #ifdef HAVE_OCSP 9920 if (verify != NO_VERIFY && type != CA_TYPE && 9921 type != TRUSTED_PEER_TYPE) { 9922 if (cert->ca) { 9923 /* Need the CA's public key hash for OCSP */ 9924 XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, 9925 KEYID_SIZE); 9926 } 9927 } 9928 #endif /* HAVE_OCSP */ 9439 9929 } 9440 9930 #if defined(WOLFSSL_RENESAS_TSIP) … … 9799 10289 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 9800 10290 9801 /* Max X509 header length indicates the max length + 2 ('\n', '\0') */9802 #define MAX_X509_HEADER_SZ (37 + 2) 9803 10291 /* Note: If items added make sure MAX_X509_HEADER_SZ is 10292 updated to reflect maximum length and pem_struct_min_sz 10293 to reflect minimum size */ 9804 10294 wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; 9805 10295 wcchar END_CERT = "-----END CERTIFICATE-----"; … … 9844 10334 wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; 9845 10335 #endif 9846 #ifdef HAVE_CRL 9847 const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----"; 9848 wcchar END_CRL = "-----END X509 CRL-----"; 9849 #endif 9850 10336 10337 const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----" 10338 "-----END X509 CRL-----"); 9851 10339 9852 10340 static WC_INLINE char* SkipEndOfLineChars(char* line, const char* endOfLine) … … 9940 10428 ret = 0; 9941 10429 break; 9942 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))10430 #ifndef NO_DH 9943 10431 case DH_PRIVATEKEY_TYPE: 9944 10432 #endif … … 10374 10862 } else 10375 10863 #ifdef HAVE_CRL 10376 if ((type == CRL_TYPE) && (header != BEGIN_ CRL)) {10377 header = BEGIN_ CRL; footer = END_CRL;10864 if ((type == CRL_TYPE) && (header != BEGIN_X509_CRL)) { 10865 header = BEGIN_X509_CRL; footer = END_X509_CRL; 10378 10866 } else 10379 10867 #endif … … 10385 10873 if (!headerEnd) { 10386 10874 #ifdef OPENSSL_EXTRA 10387 char* beginEnd; 10388 int endLen; 10389 /* see if there is a -----BEGIN * PRIVATE KEY----- header */ 10390 headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); 10391 if (headerEnd) { 10392 beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); 10393 /* back up to BEGIN_PRIV_KEY_PREFIX */ 10394 headerEnd -= XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX); 10395 while (headerEnd > (char*)buff && 10396 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10397 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) { 10398 headerEnd--; 10399 } 10400 if (headerEnd <= (char*)buff || 10401 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10402 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || 10403 beginEnd - headerEnd > PEM_LINE_LEN) { 10404 WOLFSSL_MSG("Couldn't find PEM header"); 10405 return ASN_NO_PEM_HEADER; 10406 } 10407 /* headerEnd now points to beginning of header */ 10408 XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); 10409 beginBuf[beginEnd - headerEnd] = '\0'; 10410 /* look for matching footer */ 10411 footer = XSTRNSTR(beginEnd, 10412 beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), 10413 (unsigned int)((char*)buff + sz - beginEnd)); 10414 if (!footer) { 10415 WOLFSSL_MSG("Couldn't find PEM footer"); 10416 return ASN_NO_PEM_HEADER; 10417 } 10418 footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); 10419 endLen = (unsigned int)(beginEnd - headerEnd - 10420 (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - 10421 XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); 10422 XMEMCPY(endBuf, footer, endLen); 10423 endBuf[endLen] = '\0'; 10424 10425 header = beginBuf; 10426 footer = endBuf; 10427 headerEnd = beginEnd; 10428 } else { 10875 if (type == PRIVATEKEY_TYPE) { 10876 char* beginEnd; 10877 int endLen; 10878 /* see if there is a -----BEGIN * PRIVATE KEY----- header */ 10879 headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); 10880 if (headerEnd) { 10881 beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); 10882 if (beginEnd >= (char*)buff + sz) { 10883 return BUFFER_E; 10884 } 10885 10886 /* back up to BEGIN_PRIV_KEY_PREFIX */ 10887 while (headerEnd > (char*)buff && 10888 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10889 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 && 10890 *headerEnd != '\n') { 10891 headerEnd--; 10892 } 10893 if (headerEnd <= (char*)buff || 10894 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10895 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || 10896 beginEnd - headerEnd > PEM_LINE_LEN) { 10897 WOLFSSL_MSG("Couldn't find PEM header"); 10898 return ASN_NO_PEM_HEADER; 10899 } 10900 10901 /* headerEnd now points to beginning of header */ 10902 XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); 10903 beginBuf[beginEnd - headerEnd] = '\0'; 10904 /* look for matching footer */ 10905 footer = XSTRNSTR(beginEnd, 10906 beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), 10907 (unsigned int)((char*)buff + sz - beginEnd)); 10908 if (!footer) { 10909 WOLFSSL_MSG("Couldn't find PEM footer"); 10910 return ASN_NO_PEM_HEADER; 10911 } 10912 10913 footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); 10914 if (footer > (char*)buff + sz - XSTR_SIZEOF(END_PRIV_KEY_PREFIX) 10915 || XSTRNCMP(footer, END_PRIV_KEY_PREFIX, 10916 XSTR_SIZEOF(END_PRIV_KEY_PREFIX)) != 0) { 10917 WOLFSSL_MSG("Unexpected footer for PEM"); 10918 return BUFFER_E; 10919 } 10920 10921 endLen = (unsigned int)(beginEnd - headerEnd - 10922 (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - 10923 XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); 10924 XMEMCPY(endBuf, footer, endLen); 10925 endBuf[endLen] = '\0'; 10926 10927 header = beginBuf; 10928 footer = endBuf; 10929 headerEnd = beginEnd; 10930 } 10931 } 10932 10933 if (!headerEnd) { 10429 10934 WOLFSSL_MSG("Couldn't find PEM header"); 10430 10935 return ASN_NO_PEM_HEADER; … … 10583 11088 #ifndef NO_DES3 10584 11089 if (info->cipherType == WC_CIPHER_DES3) { 10585 padVal = der->buffer[der->length-1]; 10586 if (padVal <= DES_BLOCK_SIZE) { 10587 der->length -= padVal; 11090 /* Assuming there is padding: 11091 * (der->length > 0 && der->length > DES_BLOCK_SIZE && 11092 * (der->length % DES_BLOCK_SIZE) != 0) 11093 * and assuming the last value signifies the number of 11094 * padded bytes IE if last value is 0x08 then there are 11095 * 8 bytes of padding: 11096 * padVal = der->buffer[der->length-1]; 11097 * then strip this padding before proceeding: 11098 * der->length -= padVal; 11099 */ 11100 if (der->length > 0 && 11101 der->length > DES_BLOCK_SIZE && 11102 (der->length % DES_BLOCK_SIZE) != 0) { 11103 padVal = der->buffer[der->length-1]; 11104 if (padVal < DES_BLOCK_SIZE) { 11105 der->length -= padVal; 11106 } 10588 11107 } 10589 11108 } … … 10822 11341 10823 11342 if (ret == 0) { 10824 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) !=sz) {11343 if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { 10825 11344 ret = BUFFER_E; 10826 11345 } … … 10902 11421 } 10903 11422 if (ret == 0) { 10904 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) !=sz) {11423 if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { 10905 11424 ret = BUFFER_E; 10906 11425 } … … 11477 11996 #endif 11478 11997 11479 #if def HAVE_SELFTEST11998 #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) 11480 11999 /* older version of ecc.c can not handle dp being NULL */ 11481 12000 if (key != NULL && key->dp == NULL) { … … 11584 12103 } 11585 12104 11586 #if def HAVE_SELFTEST12105 #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) 11587 12106 /* older version of ecc.c can not handle dp being NULL */ 11588 12107 if (key != NULL && key->dp == NULL) { … … 11648 12167 if (idx != 0) { 11649 12168 #ifdef WOLFSSL_SMALL_STACK 11650 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12169 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11651 12170 #endif 11652 12171 return idx; … … 11658 12177 algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11659 12178 if (algo == NULL) { 11660 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12179 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11661 12180 return MEMORY_E; 11662 12181 } … … 11752 12271 if (idx != 0) { 11753 12272 #ifdef WOLFSSL_SMALL_STACK 11754 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12273 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11755 12274 #endif 11756 12275 return idx; … … 11762 12281 algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11763 12282 if (algo == NULL) { 11764 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12283 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11765 12284 return MEMORY_E; 11766 12285 } … … 11887 12406 11888 12407 #endif 11889 11890 11891 /* Set Date validity from now until now + daysValid11892 * return size in bytes written to output, 0 on error */11893 static int SetValidity(byte* output, int daysValid)11894 {11895 byte before[MAX_DATE_SIZE];11896 byte after[MAX_DATE_SIZE];11897 11898 int beforeSz;11899 int afterSz;11900 int seqSz;11901 11902 time_t now;11903 time_t then;11904 struct tm* tmpTime;11905 struct tm* expandedTime;11906 struct tm localTime;11907 11908 #if defined(NEED_TMP_TIME)11909 /* for use with gmtime_r */11910 struct tm tmpTimeStorage;11911 tmpTime = &tmpTimeStorage;11912 #else11913 tmpTime = NULL;11914 #endif11915 (void)tmpTime;11916 11917 now = XTIME(0);11918 11919 /* before now */11920 before[0] = ASN_GENERALIZED_TIME;11921 beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */11922 11923 /* subtract 1 day of seconds for more compliance */11924 then = now - 86400;11925 expandedTime = XGMTIME(&then, tmpTime);11926 if (expandedTime == NULL) {11927 WOLFSSL_MSG("XGMTIME failed");11928 return 0; /* error */11929 }11930 localTime = *expandedTime;11931 11932 /* adjust */11933 localTime.tm_year += 1900;11934 localTime.tm_mon += 1;11935 11936 SetTime(&localTime, before + beforeSz);11937 beforeSz += ASN_GEN_TIME_SZ;11938 11939 after[0] = ASN_GENERALIZED_TIME;11940 afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */11941 11942 /* add daysValid of seconds */11943 then = now + (daysValid * (time_t)86400);11944 expandedTime = XGMTIME(&then, tmpTime);11945 if (expandedTime == NULL) {11946 WOLFSSL_MSG("XGMTIME failed");11947 return 0; /* error */11948 }11949 localTime = *expandedTime;11950 11951 /* adjust */11952 localTime.tm_year += 1900;11953 localTime.tm_mon += 1;11954 11955 SetTime(&localTime, after + afterSz);11956 afterSz += ASN_GEN_TIME_SZ;11957 11958 /* headers and output */11959 seqSz = SetSequence(beforeSz + afterSz, output);11960 XMEMCPY(output + seqSz, before, beforeSz);11961 XMEMCPY(output + seqSz + beforeSz, after, afterSz);11962 11963 return seqSz + beforeSz + afterSz;11964 }11965 11966 12408 11967 12409 /* ASN Encoded Name field */ … … 11976 12418 11977 12419 /* Get Which Name from index */ 11978 static const char* GetOneName(CertName* name, int idx)12420 const char* GetOneCertName(CertName* name, int idx) 11979 12421 { 11980 12422 switch (idx) { … … 12065 12507 12066 12508 /* Get ASN Name from index */ 12067 static byte GetNameId(int idx)12509 byte GetCertNameId(int idx) 12068 12510 { 12069 12511 switch (idx) { … … 12106 12548 } 12107 12549 } 12550 12108 12551 12109 12552 /* … … 12528 12971 curName = names; 12529 12972 do { 12530 output[idx++] = ASN_CONTEXT_SPECIFIC | curName->type; 12973 output[idx] = ASN_CONTEXT_SPECIFIC | curName->type; 12974 if (curName->type == ASN_DIR_TYPE) { 12975 output[idx] |= ASN_CONSTRUCTED; 12976 } 12977 idx++; 12531 12978 idx += SetLength(curName->len, output + idx); 12532 12979 XMEMCPY(output + idx, curName->name, curName->len); … … 12574 13021 /* Restrict country code size */ 12575 13022 if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) { 13023 WOLFSSL_MSG("Country code size error"); 12576 13024 return ASN_COUNTRY_SIZE_E; 12577 13025 } … … 12671 13119 } 12672 13120 13121 13122 13123 13124 /* Guarded by either 13125 * A) WOLFSSL_WPAS_SMALL is on or 13126 * B) (OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_CERT_GEN + 13127 * (WOLFSSL_CERT_REQ or WOLFSSL_CERT_EXT or OPENSSL_EXTRA) has been 13128 * defined 13129 */ 13130 #if defined(WOLFSSL_WPAS_SMALL) || \ 13131 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 13132 defined(WOLFSSL_CERT_GEN) && \ 13133 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ 13134 defined(OPENSSL_EXTRA)) 13135 /* Converts from NID_* value to wolfSSL value if needed */ 13136 static int ConvertNIDToWolfSSL(int nid) 13137 { 13138 switch (nid) { 13139 case NID_commonName : return ASN_COMMON_NAME; 13140 case NID_surname : return ASN_SUR_NAME; 13141 case NID_countryName: return ASN_COUNTRY_NAME; 13142 case NID_localityName: return ASN_LOCALITY_NAME; 13143 case NID_stateOrProvinceName: return ASN_STATE_NAME; 13144 case NID_organizationName: return ASN_ORG_NAME; 13145 case NID_organizationalUnitName: return ASN_ORGUNIT_NAME; 13146 case NID_emailAddress: return ASN_EMAIL_NAME; 13147 case NID_serialNumber: return ASN_SERIAL_NUMBER; 13148 case NID_businessCategory: return ASN_BUS_CAT; 13149 case NID_domainComponent: return ASN_DOMAIN_COMPONENT; 13150 default: 13151 WOLFSSL_MSG("Attribute NID not found"); 13152 return -1; 13153 } 13154 } 13155 13156 13157 /* Converts the x509 name structure into DER format. 13158 * 13159 * out pointer to either a pre setup buffer or a pointer to null for 13160 * creating a dynamic buffer. In the case that a pre-existing buffer is 13161 * used out will be incremented the size of the DER buffer on success. 13162 * 13163 * returns the size of the buffer on success, or negative value with failure 13164 */ 13165 int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) 13166 { 13167 int totalBytes = 0, i, idx; 13168 byte temp[MAX_SEQ_SZ]; 13169 byte *output, *local = NULL; 13170 #ifdef WOLFSSL_SMALL_STACK 13171 EncodedName* names = NULL; 13172 #else 13173 EncodedName names[MAX_NAME_ENTRIES]; 13174 #endif 13175 13176 if (out == NULL || name == NULL) 13177 return BAD_FUNC_ARG; 13178 13179 #ifdef WOLFSSL_SMALL_STACK 13180 names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL, 13181 DYNAMIC_TYPE_TMP_BUFFER); 13182 if (names == NULL) 13183 return MEMORY_E; 13184 #endif 13185 13186 XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES); 13187 13188 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 13189 WOLFSSL_X509_NAME_ENTRY* entry; 13190 int ret; 13191 13192 entry = wolfSSL_X509_NAME_get_entry(name, i); 13193 if (entry != NULL && entry->set == 1) { 13194 const char* nameStr; 13195 int type; 13196 WOLFSSL_ASN1_STRING* data; 13197 13198 data = wolfSSL_X509_NAME_ENTRY_get_data(entry); 13199 if (data == NULL) { 13200 #ifdef WOLFSSL_SMALL_STACK 13201 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13202 #endif 13203 WOLFSSL_MSG("Error getting entry data"); 13204 return WOLFSSL_FATAL_ERROR; 13205 } 13206 13207 nameStr = (const char*)wolfSSL_ASN1_STRING_data(data); 13208 type = wolfSSL_ASN1_STRING_type(data); 13209 13210 switch (type) { 13211 case MBSTRING_UTF8: 13212 type = CTC_UTF8; 13213 break; 13214 case V_ASN1_PRINTABLESTRING: 13215 type = CTC_PRINTABLE; 13216 break; 13217 default: 13218 WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default"); 13219 type = CTC_UTF8; 13220 } 13221 ret = wc_EncodeName(&names[i], nameStr, type, 13222 ConvertNIDToWolfSSL(entry->nid)); 13223 if (ret < 0) { 13224 #ifdef WOLFSSL_SMALL_STACK 13225 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13226 #endif 13227 WOLFSSL_MSG("EncodeName failed"); 13228 return WOLFSSL_FATAL_ERROR; 13229 } 13230 totalBytes += ret; 13231 } 13232 } 13233 13234 /* header */ 13235 idx = SetSequence(totalBytes, temp); 13236 if (totalBytes + idx > ASN_NAME_MAX) { 13237 #ifdef WOLFSSL_SMALL_STACK 13238 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13239 #endif 13240 WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); 13241 return BUFFER_E; 13242 } 13243 13244 /* check if using buffer passed in */ 13245 if (*out == NULL) { 13246 *out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL, 13247 DYNAMIC_TYPE_OPENSSL); 13248 if (*out == NULL) { 13249 return MEMORY_E; 13250 } 13251 } 13252 output = *out; 13253 13254 idx = SetSequence(totalBytes, output); 13255 totalBytes += idx; 13256 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 13257 if (names[i].used) { 13258 XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); 13259 idx += names[i].totalLen; 13260 } 13261 } 13262 13263 #ifdef WOLFSSL_SMALL_STACK 13264 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13265 #endif 13266 13267 /* used existing buffer passed in, so increment pointer */ 13268 if (local == NULL) { 13269 *out += totalBytes; 13270 } 13271 return totalBytes; 13272 } 13273 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ 13274 13275 12673 13276 /* encode CertName into output, return total bytes written */ 12674 13277 int SetName(byte* output, word32 outputSz, CertName* name) … … 12700 13303 for (i = 0; i < NAME_ENTRIES; i++) { 12701 13304 int ret; 12702 const char* nameStr = GetOne Name(name, i);13305 const char* nameStr = GetOneCertName(name, i); 12703 13306 12704 13307 ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i), 12705 Get NameId(i));13308 GetCertNameId(i)); 12706 13309 if (ret < 0) { 12707 13310 #ifdef WOLFSSL_SMALL_STACK 12708 13311 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12709 13312 #endif 12710 return BUFFER_E; 13313 WOLFSSL_MSG("EncodeName failed"); 13314 return BUFFER_E; 12711 13315 } 12712 13316 totalBytes += ret; … … 12722 13326 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12723 13327 #endif 13328 WOLFSSL_MSG("EncodeName on multiple attributes failed\n"); 12724 13329 return BUFFER_E; 12725 13330 } … … 12739 13344 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12740 13345 #endif 13346 WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); 12741 13347 return BUFFER_E; 12742 13348 } … … 12744 13350 for (i = 0; i < NAME_ENTRIES; i++) { 12745 13351 #ifdef WOLFSSL_MULTI_ATTRIB 12746 type = Get NameId(i);13352 type = GetCertNameId(i); 12747 13353 12748 13354 /* list all DC values before OUs */ … … 12755 13361 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12756 13362 #endif 13363 WOLFSSL_MSG("Not enough space left for DC value"); 12757 13364 return BUFFER_E; 12758 13365 } … … 12803 13410 } 12804 13411 13412 /* Set Date validity from now until now + daysValid 13413 * return size in bytes written to output, 0 on error */ 13414 static int SetValidity(byte* output, int daysValid) 13415 { 13416 byte before[MAX_DATE_SIZE]; 13417 byte after[MAX_DATE_SIZE]; 13418 13419 int beforeSz; 13420 int afterSz; 13421 int seqSz; 13422 13423 time_t now; 13424 time_t then; 13425 struct tm* tmpTime; 13426 struct tm* expandedTime; 13427 struct tm localTime; 13428 13429 #if defined(NEED_TMP_TIME) 13430 /* for use with gmtime_r */ 13431 struct tm tmpTimeStorage; 13432 tmpTime = &tmpTimeStorage; 13433 #else 13434 tmpTime = NULL; 13435 #endif 13436 (void)tmpTime; 13437 13438 now = XTIME(0); 13439 13440 /* before now */ 13441 before[0] = ASN_GENERALIZED_TIME; 13442 beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ 13443 13444 /* subtract 1 day of seconds for more compliance */ 13445 then = now - 86400; 13446 expandedTime = XGMTIME(&then, tmpTime); 13447 if (expandedTime == NULL) { 13448 WOLFSSL_MSG("XGMTIME failed"); 13449 return 0; /* error */ 13450 } 13451 localTime = *expandedTime; 13452 13453 /* adjust */ 13454 localTime.tm_year += 1900; 13455 localTime.tm_mon += 1; 13456 13457 SetTime(&localTime, before + beforeSz); 13458 beforeSz += ASN_GEN_TIME_SZ; 13459 13460 after[0] = ASN_GENERALIZED_TIME; 13461 afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ 13462 13463 /* add daysValid of seconds */ 13464 then = now + (daysValid * (time_t)86400); 13465 expandedTime = XGMTIME(&then, tmpTime); 13466 if (expandedTime == NULL) { 13467 WOLFSSL_MSG("XGMTIME failed"); 13468 return 0; /* error */ 13469 } 13470 localTime = *expandedTime; 13471 13472 /* adjust */ 13473 localTime.tm_year += 1900; 13474 localTime.tm_mon += 1; 13475 13476 SetTime(&localTime, after + afterSz); 13477 afterSz += ASN_GEN_TIME_SZ; 13478 13479 /* headers and output */ 13480 seqSz = SetSequence(beforeSz + afterSz, output); 13481 XMEMCPY(output + seqSz, before, beforeSz); 13482 XMEMCPY(output + seqSz + beforeSz, after, afterSz); 13483 13484 return seqSz + beforeSz + afterSz; 13485 } 13486 12805 13487 /* encode info from cert into DER encoded format */ 12806 13488 static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, 12807 WC_RNG* rng, const byte* ntruKey, word16 ntruSz, 13489 WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, 12808 13490 ed25519_key* ed25519Key, ed448_key* ed448Key) 12809 13491 { … … 12815 13497 /* make sure at least one key type is provided */ 12816 13498 if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && 12817 13499 dsaKey == NULL && ed448Key == NULL && ntruKey == NULL) { 12818 13500 return PUBLIC_KEY_E; 12819 13501 } … … 12863 13545 #endif 12864 13546 13547 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 13548 if (cert->keyType == DSA_KEY) { 13549 if (dsaKey == NULL) 13550 return PUBLIC_KEY_E; 13551 der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, 13552 sizeof(der->publicKey), 1); 13553 } 13554 #endif 13555 12865 13556 #ifdef HAVE_ED25519 12866 13557 if (cert->keyType == ED25519_KEY) { … … 12926 13617 12927 13618 /* subject name */ 12928 #if def WOLFSSL_CERT_EXT13619 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 12929 13620 if (XSTRLEN((const char*)cert->sbjRaw) > 0) { 12930 13621 /* Use the raw subject */ … … 12954 13645 12955 13646 /* issuer name */ 12956 #if def WOLFSSL_CERT_EXT13647 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 12957 13648 if (XSTRLEN((const char*)cert->issRaw) > 0) { 12958 13649 /* Use the raw issuer */ … … 12961 13652 der->issuerSz = min(sizeof(der->issuer), 12962 13653 (word32)XSTRLEN((const char*)cert->issRaw)); 13654 12963 13655 /* header */ 12964 13656 idx = SetSequence(der->issuerSz, der->issuer); … … 13337 14029 /* add signature to end of buffer, size of buffer assumed checked, return 13338 14030 new length */ 13339 staticint AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,14031 int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, 13340 14032 int sigAlgoType) 13341 14033 { … … 13366 14058 static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, 13367 14059 RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, 13368 const byte* ntruKey, word16 ntruSz,14060 DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz, 13369 14061 ed25519_key* ed25519Key, ed448_key* ed448Key) 13370 14062 { … … 13376 14068 #endif 13377 14069 13378 if (derBuffer == NULL) {14070 if (derBuffer == NULL) 13379 14071 return BAD_FUNC_ARG; 13380 } 13381 13382 cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : 13383 (ed25519Key ? ED25519_KEY : (ed448Key ? ED448_KEY : NTRU_KEY))); 14072 14073 if (eccKey) 14074 cert->keyType = ECC_KEY; 14075 else if (rsaKey) 14076 cert->keyType = RSA_KEY; 14077 else if (dsaKey) 14078 cert->keyType = DSA_KEY; 14079 else if (ed25519Key) 14080 cert->keyType = ED25519_KEY; 14081 else if (ed448Key) 14082 cert->keyType = ED448_KEY; 14083 else if (ntruKey) 14084 cert->keyType = NTRU_KEY; 14085 else 14086 return BAD_FUNC_ARG; 13384 14087 13385 14088 #ifdef WOLFSSL_SMALL_STACK … … 13389 14092 #endif 13390 14093 13391 ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, 14094 ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, dsaKey, 13392 14095 ed25519Key, ed448Key); 13393 14096 if (ret == 0) { … … 13411 14114 { 13412 14115 RsaKey* rsaKey = NULL; 14116 DsaKey* dsaKey = NULL; 13413 14117 ecc_key* eccKey = NULL; 13414 14118 ed25519_key* ed25519Key = NULL; … … 13417 14121 if (keyType == RSA_TYPE) 13418 14122 rsaKey = (RsaKey*)key; 14123 else if (keyType == DSA_TYPE) 14124 dsaKey = (DsaKey*)key; 13419 14125 else if (keyType == ECC_TYPE) 13420 14126 eccKey = (ecc_key*)key; … … 13424 14130 ed448Key = (ed448_key*)key; 13425 14131 13426 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0,13427 ed25519Key, ed448Key);14132 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey, 14133 NULL, 0, ed25519Key, ed448Key); 13428 14134 } 13429 14135 /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ … … 13431 14137 ecc_key* eccKey, WC_RNG* rng) 13432 14138 { 13433 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0,14139 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL, 0, 13434 14140 NULL, NULL); 13435 14141 } … … 13441 14147 const byte* ntruKey, word16 keySz, WC_RNG* rng) 13442 14148 { 13443 return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz, NULL); 14149 return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, NULL, 14150 ntruKey, keySz, NULL, NULL); 13444 14151 } 13445 14152 … … 13452 14159 int extSz) 13453 14160 { 13454 const byte cpOid[] =13455 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,13456 0x09, 0x07 };13457 14161 const byte erOid[] = 13458 14162 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, … … 13474 14178 byte erSet[MAX_SET_SZ]; 13475 14179 13476 output[0] = 0xa0;14180 output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; 13477 14181 sz++; 13478 14182 … … 13485 14189 } 13486 14190 cpSetSz = SetSet(cpStrSz + pwSz, cpSet); 13487 cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq); 13488 cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz; 14191 /* +2 for tag and length parts of the TLV triplet */ 14192 cpSeqSz = SetSequence(2 + sizeof(attrChallengePasswordOid) + cpSetSz + 14193 cpStrSz + pwSz, cpSeq); 14194 cpSz = cpSeqSz + 2 + sizeof(attrChallengePasswordOid) + cpSetSz + 14195 cpStrSz + pwSz; 13489 14196 } 13490 14197 … … 13501 14208 XMEMCPY(&output[sz], cpSeq, cpSeqSz); 13502 14209 sz += cpSeqSz; 13503 XMEMCPY(&output[sz], cpOid, sizeof(cpOid)); 13504 sz += sizeof(cpOid); 14210 sz += SetObjectId(sizeof(attrChallengePasswordOid), output + sz); 14211 XMEMCPY(&output[sz], attrChallengePasswordOid, 14212 sizeof(attrChallengePasswordOid)); 14213 sz += sizeof(attrChallengePasswordOid); 13505 14214 XMEMCPY(&output[sz], cpSet, cpSetSz); 13506 14215 sz += cpSetSz; … … 13527 14236 /* encode info from cert into DER encoded format */ 13528 14237 static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, 13529 ecc_key* eccKey, ed25519_key* ed25519Key,13530 ed 448_key* ed448Key)14238 DsaKey* dsaKey, ecc_key* eccKey, 14239 ed25519_key* ed25519Key, ed448_key* ed448Key) 13531 14240 { 13532 14241 (void)eccKey; … … 13538 14247 13539 14248 if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && 13540 14249 dsaKey == NULL && ed448Key == NULL) { 13541 14250 return PUBLIC_KEY_E; 13542 14251 } … … 13549 14258 13550 14259 /* subject name */ 13551 der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject); 14260 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 14261 if (XSTRLEN((const char*)cert->sbjRaw) > 0) { 14262 /* Use the raw subject */ 14263 int idx; 14264 14265 der->subjectSz = min(sizeof(der->subject), 14266 (word32)XSTRLEN((const char*)cert->sbjRaw)); 14267 /* header */ 14268 idx = SetSequence(der->subjectSz, der->subject); 14269 if (der->subjectSz + idx > (int)sizeof(der->subject)) { 14270 return SUBJECT_E; 14271 } 14272 14273 XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, 14274 der->subjectSz); 14275 der->subjectSz += idx; 14276 } 14277 else 14278 #endif 14279 { 14280 der->subjectSz = SetName(der->subject, sizeof(der->subject), 14281 &cert->subject); 14282 } 13552 14283 if (der->subjectSz <= 0) 13553 14284 return SUBJECT_E; … … 13563 14294 #endif 13564 14295 14296 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 14297 if (cert->keyType == DSA_KEY) { 14298 if (dsaKey == NULL) 14299 return PUBLIC_KEY_E; 14300 der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, 14301 sizeof(der->publicKey), 1); 14302 } 14303 #endif 14304 13565 14305 #ifdef HAVE_ECC 13566 14306 if (cert->keyType == ECC_KEY) { 14307 if (eccKey == NULL) 14308 return PUBLIC_KEY_E; 13567 14309 der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1); 13568 14310 } … … 13600 14342 else 13601 14343 der->caSz = 0; 14344 14345 #ifdef WOLFSSL_ALT_NAMES 14346 /* Alternative Name */ 14347 if (cert->altNamesSz) { 14348 der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), 14349 cert->altNames, cert->altNamesSz); 14350 if (der->altNamesSz <= 0) 14351 return ALT_NAME_E; 14352 14353 der->extensionsSz += der->altNamesSz; 14354 } 14355 else 14356 der->altNamesSz = 0; 14357 #endif 13602 14358 13603 14359 #ifdef WOLFSSL_CERT_EXT … … 13661 14417 return EXTENSIONS_E; 13662 14418 } 14419 14420 #ifdef WOLFSSL_ALT_NAMES 14421 /* put Alternative Names */ 14422 if (der->altNamesSz) { 14423 ret = SetExtensions(der->extensions, sizeof(der->extensions), 14424 &der->extensionsSz, 14425 der->altNames, der->altNamesSz); 14426 if (ret <= 0) 14427 return EXTENSIONS_E; 14428 } 14429 #endif 13663 14430 13664 14431 #ifdef WOLFSSL_CERT_EXT … … 13751 14518 13752 14519 static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, 13753 RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key,13754 ed 448_key* ed448Key)14520 RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, 14521 ed25519_key* ed25519Key, ed448_key* ed448Key) 13755 14522 { 13756 14523 int ret; … … 13761 14528 #endif 13762 14529 13763 cert->keyType = eccKey ? ECC_KEY : (ed25519Key ? ED25519_KEY : 13764 (ed448Key ? ED448_KEY: RSA_KEY)); 14530 if (eccKey) 14531 cert->keyType = ECC_KEY; 14532 else if (rsaKey) 14533 cert->keyType = RSA_KEY; 14534 else if (dsaKey) 14535 cert->keyType = DSA_KEY; 14536 else if (ed25519Key) 14537 cert->keyType = ED25519_KEY; 14538 else if (ed448Key) 14539 cert->keyType = ED448_KEY; 14540 else 14541 return BAD_FUNC_ARG; 13765 14542 13766 14543 #ifdef WOLFSSL_SMALL_STACK … … 13771 14548 #endif 13772 14549 13773 ret = EncodeCertReq(cert, der, rsaKey, eccKey, ed25519Key, ed448Key);14550 ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key); 13774 14551 13775 14552 if (ret == 0) { … … 13791 14568 { 13792 14569 RsaKey* rsaKey = NULL; 14570 DsaKey* dsaKey = NULL; 13793 14571 ecc_key* eccKey = NULL; 13794 14572 ed25519_key* ed25519Key = NULL; … … 13797 14575 if (keyType == RSA_TYPE) 13798 14576 rsaKey = (RsaKey*)key; 14577 else if (keyType == DSA_TYPE) 14578 dsaKey = (DsaKey*)key; 13799 14579 else if (keyType == ECC_TYPE) 13800 14580 eccKey = (ecc_key*)key; … … 13804 14584 ed448Key = (ed448_key*)key; 13805 14585 13806 return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, ed25519Key,14586 return MakeCertReq(cert, derBuffer, derSz, rsaKey, dsaKey, eccKey, ed25519Key, 13807 14587 ed448Key); 13808 14588 } … … 13811 14591 RsaKey* rsaKey, ecc_key* eccKey) 13812 14592 { 13813 return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, NULL, NULL);14593 return MakeCertReq(cert, derBuffer, derSz, rsaKey, NULL, eccKey, NULL, NULL); 13814 14594 } 13815 14595 #endif /* WOLFSSL_CERT_REQ */ … … 14003 14783 /* ED448 public key */ 14004 14784 if (ed448Key != NULL) 14005 bufferSz = SetEd448PublicKey(buf fer, ed448Key, 0);14785 bufferSz = SetEd448PublicKey(buf, ed448Key, 0); 14006 14786 #endif 14007 14787 … … 14431 15211 { 14432 15212 int ret = 0; 14433 byte tag; 14434 14435 if (decoded->extensions) { 14436 int length; 14437 word32 maxExtensionsIdx; 14438 14439 decoded->srcIdx = decoded->extensionsIdx; 14440 if (GetASNTag(decoded->source, &decoded->srcIdx, &tag, decoded->maxIdx) 14441 != 0) { 14442 return ASN_PARSE_E; 14443 } 14444 14445 if (tag != ASN_EXTENSIONS) { 14446 ret = ASN_PARSE_E; 14447 } 14448 else if (GetLength(decoded->source, &decoded->srcIdx, &length, 14449 decoded->maxIdx) < 0) { 14450 ret = ASN_PARSE_E; 14451 } 14452 else if (GetSequence(decoded->source, &decoded->srcIdx, &length, 14453 decoded->maxIdx) < 0) { 14454 ret = ASN_PARSE_E; 14455 } 14456 else { 14457 maxExtensionsIdx = decoded->srcIdx + length; 14458 14459 while (decoded->srcIdx < maxExtensionsIdx) { 14460 word32 oid; 14461 word32 startIdx = decoded->srcIdx; 14462 word32 tmpIdx; 14463 14464 if (GetSequence(decoded->source, &decoded->srcIdx, &length, 14465 decoded->maxIdx) < 0) { 14466 ret = ASN_PARSE_E; 14467 break; 14468 } 14469 14470 tmpIdx = decoded->srcIdx; 14471 decoded->srcIdx = startIdx; 14472 14473 if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid, 14474 oidCertExtType, decoded->maxIdx) < 0) { 14475 ret = ASN_PARSE_E; 14476 break; 14477 } 14478 14479 if (oid == ALT_NAMES_OID) { 14480 cert->altNamesSz = length + (tmpIdx - startIdx); 14481 14482 if (cert->altNamesSz < (int)sizeof(cert->altNames)) 14483 XMEMCPY(cert->altNames, &decoded->source[startIdx], 14484 cert->altNamesSz); 14485 else { 14486 cert->altNamesSz = 0; 14487 WOLFSSL_MSG("AltNames extensions too big"); 14488 ret = ALT_NAME_E; 14489 break; 14490 } 14491 } 14492 decoded->srcIdx = tmpIdx + length; 14493 } 15213 15214 cert->altNamesSz = 0; 15215 if (decoded->altNames) { 15216 ret = FlattenAltNames(cert->altNames, 15217 sizeof(cert->altNames), decoded->altNames); 15218 if (ret >= 0) { 15219 cert->altNamesSz = ret; 15220 ret = 0; 14494 15221 } 14495 15222 } … … 14878 15605 14879 15606 if (ret >= 0) { 14880 if ((((DecodedCert*)cert->decodedCert)-> issuerRaw) &&14881 (((DecodedCert*)cert->decodedCert)-> issuerRawLen <=15607 if ((((DecodedCert*)cert->decodedCert)->subjectRaw) && 15608 (((DecodedCert*)cert->decodedCert)->subjectRawLen <= 14882 15609 (int)sizeof(CertName))) { 15610 /* Copy the subject to the issuer field */ 14883 15611 XMEMCPY(cert->issRaw, 14884 ((DecodedCert*)cert->decodedCert)-> issuerRaw,14885 ((DecodedCert*)cert->decodedCert)-> issuerRawLen);15612 ((DecodedCert*)cert->decodedCert)->subjectRaw, 15613 ((DecodedCert*)cert->decodedCert)->subjectRawLen); 14886 15614 } 14887 15615 #ifndef WOLFSSL_CERT_GEN_CACHE … … 14902 15630 14903 15631 if (cert == NULL) { 14904 ret = BAD_FUNC_ARG;15632 ret = BAD_FUNC_ARG; 14905 15633 } 14906 15634 else { … … 15088 15816 return 0; 15089 15817 } 15090 #endif /* !NO_DH && WOLFSSL_QT || OPENSSL_ALL*/15818 #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ 15091 15819 15092 15820 #ifdef HAVE_ECC … … 15113 15841 15114 15842 /* store r */ 15115 rSz = SetASNIntMP(r, -1, &out[idx]);15843 rSz = SetASNIntMP(r, *outLen - idx, &out[idx]); 15116 15844 if (rSz < 0) 15117 15845 return rSz; … … 15119 15847 15120 15848 /* store s */ 15121 sSz = SetASNIntMP(s, -1, &out[idx]);15849 sSz = SetASNIntMP(s, *outLen - idx, &out[idx]); 15122 15850 if (sSz < 0) 15123 15851 return sSz; … … 15129 15857 } 15130 15858 15131 15132 /* Der Decode ECC-DSA Signature, r & s stored as big ints */ 15133 int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) 15134 { 15859 /* determine if leading bit is set */ 15860 static int is_leading_bit_set(const byte* input, word32 sz) 15861 { 15862 byte c = 0; 15863 if (sz > 0) 15864 c = input[0]; 15865 return (c & 0x80) != 0; 15866 } 15867 static int trim_leading_zeros(const byte** input, word32 sz) 15868 { 15869 int i, leadingZeroCount = 0; 15870 const byte* tmp = *input; 15871 for (i=0; i<(int)sz; i++) { 15872 if (tmp[i] != 0) 15873 break; 15874 leadingZeroCount++; 15875 } 15876 /* catch all zero case */ 15877 if (sz > 0 && leadingZeroCount == (int)sz) { 15878 leadingZeroCount--; 15879 } 15880 *input += leadingZeroCount; 15881 sz -= leadingZeroCount; 15882 return sz; 15883 } 15884 15885 /* Der Encode r & s ints into out, outLen is (in/out) size */ 15886 /* All input/outputs are assumed to be big-endian */ 15887 int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, 15888 const byte* s, word32 sLen) 15889 { 15890 int ret; 15891 word32 idx; 15892 word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ 15893 int rAddLeadZero, sAddLeadZero; 15894 15895 if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL)) 15896 return BAD_FUNC_ARG; 15897 15898 /* Trim leading zeros */ 15899 rLen = trim_leading_zeros(&r, rLen); 15900 sLen = trim_leading_zeros(&s, sLen); 15901 /* If the leading bit on the INTEGER is a 1, add a leading zero */ 15902 /* Add leading zero if MSB is set */ 15903 rAddLeadZero = is_leading_bit_set(r, rLen); 15904 sAddLeadZero = is_leading_bit_set(s, sLen); 15905 15906 if (*outLen < (rLen + rAddLeadZero + sLen + sAddLeadZero + 15907 headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ 15908 return BUFFER_E; 15909 15910 idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out); 15911 15912 /* store r */ 15913 ret = SetASNInt(rLen, rAddLeadZero ? 0x80 : 0x00, &out[idx]); 15914 if (ret < 0) 15915 return ret; 15916 idx += ret; 15917 XMEMCPY(&out[idx], r, rLen); 15918 idx += rLen; 15919 15920 /* store s */ 15921 ret = SetASNInt(sLen, sAddLeadZero ? 0x80 : 0x00, &out[idx]); 15922 if (ret < 0) 15923 return ret; 15924 idx += ret; 15925 XMEMCPY(&out[idx], s, sLen); 15926 idx += sLen; 15927 15928 *outLen = idx; 15929 15930 return 0; 15931 } 15932 15933 /* Der Decode ECC-DSA Signature with R/S as unsigned bin */ 15934 /* All input/outputs are assumed to be big-endian */ 15935 int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, 15936 byte* s, word32* sLen) 15937 { 15938 int ret; 15135 15939 word32 idx = 0; 15136 15940 int len = 0; … … 15152 15956 #endif 15153 15957 15958 ret = GetASNInt(sig, &idx, &len, sigLen); 15959 if (ret != 0) 15960 return ret; 15961 if (rLen) 15962 *rLen = len; 15963 if (r) 15964 XMEMCPY(r, (byte*)sig + idx, len); 15965 idx += len; 15966 15967 ret = GetASNInt(sig, &idx, &len, sigLen); 15968 if (ret != 0) 15969 return ret; 15970 if (sLen) 15971 *sLen = len; 15972 if (s) 15973 XMEMCPY(s, (byte*)sig + idx, len); 15974 15975 return ret; 15976 } 15977 #endif 15978 15979 #if defined(HAVE_ECC) || !defined(NO_DSA) 15980 int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) 15981 { 15982 word32 idx = 0; 15983 int len = 0; 15984 15985 if (GetSequence(sig, &idx, &len, sigLen) < 0) { 15986 return ASN_ECC_KEY_E; 15987 } 15988 15989 #ifndef NO_STRICT_ECDSA_LEN 15990 /* enable strict length checking for signature */ 15991 if (sigLen != idx + (word32)len) { 15992 return ASN_ECC_KEY_E; 15993 } 15994 #else 15995 /* allow extra signature bytes at end */ 15996 if ((word32)len > (sigLen - idx)) { 15997 return ASN_ECC_KEY_E; 15998 } 15999 #endif 16000 15154 16001 if (GetInt(r, sig, &idx, sigLen) < 0) { 15155 16002 return ASN_ECC_KEY_E; … … 15157 16004 15158 16005 if (GetInt(s, sig, &idx, sigLen) < 0) { 16006 mp_clear(r); 15159 16007 return ASN_ECC_KEY_E; 15160 16008 } … … 15162 16010 return 0; 15163 16011 } 15164 15165 16012 #endif 16013 16014 #ifdef HAVE_ECC 15166 16015 int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, 15167 16016 word32 inSz) … … 15175 16024 #ifdef WOLFSSL_SMALL_STACK 15176 16025 byte* priv; 15177 byte* pub ;16026 byte* pub = NULL; 15178 16027 #else 15179 16028 byte priv[ECC_MAXSIZE+1]; … … 15203 16052 if (GetLength(input, inOutIdx, &length, inSz) < 0) 15204 16053 return ASN_PARSE_E; 15205 15206 if (length > ECC_MAXSIZE) 16054 privSz = length; 16055 16056 if (privSz > ECC_MAXSIZE) 15207 16057 return BUFFER_E; 15208 16058 15209 16059 #ifdef WOLFSSL_SMALL_STACK 15210 priv = (byte*)XMALLOC( ECC_MAXSIZE+1, key->heap, DYNAMIC_TYPE_TMP_BUFFER);16060 priv = (byte*)XMALLOC(privSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15211 16061 if (priv == NULL) 15212 16062 return MEMORY_E; 15213 15214 pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), key->heap, DYNAMIC_TYPE_TMP_BUFFER);15215 if (pub == NULL) {15216 XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);15217 return MEMORY_E;15218 }15219 16063 #endif 15220 16064 15221 16065 /* priv key */ 15222 privSz = length;15223 16066 XMEMCPY(priv, &input[*inOutIdx], privSz); 15224 16067 *inOutIdx += length; … … 15264 16107 /* pub key */ 15265 16108 pubSz = length; 15266 if (pubSz < 2*(ECC_MAXSIZE+1)) { 15267 XMEMCPY(pub, &input[*inOutIdx], pubSz); 15268 *inOutIdx += length; 15269 pubData = pub; 16109 if (pubSz > 2*(ECC_MAXSIZE+1)) 16110 ret = BUFFER_E; 16111 else { 16112 #ifdef WOLFSSL_SMALL_STACK 16113 pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16114 if (pub == NULL) 16115 ret = MEMORY_E; 16116 else 16117 #endif 16118 { 16119 XMEMCPY(pub, &input[*inOutIdx], pubSz); 16120 *inOutIdx += length; 16121 pubData = pub; 16122 } 15270 16123 } 15271 else15272 ret = BUFFER_E;15273 16124 } 15274 16125 } … … 15370 16221 ecc_key* key, word32 inSz) 15371 16222 { 15372 int length;15373 16223 int ret; 16224 int version, length; 15374 16225 int curve_id = ECC_CURVE_DEF; 15375 16226 word32 oidSum, localIdx; 15376 byte tag ;16227 byte tag, isPrivFormat = 0; 15377 16228 15378 16229 if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) … … 15382 16233 return ASN_PARSE_E; 15383 16234 15384 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 15385 return ASN_PARSE_E; 15386 15387 ret = SkipObjectId(input, inOutIdx, inSz); 15388 if (ret != 0) 15389 return ret; 16235 /* Check if ECC private key is being used and skip private portion */ 16236 if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) { 16237 isPrivFormat = 1; 16238 16239 /* Type private key */ 16240 if (*inOutIdx >= inSz) 16241 return ASN_PARSE_E; 16242 tag = input[*inOutIdx]; 16243 *inOutIdx += 1; 16244 if (tag != 4 && tag != 6 && tag != 7) 16245 return ASN_PARSE_E; 16246 16247 /* Skip Private Key */ 16248 if (GetLength(input, inOutIdx, &length, inSz) < 0) 16249 return ASN_PARSE_E; 16250 if (length > ECC_MAXSIZE) 16251 return BUFFER_E; 16252 *inOutIdx += length; 16253 16254 /* Private Curve Header */ 16255 if (*inOutIdx >= inSz) 16256 return ASN_PARSE_E; 16257 tag = input[*inOutIdx]; 16258 *inOutIdx += 1; 16259 if (tag != ECC_PREFIX_0) 16260 return ASN_ECC_KEY_E; 16261 if (GetLength(input, inOutIdx, &length, inSz) <= 0) 16262 return ASN_PARSE_E; 16263 } 16264 /* Standard ECC public key */ 16265 else { 16266 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 16267 return ASN_PARSE_E; 16268 16269 ret = SkipObjectId(input, inOutIdx, inSz); 16270 if (ret != 0) 16271 return ret; 16272 } 15390 16273 15391 16274 if (*inOutIdx >= inSz) { … … 15542 16425 15543 16426 /* get curve id */ 15544 curve_id = wc_ecc_get_oid(oidSum, NULL, 0); 15545 if (curve_id < 0) 16427 if ((ret = CheckCurve(oidSum)) < 0) 15546 16428 return ECC_CURVE_OID_E; 16429 else { 16430 curve_id = ret; 16431 } 16432 } 16433 16434 if (isPrivFormat) { 16435 /* Public Curve Header - skip */ 16436 if (*inOutIdx >= inSz) 16437 return ASN_PARSE_E; 16438 tag = input[*inOutIdx]; 16439 *inOutIdx += 1; 16440 if (tag != ECC_PREFIX_1) 16441 return ASN_ECC_KEY_E; 16442 if (GetLength(input, inOutIdx, &length, inSz) <= 0) 16443 return ASN_PARSE_E; 15547 16444 } 15548 16445 … … 15572 16469 byte ver[MAX_VERSION_SZ]; 15573 16470 byte seq[MAX_SEQ_SZ]; 15574 byte *prv = NULL, *pub = NULL;15575 16471 int ret, totalSz, curveSz, verSz; 15576 16472 int privHdrSz = ASN_ECC_HEADER_SZ; 15577 16473 int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; 16474 #ifdef WOLFSSL_NO_MALLOC 16475 byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; 16476 byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ + 16477 ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; 16478 #else 16479 byte *prv = NULL, *pub = NULL; 16480 #endif 15578 16481 15579 16482 word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0; … … 15595 16498 /* private */ 15596 16499 privSz = key->dp->size; 16500 #ifndef WOLFSSL_NO_MALLOC 15597 16501 prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ, 15598 16502 key->heap, DYNAMIC_TYPE_TMP_BUFFER); … … 15600 16504 return MEMORY_E; 15601 16505 } 16506 #else 16507 if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) { 16508 return BUFFER_E; 16509 } 16510 #endif 15602 16511 prvidx += SetOctetString8Bit(key->dp->size, &prv[prvidx]); 15603 16512 ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); 15604 16513 if (ret < 0) { 16514 #ifndef WOLFSSL_NO_MALLOC 15605 16515 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16516 #endif 15606 16517 return ret; 15607 16518 } … … 15612 16523 ret = wc_ecc_export_x963(key, NULL, &pubSz); 15613 16524 if (ret != LENGTH_ONLY_E) { 16525 #ifndef WOLFSSL_NO_MALLOC 15614 16526 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16527 #endif 15615 16528 return ret; 15616 16529 } 15617 16530 16531 #ifndef WOLFSSL_NO_MALLOC 15618 16532 pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ, 15619 16533 key->heap, DYNAMIC_TYPE_TMP_BUFFER); … … 15622 16536 return MEMORY_E; 15623 16537 } 16538 #else 16539 if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) { 16540 return BUFFER_E; 16541 } 16542 #endif 15624 16543 15625 16544 pub[pubidx++] = ECC_PREFIX_1; … … 15633 16552 ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); 15634 16553 if (ret != 0) { 16554 #ifndef WOLFSSL_NO_MALLOC 15635 16555 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15636 16556 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16557 #endif 15637 16558 return ret; 15638 16559 } … … 15646 16567 totalSz = prvidx + pubidx + curveidx + verSz + seqSz; 15647 16568 if (totalSz > (int)inLen) { 16569 #ifndef WOLFSSL_NO_MALLOC 15648 16570 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15649 16571 if (pubIn) { 15650 16572 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15651 16573 } 16574 #endif 15652 16575 return BAD_FUNC_ARG; 15653 16576 } … … 15665 16588 XMEMCPY(output + idx, prv, prvidx); 15666 16589 idx += prvidx; 16590 #ifndef WOLFSSL_NO_MALLOC 15667 16591 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16592 #endif 15668 16593 15669 16594 /* curve */ … … 15675 16600 XMEMCPY(output + idx, pub, pubidx); 15676 16601 /* idx += pubidx; not used after write, if more data remove comment */ 16602 #ifndef WOLFSSL_NO_MALLOC 15677 16603 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16604 #endif 15678 16605 } 15679 16606 … … 15697 16624 15698 16625 #ifdef HAVE_PKCS8 15699 /* Write only private ecc key to unencrypted PKCS#8 format. 16626 /* Write only private ecc key or both private and public parts to unencrypted 16627 * PKCS#8 format. 15700 16628 * 15701 16629 * If output is NULL, places required PKCS#8 buffer size in outLen and … … 15703 16631 * 15704 16632 * return length on success else < 0 */ 15705 int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) 16633 static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, 16634 int includePublic) 15706 16635 { 15707 16636 int ret, tmpDerSz; … … 15710 16639 word32 pkcs8Sz = 0; 15711 16640 const byte* curveOID = NULL; 16641 #ifdef WOLFSSL_NO_MALLOC 16642 byte tmpDer[ECC_BUFSIZE]; 16643 #else 15712 16644 byte* tmpDer = NULL; 15713 15714 if (key == NULL || outLen == NULL) 16645 #endif 16646 16647 if (key == NULL || key->dp == NULL || outLen == NULL) 15715 16648 return BAD_FUNC_ARG; 15716 16649 … … 15721 16654 return ret; 15722 16655 16656 #ifndef WOLFSSL_NO_MALLOC 15723 16657 /* temp buffer for plain DER key */ 15724 16658 tmpDer = (byte*)XMALLOC(ECC_BUFSIZE, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15725 16659 if (tmpDer == NULL) 15726 16660 return MEMORY_E; 15727 16661 #endif 15728 16662 XMEMSET(tmpDer, 0, ECC_BUFSIZE); 15729 16663 15730 tmpDerSz = wc_BuildEccKeyDer(key, tmpDer, ECC_BUFSIZE, 0);16664 tmpDerSz = wc_BuildEccKeyDer(key, tmpDer, ECC_BUFSIZE, includePublic); 15731 16665 if (tmpDerSz < 0) { 16666 #ifndef WOLFSSL_NO_MALLOC 15732 16667 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16668 #endif 15733 16669 return tmpDerSz; 15734 16670 } … … 15738 16674 curveOID, oidSz); 15739 16675 if (ret != LENGTH_ONLY_E) { 16676 #ifndef WOLFSSL_NO_MALLOC 15740 16677 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16678 #endif 15741 16679 return ret; 15742 16680 } 15743 16681 15744 16682 if (output == NULL) { 16683 #ifndef WOLFSSL_NO_MALLOC 15745 16684 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16685 #endif 15746 16686 *outLen = pkcs8Sz; 15747 16687 return LENGTH_ONLY_E; 15748 16688 15749 } else if (*outLen < pkcs8Sz) { 16689 } 16690 else if (*outLen < pkcs8Sz) { 16691 #ifndef WOLFSSL_NO_MALLOC 15750 16692 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16693 #endif 15751 16694 WOLFSSL_MSG("Input buffer too small for ECC PKCS#8 key"); 15752 16695 return BUFFER_E; … … 15756 16699 algoID, curveOID, oidSz); 15757 16700 if (ret < 0) { 16701 #ifndef WOLFSSL_NO_MALLOC 15758 16702 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16703 #endif 15759 16704 return ret; 15760 16705 } 15761 16706 16707 #ifndef WOLFSSL_NO_MALLOC 15762 16708 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16709 #endif 15763 16710 15764 16711 *outLen = ret; 15765 16712 return ret; 16713 } 16714 16715 /* Write only private ecc key to unencrypted PKCS#8 format. 16716 * 16717 * return length on success else < 0 */ 16718 int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) 16719 { 16720 return eccToPKCS8(key, output, outLen, 0); 16721 } 16722 16723 /* Write both private and public ecc keys to unencrypted PKCS#8 format. 16724 * 16725 * return length on success else < 0 */ 16726 int wc_EccKeyToPKCS8(ecc_key* key, byte* output, 16727 word32* outLen) 16728 { 16729 return eccToPKCS8(key, output, outLen, 1); 15766 16730 } 15767 16731 #endif /* HAVE_PKCS8 */ … … 16188 17152 16189 17153 16190 static int DecodeSingleResponse(byte* source, 16191 word32* ioIndex, OcspResponse* resp, word32 size) 16192 { 16193 word32 idx = *ioIndex, prevIndex, oid, localIdx; 16194 int length, wrapperSz; 16195 CertStatus* cs = resp->status; 17154 static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, 17155 int wrapperSz, OcspEntry* single) 17156 { 17157 word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx; 17158 int length; 16196 17159 int ret; 16197 17160 byte tag; … … 16199 17162 WOLFSSL_ENTER("DecodeSingleResponse"); 16200 17163 16201 /* Outer wrapper of the SEQUENCE OF Single Responses. */16202 if (GetSequence(source, &idx, &wrapperSz, size) < 0)16203 return ASN_PARSE_E;16204 16205 17164 prevIndex = idx; 16206 16207 /* When making a request, we only request one status on one certificate16208 * at a time. There should only be one SingleResponse */16209 17165 16210 17166 /* Wrapper around the Single Response */ … … 16213 17169 16214 17170 /* Wrapper around the CertID */ 17171 certIdIdx = idx; 16215 17172 if (GetSequence(source, &idx, &length, size) < 0) 16216 17173 return ASN_PARSE_E; 16217 /* Skip the hash algorithm */ 16218 if (GetAlgoId(source, &idx, &oid, oidIgnoreType, size) < 0) 16219 return ASN_PARSE_E; 17174 single->rawCertId = source + certIdIdx; 17175 /* Hash algorithm */ 17176 ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size); 17177 if (ret < 0) 17178 return ret; 17179 single->hashAlgoOID = oid; 16220 17180 /* Save reference to the hash of CN */ 16221 17181 ret = GetOctetString(source, &idx, &length, size); 16222 17182 if (ret < 0) 16223 17183 return ret; 16224 resp->issuerHash = source + idx;17184 XMEMCPY(single->issuerHash, source + idx, length); 16225 17185 idx += length; 16226 17186 /* Save reference to the hash of the issuer public key */ … … 16228 17188 if (ret < 0) 16229 17189 return ret; 16230 resp->issuerKeyHash = source + idx;17190 XMEMCPY(single->issuerKeyHash, source + idx, length); 16231 17191 idx += length; 16232 17192 16233 17193 /* Get serial number */ 16234 if (GetSerialNumber(source, &idx, cs->serial, &cs->serialSz, size) < 0)17194 if (GetSerialNumber(source, &idx, single->status->serial, &single->status->serialSz, size) < 0) 16235 17195 return ASN_PARSE_E; 16236 16237 if ( idx >= size ) 17196 single->rawCertIdSize = idx - certIdIdx; 17197 17198 if (idx >= size) 16238 17199 return BUFFER_E; 16239 17200 … … 16242 17203 { 16243 17204 case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): 16244 cs->status = CERT_GOOD;17205 single->status->status = CERT_GOOD; 16245 17206 idx++; 16246 17207 break; 16247 17208 case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): 16248 cs->status = CERT_REVOKED;17209 single->status->status = CERT_REVOKED; 16249 17210 if (GetLength(source, &idx, &length, size) < 0) 16250 17211 return ASN_PARSE_E; … … 16252 17213 break; 16253 17214 case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): 16254 cs->status = CERT_UNKNOWN;17215 single->status->status = CERT_UNKNOWN; 16255 17216 idx++; 16256 17217 break; … … 16260 17221 16261 17222 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 16262 cs->thisDateAsn = source + idx;17223 single->status->thisDateAsn = source + idx; 16263 17224 localIdx = 0; 16264 if (GetDateInfo( cs->thisDateAsn, &localIdx, NULL,16265 (byte*)& cs->thisDateParsed.type,16266 & cs->thisDateParsed.length, size) < 0)17225 if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, 17226 (byte*)&single->status->thisDateParsed.type, 17227 &single->status->thisDateParsed.length, size) < 0) 16267 17228 return ASN_PARSE_E; 16268 XMEMCPY( cs->thisDateParsed.data,16269 cs->thisDateAsn + localIdx - cs->thisDateParsed.length,16270 cs->thisDateParsed.length);16271 #endif 16272 if (GetBasicDate(source, &idx, cs->thisDate,16273 & cs->thisDateFormat, size) < 0)17229 XMEMCPY(single->status->thisDateParsed.data, 17230 single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length, 17231 single->status->thisDateParsed.length); 17232 #endif 17233 if (GetBasicDate(source, &idx, single->status->thisDate, 17234 &single->status->thisDateFormat, size) < 0) 16274 17235 return ASN_PARSE_E; 16275 17236 16276 17237 #ifndef NO_ASN_TIME 16277 17238 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK 16278 if (!XVALIDATE_DATE( cs->thisDate, cs->thisDateFormat, BEFORE))17239 if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) 16279 17240 return ASN_BEFORE_DATE_E; 16280 17241 #endif … … 16283 17244 /* The following items are optional. Only check for them if there is more 16284 17245 * unprocessed data in the singleResponse wrapper. */ 16285 16286 17246 localIdx = idx; 16287 17247 if (((int)(idx - prevIndex) < wrapperSz) && … … 16293 17253 return ASN_PARSE_E; 16294 17254 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 16295 cs->nextDateAsn = source + idx;17255 single->status->nextDateAsn = source + idx; 16296 17256 localIdx = 0; 16297 if (GetDateInfo( cs->nextDateAsn, &localIdx, NULL,16298 (byte*)& cs->nextDateParsed.type,16299 & cs->nextDateParsed.length, size) < 0)17257 if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, 17258 (byte*)&single->status->nextDateParsed.type, 17259 &single->status->nextDateParsed.length, size) < 0) 16300 17260 return ASN_PARSE_E; 16301 XMEMCPY( cs->nextDateParsed.data,16302 cs->nextDateAsn + localIdx - cs->nextDateParsed.length,16303 cs->nextDateParsed.length);16304 #endif 16305 if (GetBasicDate(source, &idx, cs->nextDate,16306 & cs->nextDateFormat, size) < 0)17261 XMEMCPY(single->status->nextDateParsed.data, 17262 single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length, 17263 single->status->nextDateParsed.length); 17264 #endif 17265 if (GetBasicDate(source, &idx, single->status->nextDate, 17266 &single->status->nextDateFormat, size) < 0) 16307 17267 return ASN_PARSE_E; 16308 17268 16309 17269 #ifndef NO_ASN_TIME 16310 17270 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK 16311 if (!XVALIDATE_DATE( cs->nextDate, cs->nextDateFormat, AFTER))17271 if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) 16312 17272 return ASN_AFTER_DATE_E; 16313 17273 #endif … … 16315 17275 } 16316 17276 17277 /* Skip the optional extensions in singleResponse. */ 16317 17278 localIdx = idx; 16318 17279 if (((int)(idx - prevIndex) < wrapperSz) && … … 16418 17379 int ret; 16419 17380 byte tag; 17381 int wrapperSz; 17382 OcspEntry* single; 16420 17383 16421 17384 WOLFSSL_ENTER("DecodeResponseData"); … … 16459 17422 return ASN_PARSE_E; 16460 17423 16461 if ((ret = DecodeSingleResponse(source, &idx, resp, size)) < 0) 16462 return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ 17424 /* Outer wrapper of the SEQUENCE OF Single Responses. */ 17425 if (GetSequence(source, &idx, &wrapperSz, size) < 0) 17426 return ASN_PARSE_E; 17427 17428 localIdx = idx; 17429 single = resp->single; 17430 17431 while (idx - localIdx < (word32)wrapperSz) { 17432 ret = DecodeSingleResponse(source, &idx, size, wrapperSz, single); 17433 if (ret < 0) 17434 return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ 17435 if (idx - localIdx < (word32)wrapperSz) { 17436 single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap, 17437 DYNAMIC_TYPE_OCSP_ENTRY); 17438 if (single->next == NULL) { 17439 return MEMORY_E; 17440 } 17441 single = single->next; 17442 XMEMSET(single, 0, sizeof(OcspEntry)); 17443 single->isDynamic = 1; 17444 } 17445 } 16463 17446 16464 17447 /* … … 16570 17553 if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { 16571 17554 if (XMEMCMP(cert.subjectHash, 16572 resp-> issuerHash, KEYID_SIZE) == 0) {17555 resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) { 16573 17556 WOLFSSL_MSG("\tOCSP Response signed by issuer"); 16574 17557 } … … 16605 17588 16606 17589 #ifndef NO_SKID 16607 ca = GetCA(cm, resp-> issuerKeyHash);17590 ca = GetCA(cm, resp->single->issuerKeyHash); 16608 17591 #else 16609 ca = GetCA(cm, resp-> issuerHash);17592 ca = GetCA(cm, resp->single->issuerHash); 16610 17593 #endif 16611 17594 … … 16632 17615 16633 17616 16634 void InitOcspResponse(OcspResponse* resp, CertStatus* status,16635 byte* source, word32 inSz)17617 void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, 17618 byte* source, word32 inSz, void* heap) 16636 17619 { 16637 17620 WOLFSSL_ENTER("InitOcspResponse"); 16638 17621 16639 17622 XMEMSET(status, 0, sizeof(CertStatus)); 17623 XMEMSET(single, 0, sizeof(OcspEntry)); 16640 17624 XMEMSET(resp, 0, sizeof(OcspResponse)); 16641 17625 17626 single->status = status; 16642 17627 resp->responseStatus = -1; 16643 resp->s tatus = status;17628 resp->single = single; 16644 17629 resp->source = source; 16645 17630 resp->maxIdx = inSz; 17631 resp->heap = heap; 17632 } 17633 17634 void FreeOcspResponse(OcspResponse* resp) 17635 { 17636 OcspEntry *single, *next; 17637 for (single = resp->single; single; single = next) { 17638 next = single->next; 17639 if (single->isDynamic) 17640 XFREE(single, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY); 17641 } 16646 17642 } 16647 17643 … … 16917 17913 int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) 16918 17914 { 16919 int cmp; 17915 int cmp = -1; /* default as not matching, cmp gets set on each check */ 17916 OcspEntry *single, *next, *prev = NULL, *top; 16920 17917 16921 17918 WOLFSSL_ENTER("CompareOcspReqResp"); 16922 17919 16923 if (req == NULL) 16924 { 17920 if (req == NULL) { 16925 17921 WOLFSSL_MSG("\tReq missing"); 16926 17922 return -1; 16927 17923 } 16928 16929 if (resp == NULL) 16930 { 17924 if (resp == NULL || resp->single == NULL) { 16931 17925 WOLFSSL_MSG("\tResp missing"); 16932 17926 return 1; … … 16935 17929 /* Nonces are not critical. The responder may not necessarily add 16936 17930 * the nonce to the response. */ 16937 if (req->nonceSz 17931 if (req->nonceSz && resp->nonce != NULL 16938 17932 #ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK 16939 17933 && resp->nonceSz != 0 … … 16941 17935 ) { 16942 17936 cmp = req->nonceSz - resp->nonceSz; 16943 if (cmp != 0) 16944 { 17937 if (cmp != 0) { 16945 17938 WOLFSSL_MSG("\tnonceSz mismatch"); 16946 17939 return cmp; … … 16948 17941 16949 17942 cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); 16950 if (cmp != 0) 16951 { 17943 if (cmp != 0) { 16952 17944 WOLFSSL_MSG("\tnonce mismatch"); 16953 17945 return cmp; … … 16955 17947 } 16956 17948 16957 cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE); 16958 if (cmp != 0) 16959 { 16960 WOLFSSL_MSG("\tissuerHash mismatch"); 16961 return cmp; 16962 } 16963 16964 cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE); 16965 if (cmp != 0) 16966 { 16967 WOLFSSL_MSG("\tissuerKeyHash mismatch"); 16968 return cmp; 16969 } 16970 16971 cmp = req->serialSz - resp->status->serialSz; 16972 if (cmp != 0) 16973 { 16974 WOLFSSL_MSG("\tserialSz mismatch"); 16975 return cmp; 16976 } 16977 16978 cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz); 16979 if (cmp != 0) 16980 { 16981 WOLFSSL_MSG("\tserial mismatch"); 17949 /* match based on found status and return */ 17950 for (single = resp->single; single; single = next) { 17951 cmp = req->serialSz - single->status->serialSz; 17952 if (cmp == 0) { 17953 if ((XMEMCMP(req->serial, single->status->serial, req->serialSz) == 0) 17954 && (XMEMCMP(req->issuerHash, single->issuerHash, OCSP_DIGEST_SIZE) == 0) 17955 && (XMEMCMP(req->issuerKeyHash, single->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) { 17956 /* match found */ 17957 if (resp->single != single && prev) { 17958 /* move to top of list */ 17959 top = resp->single; 17960 resp->single = single; 17961 prev->next = single->next; 17962 single->next = top; 17963 } 17964 break; 17965 } 17966 } 17967 next = single->next; 17968 prev = single; 17969 } 17970 17971 if (cmp != 0) { 17972 WOLFSSL_MSG("\trequest and response mismatch"); 16982 17973 return cmp; 16983 17974 } … … 17352 18343 17353 18344 17354 /* p rase crl buffer into decoded state, 0 on success */18345 /* parse crl buffer into decoded state, 0 on success */ 17355 18346 int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) 17356 18347 { … … 17380 18371 dcrl->sigIndex = len + idx; 17381 18372 17382 if (ParseCRL_CertList(dcrl, buff, &idx, idx + len) < 0)18373 if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex) < 0) 17383 18374 return ASN_PARSE_E; 17384 18375 17385 if (ParseCRL_Extensions(dcrl, buff, &idx, idx + len) < 0)18376 if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) 17386 18377 return ASN_PARSE_E; 17387 18378 … … 17516 18507 17517 18508 18509 18510 #ifdef HAVE_SMIME 18511 18512 /***************************************************************************** 18513 * wc_MIME_parse_headers - Reads the char array in and parses out MIME headers 18514 * and parameters into headers. Will continue until in has no more content. 18515 * 18516 * RETURNS: 18517 * returns zero on success, non-zero on error. 18518 */ 18519 int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) 18520 { 18521 MimeHdr* nextHdr = NULL; 18522 MimeHdr* curHdr = NULL; 18523 MimeParam* nextParam = NULL; 18524 size_t start = 0; 18525 size_t end = 0; 18526 char* nameAttr = NULL; 18527 char* bodyVal = NULL; 18528 MimeTypes mimeType = MIME_HDR; 18529 MimeStatus mimeStatus = MIME_NAMEATTR; 18530 int ret = -1; 18531 size_t pos = 0; 18532 size_t lineLen = 0; 18533 char* curLine = NULL; 18534 char* ptr = NULL; 18535 18536 if (in == NULL || inLen <= 0 || in[inLen] != '\0' || headers == NULL) { 18537 ret = BAD_FUNC_ARG; 18538 goto error; 18539 } 18540 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, DYNAMIC_TYPE_PKCS7); 18541 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18542 DYNAMIC_TYPE_PKCS7); 18543 if (nextHdr == NULL || nextParam == NULL) { 18544 ret = MEMORY_E; 18545 goto error; 18546 } 18547 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18548 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18549 18550 curLine = XSTRTOK(in, "\r\n", &ptr); 18551 if (curLine == NULL) { 18552 ret = ASN_PARSE_E; 18553 goto error; 18554 } 18555 18556 while (curLine != NULL) { 18557 /* Leftover from previous line, add params to previous header. */ 18558 if (curLine[0] == ' ' && curHdr) { 18559 mimeType = MIME_PARAM; 18560 } 18561 else { 18562 mimeType = MIME_HDR; 18563 } 18564 start = end = 0; 18565 lineLen = XSTRLEN(curLine); 18566 18567 for (pos = 0; pos < lineLen; pos++) { 18568 char cur = curLine[pos]; 18569 18570 if (mimeStatus == MIME_NAMEATTR && ((cur == ':' && 18571 mimeType == MIME_HDR) || (cur == '=' && 18572 mimeType == MIME_PARAM))) { 18573 mimeStatus = MIME_BODYVAL; 18574 end = pos-1; 18575 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end); 18576 if (ret) { 18577 goto error; 18578 } 18579 start = pos+1; 18580 } 18581 else if (mimeStatus == MIME_BODYVAL && cur == ';') { 18582 end = pos-1; 18583 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); 18584 if (ret) { 18585 goto error; 18586 } 18587 if (mimeType == MIME_HDR) { 18588 nextHdr->name = nameAttr; 18589 nextHdr->body = bodyVal; 18590 nextHdr->next = curHdr; 18591 curHdr = nextHdr; 18592 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, 18593 DYNAMIC_TYPE_PKCS7); 18594 if (nextHdr == NULL) { 18595 ret = MEMORY_E; 18596 goto error; 18597 } 18598 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18599 } 18600 else { 18601 nextParam->attribute = nameAttr; 18602 nextParam->value = bodyVal; 18603 nextParam->next = curHdr->params; 18604 curHdr->params = nextParam; 18605 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18606 DYNAMIC_TYPE_PKCS7); 18607 if (nextParam == NULL) { 18608 ret = MEMORY_E; 18609 goto error; 18610 } 18611 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18612 } 18613 mimeType = MIME_PARAM; 18614 mimeStatus = MIME_NAMEATTR; 18615 start = pos+1; 18616 } 18617 } 18618 18619 end = lineLen-1; 18620 /* Omit newline characters. */ 18621 while ((curLine[end] == '\r' || curLine[end] == '\n') && end > 0) { 18622 end--; 18623 } 18624 if (end >= start && mimeStatus == MIME_BODYVAL) { 18625 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); 18626 if (ret) { 18627 goto error; 18628 } 18629 if (mimeType == MIME_HDR) { 18630 nextHdr->name = nameAttr; 18631 nextHdr->body = bodyVal; 18632 nextHdr->next = curHdr; 18633 curHdr = nextHdr; 18634 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, 18635 DYNAMIC_TYPE_PKCS7); 18636 if (nextHdr == NULL) { 18637 ret = MEMORY_E; 18638 goto error; 18639 } 18640 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18641 } else { 18642 nextParam->attribute = nameAttr; 18643 nextParam->value = bodyVal; 18644 nextParam->next = curHdr->params; 18645 curHdr->params = nextParam; 18646 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18647 DYNAMIC_TYPE_PKCS7); 18648 if (nextParam == NULL) { 18649 ret = MEMORY_E; 18650 goto error; 18651 } 18652 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18653 } 18654 } 18655 18656 curLine = XSTRTOK(NULL, "\r\n", &ptr); 18657 mimeStatus = MIME_NAMEATTR; 18658 } 18659 18660 *headers = curHdr; 18661 XFREE(nextHdr, NULL, DYNAMIC_TYPE_PKCS7); 18662 XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); 18663 18664 return 0; 18665 18666 error: 18667 wc_MIME_free_hdrs(curHdr); 18668 wc_MIME_free_hdrs(nextHdr); 18669 XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); 18670 XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); 18671 XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); 18672 18673 return ret; 18674 } 18675 18676 /***************************************************************************** 18677 * wc_MIME_header_strip - Reads the string in from indices start to end, strips 18678 * out disallowed/separator characters and places the rest into *out. 18679 * 18680 * RETURNS: 18681 * returns zero on success, non-zero on error. 18682 */ 18683 int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end) 18684 { 18685 size_t inPos = start; 18686 size_t outPos = 0; 18687 size_t inLen = 0; 18688 18689 if (end < start || in == NULL || out == NULL) { 18690 return BAD_FUNC_ARG; 18691 } 18692 18693 inLen = XSTRLEN(in); 18694 if (start > inLen || end > inLen) { 18695 return BAD_FUNC_ARG; 18696 } 18697 18698 *out = (char*)XMALLOC(((end-start)+2)*sizeof(char), NULL, 18699 DYNAMIC_TYPE_PKCS7); 18700 if (*out == NULL) { 18701 return MEMORY_E; 18702 } 18703 18704 while (inPos <= end) { 18705 if (in[inPos] >= MIME_HEADER_ASCII_MIN && in[inPos] <= 18706 MIME_HEADER_ASCII_MAX && in[inPos] != ';' && in[inPos] != '\"') { 18707 (*out)[outPos] = in[inPos]; 18708 outPos++; 18709 } 18710 inPos++; 18711 } 18712 (*out)[outPos] = '\0'; 18713 18714 return 0; 18715 } 18716 18717 /***************************************************************************** 18718 * wc_MIME_find_header_name - Searches through all given headers until a header with 18719 * a name matching the provided name is found. 18720 * 18721 * RETURNS: 18722 * returns a pointer to the found header, if no match was found, returns NULL. 18723 */ 18724 MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* header) 18725 { 18726 size_t len = XSTRLEN(name); 18727 18728 while (header) { 18729 if (!XSTRNCMP(name, header->name, len)) { 18730 return header; 18731 } 18732 header = header->next; 18733 } 18734 18735 return header; 18736 } 18737 18738 /***************************************************************************** 18739 * wc_MIME_find_param_attr - Searches through all parameters until a parameter 18740 * with a attribute matching the provided attribute is found. 18741 * 18742 * RETURNS: 18743 * returns a pointer to the found parameter, if no match was found, 18744 * returns NULL. 18745 */ 18746 MimeParam* wc_MIME_find_param_attr(const char* attribute, 18747 MimeParam* param) 18748 { 18749 size_t len = XSTRLEN(attribute); 18750 18751 while (param) { 18752 if (!XSTRNCMP(attribute, param->attribute, len)) { 18753 return param; 18754 } 18755 param = param->next; 18756 } 18757 18758 return param; 18759 } 18760 18761 /***************************************************************************** 18762 * wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from 18763 * the provided header pointer. 18764 * 18765 * RETURNS: 18766 * returns zero on success, non-zero on error. 18767 */ 18768 int wc_MIME_free_hdrs(MimeHdr* head) 18769 { 18770 MimeHdr* curHdr = NULL; 18771 MimeParam* curParam = NULL; 18772 18773 while (head) { 18774 while (head->params) { 18775 curParam = head->params; 18776 head->params = head->params->next; 18777 XFREE(curParam->attribute, NULL, DYNAMIC_TYPE_PKCS7); 18778 XFREE(curParam->value, NULL, DYNAMIC_TYPE_PKCS7); 18779 XFREE(curParam, NULL, DYNAMIC_TYPE_PKCS7); 18780 } 18781 curHdr = head; 18782 head = head->next; 18783 XFREE(curHdr->name, NULL, DYNAMIC_TYPE_PKCS7); 18784 XFREE(curHdr->body, NULL, DYNAMIC_TYPE_PKCS7); 18785 XFREE(curHdr, NULL, DYNAMIC_TYPE_PKCS7); 18786 } 18787 18788 return 0; 18789 } 18790 18791 #endif /* HAVE_SMIME */ 18792 18793 17518 18794 #undef ERROR_OUT 17519 18795 -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/blake2b.c
r457 r464 44 44 #include <wolfssl/wolfcrypt/blake2.h> 45 45 #include <wolfssl/wolfcrypt/blake2-impl.h> 46 #include <wolfssl/wolfcrypt/error-crypt.h> 46 47 47 48 … … 125 126 blake2b_param P[1]; 126 127 127 if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;128 if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG; 128 129 129 130 #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD … … 154 155 blake2b_param P[1]; 155 156 156 if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;157 158 if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;157 if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG; 158 159 if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return BAD_FUNC_ARG; 159 160 160 161 #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD … … 178 179 #endif 179 180 180 if( blake2b_init_param( S, P ) < 0 ) return -1; 181 { 182 int ret = blake2b_init_param( S, P ); 183 if ( ret < 0 ) return ret; 184 } 181 185 182 186 { … … 186 190 block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER); 187 191 188 if ( block == NULL ) return -1;192 if ( block == NULL ) return MEMORY_E; 189 193 #else 190 194 byte block[BLAKE2B_BLOCKBYTES]; … … 204 208 } 205 209 206 static int blake2b_compress( blake2b_state *S, 207 const byte block[BLAKE2B_BLOCKBYTES] ) 210 static WC_INLINE int blake2b_compress( 211 blake2b_state *S, 212 const byte block[BLAKE2B_BLOCKBYTES], 213 word64* m, 214 word64* v) 208 215 { 209 216 int i; 210 211 #ifdef WOLFSSL_SMALL_STACK212 word64* m;213 word64* v;214 215 m = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);216 217 if ( m == NULL ) return -1;218 219 v = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);220 221 if ( v == NULL )222 {223 XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);224 return -1;225 }226 #else227 word64 m[16];228 word64 v[16];229 #endif230 217 231 218 for( i = 0; i < 16; ++i ) … … 284 271 #undef ROUND 285 272 286 #ifdef WOLFSSL_SMALL_STACK287 XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);288 XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);289 #endif290 291 273 return 0; 292 274 } … … 295 277 int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ) 296 278 { 279 int ret = 0; 280 #ifdef WOLFSSL_SMALL_STACK 281 word64* m; 282 word64* v; 283 284 m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER); 285 286 if ( m == NULL ) return MEMORY_E; 287 288 v = &m[16]; 289 #else 290 word64 m[16]; 291 word64 v[16]; 292 #endif 293 297 294 while( inlen > 0 ) 298 295 { … … 306 303 blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); 307 304 308 if ( blake2b_compress( S, S->buf ) < 0 ) return -1; /* Compress */ 305 { 306 ret = blake2b_compress( S, S->buf, m, v ); 307 if (ret < 0) break; 308 } 309 309 310 310 XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); … … 322 322 } 323 323 324 return 0; 324 #ifdef WOLFSSL_SMALL_STACK 325 XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); 326 #endif 327 328 return ret; 325 329 } 326 330 … … 328 332 int blake2b_final( blake2b_state *S, byte *out, byte outlen ) 329 333 { 334 int ret = 0; 330 335 byte buffer[BLAKE2B_OUTBYTES]; 331 336 int i; 337 #ifdef WOLFSSL_SMALL_STACK 338 word64* m; 339 word64* v; 340 341 m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER); 342 343 if ( m == NULL ) return MEMORY_E; 344 345 v = &m[16]; 346 #else 347 word64 m[16]; 348 word64 v[16]; 349 #endif 332 350 333 351 if( S->buflen > BLAKE2B_BLOCKBYTES ) … … 335 353 blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); 336 354 337 if ( blake2b_compress( S, S->buf ) < 0 ) return -1; 355 { 356 ret = blake2b_compress( S, S->buf, m, v ); 357 if (ret < 0) goto out; 358 } 338 359 339 360 S->buflen -= BLAKE2B_BLOCKBYTES; … … 345 366 XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) ); 346 367 /* Padding */ 347 if ( blake2b_compress( S, S->buf ) < 0 ) return -1; 368 { 369 ret = blake2b_compress( S, S->buf, m, v ); 370 if (ret < 0) goto out; 371 } 348 372 349 373 for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ … … 351 375 352 376 XMEMCPY( out, buffer, outlen ); 353 return 0; 377 378 out: 379 380 #ifdef WOLFSSL_SMALL_STACK 381 XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); 382 #endif 383 384 return ret; 354 385 } 355 386 … … 361 392 362 393 /* Verify parameters */ 363 if ( NULL == in ) return -1;364 365 if ( NULL == out ) return -1;394 if ( NULL == in ) return BAD_FUNC_ARG; 395 396 if ( NULL == out ) return BAD_FUNC_ARG; 366 397 367 398 if( NULL == key ) keylen = 0; … … 369 400 if( keylen > 0 ) 370 401 { 371 if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1; 402 int ret = blake2b_init_key( S, outlen, key, keylen ); 403 if (ret < 0) return ret; 372 404 } 373 405 else 374 406 { 375 if( blake2b_init( S, outlen ) < 0 ) return -1; 376 } 377 378 if ( blake2b_update( S, ( byte * )in, inlen ) < 0) return -1; 407 int ret = blake2b_init( S, outlen ); 408 if (ret < 0) return ret; 409 } 410 411 { 412 int ret = blake2b_update( S, ( byte * )in, inlen ); 413 if (ret < 0) return ret; 414 } 379 415 380 416 return blake2b_final( S, out, outlen ); … … 423 459 { 424 460 if (b2b == NULL){ 425 return -1;461 return BAD_FUNC_ARG; 426 462 } 427 463 b2b->digestSz = digestSz; … … 430 466 } 431 467 468 /* Init Blake2b digest with key, track size in case final doesn't want to "remember" */ 469 int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word32 keylen) 470 { 471 if (b2b == NULL){ 472 return BAD_FUNC_ARG; 473 } 474 b2b->digestSz = digestSz; 475 476 if (keylen >= 256) 477 return BAD_FUNC_ARG; 478 479 if (key) 480 return blake2b_init_key(b2b->S, (byte)digestSz, key, (byte)keylen); 481 else 482 return blake2b_init(b2b->S, (byte)digestSz); 483 } 432 484 433 485 /* Blake2b Update */ -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/coding.c
r457 r464 32 32 #include <wolfssl/wolfcrypt/error-crypt.h> 33 33 #include <wolfssl/wolfcrypt/logging.h> 34 34 #ifndef NO_ASN 35 #include <wolfssl/wolfcrypt/asn.h> /* For PEM_LINE_SZ */ 36 #endif 37 #ifdef NO_INLINE 38 #include <wolfssl/wolfcrypt/misc.h> 39 #else 40 #define WOLFSSL_MISC_INCLUDED 41 #include <wolfcrypt/src/misc.c> 42 #endif 35 43 36 44 enum { 37 45 BAD = 0xFF, /* invalid encoding */ 38 46 PAD = '=', 39 PEM_LINE_SZ = 64,40 47 BASE64_MIN = 0x2B, 41 48 BASE16_MIN = 0x30, … … 43 50 44 51 52 #ifndef BASE64_LINE_SZ 53 #ifdef NO_ASN 54 #define BASE64_LINE_SZ 64 55 #else 56 #define BASE64_LINE_SZ PEM_LINE_SZ 57 #endif 58 #endif 59 45 60 #ifdef WOLFSSL_BASE64_DECODE 46 61 62 #ifdef BASE64_NO_TABLE 63 static WC_INLINE byte Base64_Char2Val(byte c) 64 { 65 word16 v = 0x0000; 66 67 v |= 0xff3E & ctMask16Eq(c, 0x2b); 68 v |= 0xff3F & ctMask16Eq(c, 0x2f); 69 v |= (c + 0xff04) & ctMask16GTE(c, 0x30) & ctMask16LTE(c, 0x39); 70 v |= (0xff00 + c - 0x41) & ctMask16GTE(c, 0x41) & ctMask16LTE(c, 0x5a); 71 v |= (0xff00 + c - 0x47) & ctMask16GTE(c, 0x61) & ctMask16LTE(c, 0x7a); 72 v |= ~(v >> 8); 73 74 return (byte)v; 75 } 76 #else 47 77 static 48 const byte base64Decode[] = { 62, BAD, BAD, BAD, 63, /* + starts at 0x2B */ 49 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 50 BAD, BAD, BAD, BAD, BAD, BAD, BAD, 51 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 52 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 53 20, 21, 22, 23, 24, 25, 54 BAD, BAD, BAD, BAD, BAD, BAD, 55 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 56 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 57 46, 47, 48, 49, 50, 51 78 ALIGN64 const byte base64Decode[] = { /* + starts at 0x2B */ 79 /* 0x28: + , - . / */ 62, BAD, BAD, BAD, 63, 80 /* 0x30: 0 1 2 3 4 5 6 7 */ 52, 53, 54, 55, 56, 57, 58, 59, 81 /* 0x38: 8 9 : ; < = > ? */ 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, 82 /* 0x40: @ A B C D E F G */ BAD, 0, 1, 2, 3, 4, 5, 6, 83 /* 0x48: H I J K L M N O */ 7, 8, 9, 10, 11, 12, 13, 14, 84 /* 0x50: P Q R S T U V W */ 15, 16, 17, 18, 19, 20, 21, 22, 85 /* 0x58: X Y Z [ \ ] ^ _ */ 23, 24, 25, BAD, BAD, BAD, BAD, BAD, 86 /* 0x60: ` a b c d e f g */ BAD, 26, 27, 28, 29, 30, 31, 32, 87 /* 0x68: h i j k l m n o */ 33, 34, 35, 36, 37, 38, 39, 40, 88 /* 0x70: p q r s t u v w */ 41, 42, 43, 44, 45, 46, 47, 48, 89 /* 0x78: x y z */ 49, 50, 51 58 90 }; 91 #define BASE64DECODE_SZ (byte)(sizeof(base64Decode)) 92 93 static WC_INLINE byte Base64_Char2Val(byte c) 94 { 95 #ifndef WC_NO_CACHE_RESISTANT 96 /* 80 characters in table. 97 * 64 bytes in a cache line - first line has 64, second has 16 98 */ 99 byte v; 100 byte mask; 101 102 c -= BASE64_MIN; 103 mask = (((byte)(0x3f - c)) >> 7) - 1; 104 /* Load a value from the first cache line and use when mask set. */ 105 v = base64Decode[ c & 0x3f ] & mask ; 106 /* Load a value from the second cache line and use when mask not set. */ 107 v |= base64Decode[(c & 0x0f) | 0x40] & (~mask); 108 109 return v; 110 #else 111 return base64Decode[c - BASE64_MIN]; 112 #endif 113 } 114 #endif 59 115 60 116 static WC_INLINE int Base64_SkipNewline(const byte* in, word32 *inLen, word32 *outJ) … … 92 148 word32 i = 0; 93 149 word32 j = 0; 94 word32 plainSz = inLen - ((inLen + ( PEM_LINE_SZ - 1)) / PEM_LINE_SZ );150 word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ ); 95 151 int ret; 96 const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1; 152 #ifndef BASE64_NO_TABLE 153 const byte maxIdx = BASE64DECODE_SZ + BASE64_MIN - 1; 154 #endif 97 155 98 156 plainSz = (plainSz * 3 + 3) / 4; … … 102 160 int pad3 = 0; 103 161 int pad4 = 0; 104 105 162 byte b1, b2, b3; 106 163 byte e1, e2, e3, e4; 164 107 165 if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { 108 166 if (ret == BUFFER_E) { … … 133 191 inLen--; 134 192 135 if (e1 == 0) /* end file 0's */136 break;137 193 if (e3 == PAD) 138 194 pad3 = 1; … … 140 196 pad4 = 1; 141 197 142 if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN || e4 < BASE64_MIN) { 198 if (pad3 && !pad4) 199 return ASN_INPUT_E; 200 201 #ifndef BASE64_NO_TABLE 202 if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN || 203 e4 < BASE64_MIN) { 143 204 WOLFSSL_MSG("Bad Base64 Decode data, too small"); 144 205 return ASN_INPUT_E; … … 149 210 return ASN_INPUT_E; 150 211 } 212 #endif 151 213 152 214 if (i + 1 + !pad3 + !pad4 > *outLen) { … … 155 217 } 156 218 157 e1 = base64Decode[e1 - BASE64_MIN]; 158 e2 = base64Decode[e2 - BASE64_MIN]; 159 e3 = (e3 == PAD) ? 0 : base64Decode[e3 - BASE64_MIN]; 160 e4 = (e4 == PAD) ? 0 : base64Decode[e4 - BASE64_MIN]; 219 e1 = Base64_Char2Val(e1); 220 e2 = Base64_Char2Val(e2); 221 e3 = (e3 == PAD) ? 0 : Base64_Char2Val(e3); 222 e4 = (e4 == PAD) ? 0 : Base64_Char2Val(e4); 223 224 if (e1 == BAD || e2 == BAD || e3 == BAD || e4 == BAD) { 225 WOLFSSL_MSG("Bad Base64 Decode bad character"); 226 return ASN_INPUT_E; 227 } 161 228 162 229 b1 = (byte)((e1 << 2) | (e2 >> 4)); … … 199 266 /* make sure *i (idx) won't exceed max, store and possibly escape to out, 200 267 * raw means use e w/o decode, 0 on success */ 201 static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max ,268 static int CEscape(int escaped, byte e, byte* out, word32* i, word32 maxSz, 202 269 int raw, int getSzOnly) 203 270 { … … 241 308 242 309 /* check size */ 243 if ( (idx+needed) > max && !getSzOnly) {310 if ( (idx+needed) > maxSz && !getSzOnly) { 244 311 WOLFSSL_MSG("Escape buffer max too small"); 245 312 return BUFFER_E; … … 292 359 293 360 word32 outSz = (inLen + 3 - 1) / 3 * 4; 294 word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */361 word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */ 295 362 296 363 if (escaped == WC_ESC_NL_ENC) … … 329 396 inLen -= 3; 330 397 331 /* Insert newline after PEM_LINE_SZ, unless no \n requested */332 if (escaped != WC_NO_NL_ENC && (++n % ( PEM_LINE_SZ/4)) == 0 && inLen) {398 /* Insert newline after BASE64_LINE_SZ, unless no \n requested */ 399 if (escaped != WC_NO_NL_ENC && (++n % (BASE64_LINE_SZ/4)) == 0 && inLen) { 333 400 ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly); 334 401 if (ret != 0) break; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/des3.c
r457 r464 346 346 } 347 347 348 static voidDes3Crypt(Des3* des, byte* out, const byte* in, word32 sz,348 static int Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, 349 349 int dir) 350 350 { … … 461 461 } 462 462 #endif /* WOLFSSL_STM32_CUBEMX */ 463 return 0; 463 464 } 464 465 465 466 int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) 466 467 { 467 Des3Crypt(des, out, in, sz, DES_ENCRYPTION); 468 return 0; 468 return Des3Crypt(des, out, in, sz, DES_ENCRYPTION); 469 469 } 470 470 471 471 int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) 472 472 { 473 Des3Crypt(des, out, in, sz, DES_DECRYPTION); 474 return 0; 473 return Des3Crypt(des, out, in, sz, DES_DECRYPTION); 475 474 } 476 475 … … 1172 1171 1173 1172 /* permuted choice table (key) */ 1174 static const byte pc1[] = {1173 static const FLASH_QUALIFIER byte pc1[] = { 1175 1174 57, 49, 41, 33, 25, 17, 9, 1176 1175 1, 58, 50, 42, 34, 26, 18, … … 1185 1184 1186 1185 /* number left rotations of pc1 */ 1187 static const byte totrot[] = {1186 static const FLASH_QUALIFIER byte totrot[] = { 1188 1187 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 1189 1188 }; 1190 1189 1191 1190 /* permuted choice key (table) */ 1192 static const byte pc2[] = {1191 static const FLASH_QUALIFIER byte pc2[] = { 1193 1192 14, 17, 11, 24, 1, 5, 1194 1193 3, 28, 15, 6, 21, 10, … … 1204 1203 1205 1204 /* bit 0 is left-most in byte */ 1206 static const int bytebit[] = {1205 static const FLASH_QUALIFIER int bytebit[] = { 1207 1206 0200,0100,040,020,010,04,02,01 1208 1207 }; 1209 1208 1210 static const word32 Spbox[8][64] = {1209 static const FLASH_QUALIFIER word32 Spbox[8][64] = { 1211 1210 { 0x01010400,0x00000000,0x00010000,0x01010404, 1212 1211 0x01010004,0x00010404,0x00000004,0x00010000, -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/dh.c
r457 r464 931 931 key->heap = heap; /* for XMALLOC/XFREE in future */ 932 932 933 #if !defined(WOLFSSL_QT) && !defined(OPENSSL_ALL) 933 #ifdef WOLFSSL_DH_EXTRA 934 if (mp_init_multi(&key->p, &key->g, &key->q, &key->pub, &key->priv, NULL) != MP_OKAY) 935 #else 934 936 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY) 935 #else936 if (mp_init_multi(&key->p,&key->g,&key->q,&key->pub,&key->priv,NULL) != MP_OKAY)937 937 #endif 938 938 return MEMORY_E; … … 961 961 mp_clear(&key->g); 962 962 mp_clear(&key->q); 963 #ifdef WOLFSSL_DH_EXTRA 964 mp_clear(&key->pub); 965 mp_forcezero(&key->priv); 966 #endif 963 967 964 968 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH) … … 1149 1153 1150 1154 mp_forcezero(tmpX); 1151 mp_clear(tmpX);1152 1155 mp_clear(tmpQ); 1153 1156 #ifdef WOLFSSL_SMALL_STACK … … 1207 1210 } 1208 1211 1209 ret = wc_RNG_GenerateBlock(rng, priv, sz); 1212 if (sz > *privSz) 1213 ret = WC_KEY_SIZE_E; 1214 1215 if (ret == 0) 1216 ret = wc_RNG_GenerateBlock(rng, priv, sz); 1210 1217 1211 1218 if (ret == 0) { … … 1231 1238 int ret = 0; 1232 1239 #ifndef WOLFSSL_SP_MATH 1240 word32 binSz = 0; 1233 1241 #ifdef WOLFSSL_SMALL_STACK 1234 1242 mp_int* x; … … 1255 1263 #endif 1256 1264 1257 #if ndef WOLFSSL_SP_MATH1265 #if !defined(WOLFSSL_SP_MATH) 1258 1266 #ifdef WOLFSSL_SMALL_STACK 1259 1267 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); … … 1280 1288 ret = MP_EXPTMOD_E; 1281 1289 1290 if (ret == 0) { 1291 binSz = mp_unsigned_bin_size(y); 1292 if (binSz > *pubSz) { 1293 ret = WC_KEY_SIZE_E; 1294 } 1295 } 1296 1282 1297 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY) 1283 1298 ret = MP_TO_E; 1284 1299 1285 1300 if (ret == 0) 1286 *pubSz = mp_unsigned_bin_size(y);1301 *pubSz = binSz; 1287 1302 1288 1303 mp_clear(y); … … 1468 1483 } 1469 1484 1485 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */ 1470 1486 if (ret == 0 && prime != NULL) { 1471 1487 #ifdef WOLFSSL_HAVE_SP_DH … … 1486 1502 else 1487 1503 #endif 1488 #ifdef WOLFSSL_SP_ NO_40961504 #ifdef WOLFSSL_SP_4096 1489 1505 if (mp_count_bits(&key->p) == 4096) { 1490 1506 ret = sp_ModExp_4096(y, q, p, y); … … 1497 1513 1498 1514 { 1499 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */ 1500 #ifndef WOLFSSL_SP_MATH 1515 #if !defined(WOLFSSL_SP_MATH) 1501 1516 /* calculate (y^q) mod(p), store back into y */ 1502 1517 if (mp_exptmod(y, q, p, y) != MP_OKAY) … … 1783 1798 #endif 1784 1799 { 1785 #if ndef WOLFSSL_SP_MATH1800 #if !defined(WOLFSSL_SP_MATH) 1786 1801 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY) 1787 1802 ret = MP_EXPTMOD_E; … … 1799 1814 1800 1815 mp_forcezero(privateKey); 1801 mp_clear(privateKey);1802 1816 mp_clear(publicKey); 1803 1817 mp_clear(checkKey); … … 1835 1849 } 1836 1850 1837 1838 1851 static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, 1839 1852 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz) … … 1841 1854 int ret = 0; 1842 1855 #ifdef WOLFSSL_SMALL_STACK 1843 mp_int* y ;1844 #if ndef WOLFSSL_SP_MATH1845 mp_int* x ;1846 mp_int* z ;1856 mp_int* y = NULL; 1857 #if !defined(WOLFSSL_SP_MATH) 1858 mp_int* x = NULL; 1859 mp_int* z = NULL; 1847 1860 #endif 1848 1861 #else 1849 1862 mp_int y[1]; 1850 #if ndef WOLFSSL_SP_MATH1863 #if !defined(WOLFSSL_SP_MATH) 1851 1864 mp_int x[1]; 1852 1865 mp_int z[1]; … … 1870 1883 if (y == NULL) 1871 1884 return MEMORY_E; 1872 #if ndef WOLFSSL_SP_MATH1885 #if !defined(WOLFSSL_SP_MATH) 1873 1886 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); 1874 1887 if (x == NULL) { … … 1899 1912 mp_clear(y); 1900 1913 #ifdef WOLFSSL_SMALL_STACK 1901 #if ndef WOLFSSL_SP_MATH1914 #if !defined(WOLFSSL_SP_MATH) 1902 1915 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1903 1916 XFREE(x, key->heap, DYNAMIC_TYPE_DH); … … 1921 1934 mp_clear(y); 1922 1935 #ifdef WOLFSSL_SMALL_STACK 1923 #if ndef WOLFSSL_SP_MATH1936 #if !defined(WOLFSSL_SP_MATH) 1924 1937 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1925 1938 XFREE(x, key->heap, DYNAMIC_TYPE_DH); … … 1943 1956 mp_clear(y); 1944 1957 #ifdef WOLFSSL_SMALL_STACK 1945 #if ndef WOLFSSL_SP_MATH1958 #if !defined(WOLFSSL_SP_MATH) 1946 1959 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1947 1960 XFREE(x, key->heap, DYNAMIC_TYPE_DH); … … 1954 1967 #endif 1955 1968 1956 #if ndef WOLFSSL_SP_MATH1969 #if !defined(WOLFSSL_SP_MATH) 1957 1970 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) { 1958 1971 #ifdef WOLFSSL_SMALL_STACK … … 1986 1999 mp_clear(y); 1987 2000 mp_forcezero(x); 2001 #else 2002 ret = WC_KEY_SIZE_E; 1988 2003 #endif 1989 2004 1990 2005 #ifdef WOLFSSL_SMALL_STACK 1991 #if ndef WOLFSSL_SP_MATH2006 #if !defined(WOLFSSL_SP_MATH) 1992 2007 XFREE(z, key->heap, DYNAMIC_TYPE_DH); 1993 2008 XFREE(x, key->heap, DYNAMIC_TYPE_DH); … … 2066 2081 } 2067 2082 2068 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 2083 #ifdef WOLFSSL_DH_EXTRA 2084 WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) 2085 { 2086 int ret; 2087 2088 if (!src || !dst || src == dst) { 2089 WOLFSSL_MSG("Parameters not provided or are the same"); 2090 return BAD_FUNC_ARG; 2091 } 2092 2093 if ((ret = mp_copy(&src->p, &dst->p)) != MP_OKAY) { 2094 WOLFSSL_MSG("mp_copy error"); 2095 return ret; 2096 } 2097 2098 if ((ret = mp_copy(&src->g, &dst->g)) != MP_OKAY) { 2099 WOLFSSL_MSG("mp_copy error"); 2100 return ret; 2101 } 2102 2103 if ((ret = mp_copy(&src->q, &dst->q)) != MP_OKAY) { 2104 WOLFSSL_MSG("mp_copy error"); 2105 return ret; 2106 } 2107 2108 if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) { 2109 WOLFSSL_MSG("mp_copy error"); 2110 return ret; 2111 } 2112 2113 if ((ret = mp_copy(&src->priv, &dst->priv)) != MP_OKAY) { 2114 WOLFSSL_MSG("mp_copy error"); 2115 return ret; 2116 } 2117 2118 dst->heap = src->heap; 2119 2120 return MP_OKAY; 2121 } 2122 2069 2123 /* Sets private and public key in DhKey if both are available, otherwise sets 2070 either private or public key, depending on which is available. 2071 Returns WOLFSSL_SUCCESS if at least one of the keys was set. */ 2072 WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, 2073 const byte* pub_key, word32 pubSz) 2074 { 2075 byte havePriv = 0; 2076 byte havePub = 0; 2077 mp_int* keyPriv = NULL; 2078 mp_int* keyPub = NULL; 2124 either private or public key, depending on which is available. */ 2125 int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, 2126 const byte* pub, word32 pubSz) 2127 { 2128 byte havePriv, havePub; 2129 mp_int *keyPriv = NULL, *keyPub = NULL; 2079 2130 2080 2131 if (key == NULL) { … … 2082 2133 } 2083 2134 2084 havePriv = ( (priv _key!= NULL) && (privSz > 0) );2085 havePub = ( (pub _key!= NULL) && (pubSz > 0) );2135 havePriv = ( (priv != NULL) && (privSz > 0) ); 2136 havePub = ( (pub != NULL) && (pubSz > 0) ); 2086 2137 2087 2138 if (!havePub && !havePriv) { … … 2089 2140 return BAD_FUNC_ARG; 2090 2141 } 2142 2091 2143 /* Set Private Key */ 2092 if (havePriv == TRUE) {2144 if (havePriv) { 2093 2145 /* may have leading 0 */ 2094 if (priv _key[0] == 0) {2095 privSz--; priv _key++;2146 if (priv[0] == 0) { 2147 privSz--; priv++; 2096 2148 } 2097 2149 if (mp_init(&key->priv) != MP_OKAY) 2098 havePriv = FALSE;2099 } 2100 2101 if (havePriv == TRUE) {2102 if (mp_read_unsigned_bin(&key->priv, priv_key, privSz) != MP_OKAY) {2103 havePriv = FALSE;2150 havePriv = 0; 2151 } 2152 if (havePriv) { 2153 if (mp_read_unsigned_bin(&key->priv, priv, privSz) != MP_OKAY) { 2154 mp_clear(&key->priv); 2155 havePriv = 0; 2104 2156 } else { 2105 2157 keyPriv = &key->priv; 2106 WOLFSSL_MSG("DH Private Key Set .");2158 WOLFSSL_MSG("DH Private Key Set"); 2107 2159 } 2108 2160 } 2109 2161 2110 2162 /* Set Public Key */ 2111 if (havePub == TRUE) {2163 if (havePub) { 2112 2164 /* may have leading 0 */ 2113 if (pub _key[0] == 0) {2114 pubSz--; pub _key++;2165 if (pub[0] == 0) { 2166 pubSz--; pub++; 2115 2167 } 2116 2168 if (mp_init(&key->pub) != MP_OKAY) 2117 havePub = FALSE;2118 } 2119 2120 if (havePub == TRUE) {2121 if (mp_read_unsigned_bin(&key->pub, pub_key, pubSz) != MP_OKAY) {2122 havePub = FALSE;2169 havePub = 0; 2170 } 2171 if (havePub) { 2172 if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) { 2173 mp_clear(&key->pub); 2174 havePub = 0; 2123 2175 } else { 2124 2176 keyPub = &key->pub; 2125 WOLFSSL_MSG("DH Public Key Set .");2126 } 2127 } 2128 /* Free Memory if error occur ed */2129 if (havePriv == FALSE&& keyPriv != NULL)2177 WOLFSSL_MSG("DH Public Key Set"); 2178 } 2179 } 2180 /* Free Memory if error occurred */ 2181 if (havePriv == 0 && keyPriv != NULL) 2130 2182 mp_clear(keyPriv); 2131 if (havePub == FALSE&& keyPub != NULL)2183 if (havePub == 0 && keyPub != NULL) 2132 2184 mp_clear(keyPub); 2133 2185 2134 /* WOLFSSL_SUCCESS if private or public was set else WOLFSSL_FAILURE */ 2135 return havePriv || havePub; 2136 } 2137 #endif 2186 if (havePriv == 0 && havePub == 0) { 2187 return MEMORY_E; 2188 } 2189 2190 return 0; 2191 } 2192 2193 /* Can be used with WOLFSSL_DH_EXTRA when key is loaded with 2194 wc_DhKeyDecode or wc_DhImportKeyPair */ 2195 int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, 2196 byte* pub, word32* pPubSz) 2197 { 2198 int ret = 0; 2199 word32 pubSz, privSz; 2200 2201 if (key == NULL || (priv && pPrivSz == NULL) || (pub && pPubSz == NULL)) { 2202 return BAD_FUNC_ARG; 2203 } 2204 2205 if (priv) { 2206 privSz = mp_unsigned_bin_size(&key->priv); 2207 if (privSz > *pPrivSz) { 2208 return BUFFER_E; 2209 } 2210 *pPrivSz = privSz; 2211 ret |= mp_to_unsigned_bin(&key->priv, priv); 2212 } 2213 2214 if (pub) { 2215 pubSz = mp_unsigned_bin_size(&key->pub); 2216 if (pubSz > *pPubSz) { 2217 return BUFFER_E; 2218 } 2219 *pPubSz = pubSz; 2220 ret |= mp_to_unsigned_bin(&key->pub, pub); 2221 } 2222 2223 if (ret != 0) 2224 ret = ASN_DH_KEY_E; 2225 return ret; 2226 } 2227 2228 #endif /* WOLFSSL_DH_EXTRA */ 2138 2229 2139 2230 static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, … … 2368 2459 if (ret == 0) { 2369 2460 /* at this point tmp generates a group of order q mod p */ 2461 #ifndef USE_FAST_MATH 2462 /* Exchanging is quick when the data pointer can be copied. */ 2370 2463 mp_exch(&tmp, &dh->g); 2464 #else 2465 mp_copy(&tmp, &dh->g); 2466 #endif 2371 2467 } 2372 2468 -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/dsa.c
r457 r464 41 41 #define WOLFSSL_MISC_INCLUDED 42 42 #include <wolfcrypt/src/misc.c> 43 #endif 44 45 #ifdef _MSC_VER 46 /* disable for while(0) cases (MSVC bug) */ 47 #pragma warning(disable:4127) 43 48 #endif 44 49 … … 408 413 409 414 /* at this point tmp generates a group of order q mod p */ 415 #ifndef USE_FAST_MATH 416 /* Exchanging is quick when the data pointer can be copied. */ 410 417 mp_exch(&tmp, &dsa->g); 418 #else 419 mp_copy(&tmp, &dsa->g); 420 #endif 411 421 412 422 mp_clear(&tmp); … … 655 665 int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) 656 666 { 657 mp_int k, kInv, r, s, H; 667 #ifdef WOLFSSL_SMALL_STACK 668 mp_int *k = (mp_int *)XMALLOC(sizeof *k, 669 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 670 mp_int *kInv = (mp_int *)XMALLOC(sizeof *kInv, 671 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 672 mp_int *r = (mp_int *)XMALLOC(sizeof *r, 673 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 674 mp_int *s = (mp_int *)XMALLOC(sizeof *s, 675 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 676 mp_int *H = (mp_int *)XMALLOC(sizeof *H, 677 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 658 678 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME 659 mp_int b; 679 mp_int *b = (mp_int *)XMALLOC(sizeof *b, 680 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 681 #endif 682 byte *buffer = (byte *)XMALLOC(DSA_HALF_SIZE, key->heap, 683 DYNAMIC_TYPE_TMP_BUFFER); 684 #else 685 mp_int k[1], kInv[1], r[1], s[1], H[1]; 686 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME 687 mp_int b[1]; 688 #endif 689 byte buffer[DSA_HALF_SIZE]; 660 690 #endif 661 691 mp_int* qMinus1; 662 int ret = 0, sz; 663 byte buffer[DSA_HALF_SIZE]; 692 int ret = 0, sz = 0; 664 693 byte* tmp; /* initial output pointer */ 665 694 666 if (digest == NULL || out == NULL || key == NULL || rng == NULL) { 667 return BAD_FUNC_ARG; 668 } 669 670 tmp = out; 671 672 sz = min((int)sizeof(buffer), mp_unsigned_bin_size(&key->q)); 673 695 do { 674 696 #ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME 675 if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)697 if (mp_init_multi(k, kInv, r, s, H, 0) != MP_OKAY) 676 698 #else 677 if (mp_init_multi(&k, &kInv, &r, &s, &H, &b) != MP_OKAY) 678 #endif 679 { 680 return MP_INIT_E; 681 } 682 qMinus1 = &kInv; 683 684 /* NIST FIPS 186-4: B.2.2 685 * Per-Message Secret Number Generation by Testing Candidates 686 * Generate k in range [1, q-1]. 687 * Check that k is less than q-1: range [0, q-2]. 688 * Add 1 to k: range [1, q-1]. 689 */ 690 if (mp_sub_d(&key->q, 1, qMinus1)) 691 ret = MP_SUB_E; 692 693 if (ret == 0) { 699 if (mp_init_multi(k, kInv, r, s, H, b) != MP_OKAY) 700 #endif 701 { 702 ret = MP_INIT_E; 703 break; 704 } 705 706 #ifdef WOLFSSL_SMALL_STACK 707 if ((k == NULL) || 708 (kInv == NULL) || 709 (r == NULL) || 710 (s == NULL) || 711 (H == NULL) 712 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME 713 || (b == NULL) 714 #endif 715 || (buffer == NULL)) { 716 ret = MEMORY_E; 717 break; 718 } 719 #endif 720 721 if (digest == NULL || out == NULL || key == NULL || rng == NULL) { 722 ret = BAD_FUNC_ARG; 723 break; 724 } 725 726 sz = min(DSA_HALF_SIZE, mp_unsigned_bin_size(&key->q)); 727 tmp = out; 728 qMinus1 = kInv; 729 730 /* NIST FIPS 186-4: B.2.2 731 * Per-Message Secret Number Generation by Testing Candidates 732 * Generate k in range [1, q-1]. 733 * Check that k is less than q-1: range [0, q-2]. 734 * Add 1 to k: range [1, q-1]. 735 */ 736 if (mp_sub_d(&key->q, 1, qMinus1)) { 737 ret = MP_SUB_E; 738 break; 739 } 740 694 741 do { 695 742 /* Step 4: generate k */ 696 ret = wc_RNG_GenerateBlock(rng, buffer, sz); 743 if ((ret = wc_RNG_GenerateBlock(rng, buffer, sz))) { 744 break; 745 } 697 746 698 747 /* Step 5 */ 699 if ( ret == 0 && mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY)748 if (mp_read_unsigned_bin(k, buffer, sz) != MP_OKAY) { 700 749 ret = MP_READ_E; 750 break; 751 } 701 752 702 753 /* k is a random numnber and it should be less than q-1 703 754 * if k greater than repeat 704 755 */ 705 /* Step 6 */ 706 } while (ret == 0 && mp_cmp(&k, qMinus1) != MP_LT); 707 } 708 /* Step 7 */ 709 if (ret == 0 && mp_add_d(&k, 1, &k) != MP_OKAY) 710 ret = MP_MOD_E; 756 /* Step 6 */ 757 } while (mp_cmp(k, qMinus1) != MP_LT); 758 759 if (ret != 0) 760 break; 761 762 /* Step 7 */ 763 if (mp_add_d(k, 1, k) != MP_OKAY) { 764 ret = MP_MOD_E; 765 break; 766 } 711 767 712 768 #ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME 713 /* inverse k mod q */ 714 if (ret == 0 && mp_invmod(&k, &key->q, &kInv) != MP_OKAY) 715 ret = MP_INVMOD_E; 716 717 /* generate r, r = (g exp k mod p) mod q */ 718 if (ret == 0 && mp_exptmod_ex(&key->g, &k, key->q.used, &key->p, 719 &r) != MP_OKAY) { 720 ret = MP_EXPTMOD_E; 721 } 722 723 if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY) 724 ret = MP_MOD_E; 725 726 /* generate H from sha digest */ 727 if (ret == 0 && mp_read_unsigned_bin(&H, digest,WC_SHA_DIGEST_SIZE) != MP_OKAY) 728 ret = MP_READ_E; 729 730 /* generate s, s = (kInv * (H + x*r)) % q */ 731 if (ret == 0 && mp_mul(&key->x, &r, &s) != MP_OKAY) 732 ret = MP_MUL_E; 733 734 if (ret == 0 && mp_add(&s, &H, &s) != MP_OKAY) 735 ret = MP_ADD_E; 736 737 if (ret == 0 && mp_mulmod(&s, &kInv, &key->q, &s) != MP_OKAY) 738 ret = MP_MULMOD_E; 769 /* inverse k mod q */ 770 if (mp_invmod(k, &key->q, kInv) != MP_OKAY) { 771 ret = MP_INVMOD_E; 772 break; 773 } 774 775 /* generate r, r = (g exp k mod p) mod q */ 776 if (mp_exptmod_ex(&key->g, k, key->q.used, &key->p, r) != MP_OKAY) { 777 ret = MP_EXPTMOD_E; 778 break; 779 } 780 781 if (mp_mod(r, &key->q, r) != MP_OKAY) { 782 ret = MP_MOD_E; 783 break; 784 } 785 786 /* generate H from sha digest */ 787 if (mp_read_unsigned_bin(H, digest,WC_SHA_DIGEST_SIZE) != MP_OKAY) { 788 ret = MP_READ_E; 789 break; 790 } 791 792 /* generate s, s = (kInv * (H + x*r)) % q */ 793 if (mp_mul(&key->x, r, s) != MP_OKAY) { 794 ret = MP_MUL_E; 795 break; 796 } 797 798 if (mp_add(s, H, s) != MP_OKAY) { 799 ret = MP_ADD_E; 800 break; 801 } 802 803 if (mp_mulmod(s, kInv, &key->q, s) != MP_OKAY) { 804 ret = MP_MULMOD_E; 805 break; 806 } 739 807 #else 740 /* Blinding value 741 * Generate b in range [1, q-1]. 742 */ 743 if (ret == 0) { 808 /* Blinding value 809 * Generate b in range [1, q-1]. 810 */ 744 811 do { 745 ret = wc_RNG_GenerateBlock(rng, buffer, sz); 746 if (ret == 0 && mp_read_unsigned_bin(&b, buffer, sz) != MP_OKAY) 812 if ((ret = wc_RNG_GenerateBlock(rng, buffer, sz))) { 813 break; 814 } 815 if (mp_read_unsigned_bin(b, buffer, sz) != MP_OKAY) { 747 816 ret = MP_READ_E; 748 } while (ret == 0 && mp_cmp(&b, qMinus1) != MP_LT); 749 } 750 if (ret == 0 && mp_add_d(&b, 1, &b) != MP_OKAY) 751 ret = MP_MOD_E; 752 753 /* set H from sha digest */ 754 if (ret == 0 && mp_read_unsigned_bin(&H, digest, 755 WC_SHA_DIGEST_SIZE) != MP_OKAY) { 756 ret = MP_READ_E; 757 } 758 759 /* generate r, r = (g exp k mod p) mod q */ 760 if (ret == 0 && mp_exptmod_ex(&key->g, &k, key->q.used, &key->p, 761 &r) != MP_OKAY) { 762 ret = MP_EXPTMOD_E; 763 } 764 765 /* calculate s = (H + xr)/k 766 = b.(H/k.b + x.r/k.b) */ 767 768 /* k = k.b */ 769 if (ret == 0 && mp_mulmod(&k, &b, &key->q, &k) != MP_OKAY) 770 ret = MP_MULMOD_E; 771 772 /* kInv = 1/k.b mod q */ 773 if (ret == 0 && mp_invmod(&k, &key->q, &kInv) != MP_OKAY) 774 ret = MP_INVMOD_E; 775 776 if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY) 777 ret = MP_MOD_E; 778 779 /* s = x.r */ 780 if (ret == 0 && mp_mul(&key->x, &r, &s) != MP_OKAY) 781 ret = MP_MUL_E; 782 783 /* s = x.r/k.b */ 784 if (ret == 0 && mp_mulmod(&s, &kInv, &key->q, &s) != MP_OKAY) 785 ret = MP_MULMOD_E; 786 787 /* H = H/k.b */ 788 if (ret == 0 && mp_mulmod(&H, &kInv, &key->q, &H) != MP_OKAY) 789 ret = MP_MULMOD_E; 790 791 /* s = H/k.b + x.r/k.b 792 = (H + x.r)/k.b */ 793 if (ret == 0 && mp_add(&s, &H, &s) != MP_OKAY) 794 ret = MP_ADD_E; 795 796 /* s = b.(e + x.r)/k.b 797 = (e + x.r)/k */ 798 if (ret == 0 && mp_mulmod(&s, &b, &key->q, &s) != MP_OKAY) 799 ret = MP_MULMOD_E; 800 801 /* s = (e + x.r)/k */ 802 if (ret == 0 && mp_mod(&s, &key->q, &s) != MP_OKAY) 803 ret = MP_MOD_E; 804 #endif 805 806 /* detect zero r or s */ 807 if (ret == 0 && (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES)) 808 ret = MP_ZERO_E; 809 810 /* write out */ 811 if (ret == 0) { 812 int rSz = mp_unsigned_bin_size(&r); 813 int sSz = mp_unsigned_bin_size(&s); 814 815 while (rSz++ < DSA_HALF_SIZE) { 816 *out++ = 0x00; /* pad front with zeros */ 817 } 818 819 if (mp_to_unsigned_bin(&r, out) != MP_OKAY) 820 ret = MP_TO_E; 821 else { 822 out = tmp + DSA_HALF_SIZE; /* advance to s in output */ 823 while (sSz++ < DSA_HALF_SIZE) { 817 break; 818 } 819 } while (mp_cmp(b, qMinus1) != MP_LT); 820 821 if (ret != 0) 822 break; 823 824 if (mp_add_d(b, 1, b) != MP_OKAY) { 825 ret = MP_MOD_E; 826 break; 827 } 828 829 /* set H from sha digest */ 830 if (mp_read_unsigned_bin(H, digest, WC_SHA_DIGEST_SIZE) != MP_OKAY) { 831 ret = MP_READ_E; 832 break; 833 } 834 835 /* generate r, r = (g exp k mod p) mod q */ 836 if (mp_exptmod_ex(&key->g, k, key->q.used, &key->p, r) != MP_OKAY) { 837 ret = MP_EXPTMOD_E; 838 break; 839 } 840 841 /* calculate s = (H + xr)/k = b.(H/k.b + x.r/k.b) */ 842 843 /* k = k.b */ 844 if (mp_mulmod(k, b, &key->q, k) != MP_OKAY) { 845 ret = MP_MULMOD_E; 846 break; 847 } 848 849 /* kInv = 1/k.b mod q */ 850 if (mp_invmod(k, &key->q, kInv) != MP_OKAY) { 851 ret = MP_INVMOD_E; 852 break; 853 } 854 855 if (mp_mod(r, &key->q, r) != MP_OKAY) { 856 ret = MP_MOD_E; 857 break; 858 } 859 860 /* s = x.r */ 861 if (mp_mul(&key->x, r, s) != MP_OKAY) { 862 ret = MP_MUL_E; 863 break; 864 } 865 866 /* s = x.r/k.b */ 867 if (mp_mulmod(s, kInv, &key->q, s) != MP_OKAY) { 868 ret = MP_MULMOD_E; 869 break; 870 } 871 872 /* H = H/k.b */ 873 if (mp_mulmod(H, kInv, &key->q, H) != MP_OKAY) { 874 ret = MP_MULMOD_E; 875 break; 876 } 877 878 /* s = H/k.b + x.r/k.b = (H + x.r)/k.b */ 879 if (mp_add(s, H, s) != MP_OKAY) { 880 ret = MP_ADD_E; 881 break; 882 } 883 884 /* s = b.(e + x.r)/k.b = (e + x.r)/k */ 885 if (mp_mulmod(s, b, &key->q, s) != MP_OKAY) { 886 ret = MP_MULMOD_E; 887 break; 888 } 889 890 /* s = (e + x.r)/k */ 891 if (mp_mod(s, &key->q, s) != MP_OKAY) { 892 ret = MP_MOD_E; 893 break; 894 } 895 #endif 896 897 /* detect zero r or s */ 898 if ((mp_iszero(r) == MP_YES) || (mp_iszero(s) == MP_YES)) { 899 ret = MP_ZERO_E; 900 break; 901 } 902 903 /* write out */ 904 { 905 int rSz = mp_unsigned_bin_size(r); 906 int sSz = mp_unsigned_bin_size(s); 907 908 while (rSz++ < DSA_HALF_SIZE) { 824 909 *out++ = 0x00; /* pad front with zeros */ 825 910 } 826 ret = mp_to_unsigned_bin(&s, out); 827 } 828 } 829 830 ForceZero(buffer, sz); 831 mp_forcezero(&kInv); 832 mp_forcezero(&k); 911 912 if (mp_to_unsigned_bin(r, out) != MP_OKAY) 913 ret = MP_TO_E; 914 else { 915 out = tmp + DSA_HALF_SIZE; /* advance to s in output */ 916 while (sSz++ < DSA_HALF_SIZE) { 917 *out++ = 0x00; /* pad front with zeros */ 918 } 919 ret = mp_to_unsigned_bin(s, out); 920 } 921 } 922 } while (0); 923 924 #ifdef WOLFSSL_SMALL_STACK 925 if (k) { 926 if (ret != MP_INIT_E) 927 mp_forcezero(k); 928 XFREE(k, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 929 } 930 if (kInv) { 931 if (ret != MP_INIT_E) 932 mp_forcezero(kInv); 933 XFREE(kInv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 934 } 935 if (r) { 936 if (ret != MP_INIT_E) 937 mp_clear(r); 938 XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 939 } 940 if (s) { 941 if (ret != MP_INIT_E) 942 mp_clear(s); 943 XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 944 } 945 if (H) { 946 if (ret != MP_INIT_E) 947 mp_clear(H); 948 XFREE(H, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 949 } 833 950 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME 834 mp_forcezero(&b); 835 836 mp_clear(&b); 837 #endif 838 mp_clear(&H); 839 mp_clear(&s); 840 mp_clear(&r); 841 mp_clear(&kInv); 842 mp_clear(&k); 951 if (b) { 952 if (ret != MP_INIT_E) 953 mp_forcezero(b); 954 XFREE(b, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 955 } 956 #endif 957 if (buffer) { 958 ForceZero(buffer, sz); 959 XFREE(buffer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 960 } 961 #else /* !WOLFSSL_SMALL_STACK */ 962 if (ret != MP_INIT_E) { 963 ForceZero(buffer, sz); 964 mp_forcezero(kInv); 965 mp_forcezero(k); 966 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME 967 mp_forcezero(b); 968 #endif 969 mp_clear(H); 970 mp_clear(s); 971 mp_clear(r); 972 } 973 #endif 843 974 844 975 return ret; … … 848 979 int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer) 849 980 { 850 mp_int w, u1, u2, v, r, s; 981 #ifdef WOLFSSL_SMALL_STACK 982 mp_int *w = (mp_int *)XMALLOC(sizeof *w, 983 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 984 mp_int *u1 = (mp_int *)XMALLOC(sizeof *u1, 985 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 986 mp_int *u2 = (mp_int *)XMALLOC(sizeof *u2, 987 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 988 mp_int *v = (mp_int *)XMALLOC(sizeof *v, 989 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 990 mp_int *r = (mp_int *)XMALLOC(sizeof *r, 991 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 992 mp_int *s = (mp_int *)XMALLOC(sizeof *s, 993 key->heap, DYNAMIC_TYPE_TMP_BUFFER); 994 #else 995 mp_int w[1], u1[1], u2[1], v[1], r[1], s[1]; 996 #endif 851 997 int ret = 0; 852 998 853 if (digest == NULL || sig == NULL || key == NULL || answer == NULL) { 854 return BAD_FUNC_ARG; 855 } 856 857 if (mp_init_multi(&w, &u1, &u2, &v, &r, &s) != MP_OKAY) 858 return MP_INIT_E; 859 860 /* set r and s from signature */ 861 if (mp_read_unsigned_bin(&r, sig, DSA_HALF_SIZE) != MP_OKAY || 862 mp_read_unsigned_bin(&s, sig + DSA_HALF_SIZE, DSA_HALF_SIZE) != MP_OKAY) 863 ret = MP_READ_E; 864 865 /* sanity checks */ 866 if (ret == 0) { 867 if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES || 868 mp_cmp(&r, &key->q) != MP_LT || mp_cmp(&s, &key->q) != MP_LT) { 999 do { 1000 if (mp_init_multi(w, u1, u2, v, r, s) != MP_OKAY) { 1001 ret = MP_INIT_E; 1002 break; 1003 } 1004 1005 if (digest == NULL || sig == NULL || key == NULL || answer == NULL) { 1006 ret = BAD_FUNC_ARG; 1007 break; 1008 } 1009 1010 #ifdef WOLFSSL_SMALL_STACK 1011 if ((w == NULL) || 1012 (u1 == NULL) || 1013 (u2 == NULL) || 1014 (v == NULL) || 1015 (r == NULL) || 1016 (s == NULL)) { 1017 ret = MEMORY_E; 1018 break; 1019 } 1020 #endif 1021 1022 /* set r and s from signature */ 1023 if (mp_read_unsigned_bin(r, sig, DSA_HALF_SIZE) != MP_OKAY || 1024 mp_read_unsigned_bin(s, sig + DSA_HALF_SIZE, DSA_HALF_SIZE) != MP_OKAY) { 1025 ret = MP_READ_E; 1026 break; 1027 } 1028 1029 /* sanity checks */ 1030 if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || 1031 mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) { 869 1032 ret = MP_ZERO_E; 870 } 871 } 872 873 /* put H into u1 from sha digest */ 874 if (ret == 0 && mp_read_unsigned_bin(&u1,digest,WC_SHA_DIGEST_SIZE) != MP_OKAY) 875 ret = MP_READ_E; 876 877 /* w = s invmod q */ 878 if (ret == 0 && mp_invmod(&s, &key->q, &w) != MP_OKAY) 879 ret = MP_INVMOD_E; 880 881 /* u1 = (H * w) % q */ 882 if (ret == 0 && mp_mulmod(&u1, &w, &key->q, &u1) != MP_OKAY) 883 ret = MP_MULMOD_E; 884 885 /* u2 = (r * w) % q */ 886 if (ret == 0 && mp_mulmod(&r, &w, &key->q, &u2) != MP_OKAY) 887 ret = MP_MULMOD_E; 888 889 /* verify v = ((g^u1 * y^u2) mod p) mod q */ 890 if (ret == 0 && mp_exptmod(&key->g, &u1, &key->p, &u1) != MP_OKAY) 891 ret = MP_EXPTMOD_E; 892 893 if (ret == 0 && mp_exptmod(&key->y, &u2, &key->p, &u2) != MP_OKAY) 894 ret = MP_EXPTMOD_E; 895 896 if (ret == 0 && mp_mulmod(&u1, &u2, &key->p, &v) != MP_OKAY) 897 ret = MP_MULMOD_E; 898 899 if (ret == 0 && mp_mod(&v, &key->q, &v) != MP_OKAY) 900 ret = MP_MULMOD_E; 901 902 /* do they match */ 903 if (ret == 0 && mp_cmp(&r, &v) == MP_EQ) 904 *answer = 1; 905 else 906 *answer = 0; 907 908 mp_clear(&s); 909 mp_clear(&r); 910 mp_clear(&u1); 911 mp_clear(&u2); 912 mp_clear(&w); 913 mp_clear(&v); 1033 break; 1034 } 1035 1036 /* put H into u1 from sha digest */ 1037 if (mp_read_unsigned_bin(u1,digest,WC_SHA_DIGEST_SIZE) != MP_OKAY) { 1038 ret = MP_READ_E; 1039 break; 1040 } 1041 1042 /* w = s invmod q */ 1043 if (mp_invmod(s, &key->q, w) != MP_OKAY) { 1044 ret = MP_INVMOD_E; 1045 break; 1046 } 1047 1048 /* u1 = (H * w) % q */ 1049 if (mp_mulmod(u1, w, &key->q, u1) != MP_OKAY) { 1050 ret = MP_MULMOD_E; 1051 break; 1052 } 1053 1054 /* u2 = (r * w) % q */ 1055 if (mp_mulmod(r, w, &key->q, u2) != MP_OKAY) { 1056 ret = MP_MULMOD_E; 1057 break; 1058 } 1059 1060 /* verify v = ((g^u1 * y^u2) mod p) mod q */ 1061 if (mp_exptmod(&key->g, u1, &key->p, u1) != MP_OKAY) { 1062 ret = MP_EXPTMOD_E; 1063 break; 1064 } 1065 1066 if (mp_exptmod(&key->y, u2, &key->p, u2) != MP_OKAY) { 1067 ret = MP_EXPTMOD_E; 1068 break; 1069 } 1070 1071 if (mp_mulmod(u1, u2, &key->p, v) != MP_OKAY) { 1072 ret = MP_MULMOD_E; 1073 break; 1074 } 1075 1076 if (mp_mod(v, &key->q, v) != MP_OKAY) { 1077 ret = MP_MULMOD_E; 1078 break; 1079 } 1080 1081 /* do they match */ 1082 if (mp_cmp(r, v) == MP_EQ) 1083 *answer = 1; 1084 else 1085 *answer = 0; 1086 } while (0); 1087 1088 #ifdef WOLFSSL_SMALL_STACK 1089 if (s) { 1090 if (ret != MP_INIT_E) 1091 mp_clear(s); 1092 XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1093 } 1094 if (r) { 1095 if (ret != MP_INIT_E) 1096 mp_clear(r); 1097 XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1098 } 1099 if (u1) { 1100 if (ret != MP_INIT_E) 1101 mp_clear(u1); 1102 XFREE(u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1103 } 1104 if (u2) { 1105 if (ret != MP_INIT_E) 1106 mp_clear(u2); 1107 XFREE(u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1108 } 1109 if (w) { 1110 if (ret != MP_INIT_E) 1111 mp_clear(w); 1112 XFREE(w, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1113 } 1114 if (v) { 1115 if (ret != MP_INIT_E) 1116 mp_clear(v); 1117 XFREE(v, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 1118 } 1119 #else 1120 if (ret != MP_INIT_E) { 1121 mp_clear(s); 1122 mp_clear(r); 1123 mp_clear(u1); 1124 mp_clear(u2); 1125 mp_clear(w); 1126 mp_clear(v); 1127 } 1128 #endif 914 1129 915 1130 return ret; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/ecc.c
r457 r464 49 49 * Includes the curve "a" variable in calculation 50 50 * ECC_DUMP_OID: Enables dump of OID encoding and sum default: off 51 * ECC_CACHE_CURVE: Enables cache of curve info to improve per ofrmance51 * ECC_CACHE_CURVE: Enables cache of curve info to improve performance 52 52 default: off 53 53 * FP_ECC: ECC Fixed Point Cache default: off … … 57 57 For the ECC curve paramaters `ecc_set_type` use fixed 58 58 array for hex string 59 * WC_ECC_NONBLOCK: Enable non-blocking support for sign/verify. 60 Requires SP with WOLFSSL_SP_NONBLOCK 61 * WC_ECC_NONBLOCK_ONLY Enable the non-blocking function only, no fall-back to 62 normal blocking API's 63 * WOLFSSL_ECDSA_SET_K: Enables the setting of the 'k' value to use during ECDSA 64 * signing. If the value is invalid, a new random 'k' is 65 * generated in the loop. (For testing) 66 * default: off 67 * WOLFSSL_ECDSA_SET_K_ONE_LOOP: 68 * Enables the setting of the 'k' value to use during ECDSA 69 * signing. If the value is invalid then an error is 70 * returned rather than generating a new 'k'. (For testing) 71 * default: off 59 72 */ 60 73 … … 72 85 * ECC_USER_CURVES: Allows custom combination of key sizes below 73 86 * HAVE_ALL_CURVES: Enable all key sizes (on unless ECC_USER_CURVES is defined) 87 * ECC_MIN_KEY_SZ: Minimum supported ECC key size 74 88 * HAVE_ECC112: 112 bit key 75 89 * HAVE_ECC128: 128 bit key … … 142 156 #endif 143 157 144 #ifdef WOLFSSL_SP_MATH 158 #if defined(WOLFSSL_PSOC6_CRYPTO) 159 #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h> 160 #endif 161 162 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) 145 163 #define GEN_MEM_ERR MP_MEM 146 164 #elif defined(USE_FAST_MATH) … … 172 190 173 191 /* 256-bit curve on by default whether user curves or not */ 174 #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)192 #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 175 193 #define ECC112 176 194 #endif 177 #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)195 #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 178 196 #define ECC128 179 197 #endif 180 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)198 #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 181 199 #define ECC160 182 200 #endif 183 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)201 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 184 202 #define ECC192 185 203 #endif 186 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)204 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 187 205 #define ECC224 188 206 #endif 189 #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)207 #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239 190 208 #define ECC239 191 209 #endif 192 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)210 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 193 211 #define ECC256 194 212 #endif 195 #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)213 #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320 196 214 #define ECC320 197 215 #endif 198 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)216 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 199 217 #define ECC384 200 218 #endif 201 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)219 #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 202 220 #define ECC512 203 221 #endif 204 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)222 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 205 223 #define ECC521 206 224 #endif … … 988 1006 "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", /* Gx */ 989 1007 "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", /* Gy */ 990 1008 ecc_oid_secp256r1, /* oid/oidSz */ 991 1009 ecc_oid_secp256r1_sz, 992 1010 ECC_SECP256R1_OID, /* oid sum */ … … 1161 1179 1162 1180 #if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \ 1163 !defined(WOLFSSL_ATECC508A) 1181 !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) 1164 1182 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, 1165 1183 mp_int* prime, mp_int* order); … … 1258 1276 #endif /* ECC_CACHE_CURVE */ 1259 1277 1260 static void _wc_ecc_curve_free(ecc_curve_spec* curve) 1278 static void wc_ecc_curve_cache_free_spec_item(ecc_curve_spec* curve, mp_int* item, 1279 byte mask) 1280 { 1281 if (item) { 1282 #ifdef HAVE_WOLF_BIGINT 1283 wc_bigint_free(&item->raw); 1284 #endif 1285 mp_clear(item); 1286 } 1287 curve->load_mask &= ~mask; 1288 } 1289 static void wc_ecc_curve_cache_free_spec(ecc_curve_spec* curve) 1261 1290 { 1262 1291 if (curve == NULL) { … … 1265 1294 1266 1295 if (curve->load_mask & ECC_CURVE_FIELD_PRIME) 1267 mp_clear(curve->prime);1296 wc_ecc_curve_cache_free_spec_item(curve, curve->prime, ECC_CURVE_FIELD_PRIME); 1268 1297 if (curve->load_mask & ECC_CURVE_FIELD_AF) 1269 mp_clear(curve->Af);1298 wc_ecc_curve_cache_free_spec_item(curve, curve->Af, ECC_CURVE_FIELD_AF); 1270 1299 #ifdef USE_ECC_B_PARAM 1271 1300 if (curve->load_mask & ECC_CURVE_FIELD_BF) 1272 mp_clear(curve->Bf);1301 wc_ecc_curve_cache_free_spec_item(curve, curve->Bf, ECC_CURVE_FIELD_BF); 1273 1302 #endif 1274 1303 if (curve->load_mask & ECC_CURVE_FIELD_ORDER) 1275 mp_clear(curve->order);1304 wc_ecc_curve_cache_free_spec_item(curve, curve->order, ECC_CURVE_FIELD_ORDER); 1276 1305 if (curve->load_mask & ECC_CURVE_FIELD_GX) 1277 mp_clear(curve->Gx);1306 wc_ecc_curve_cache_free_spec_item(curve, curve->Gx, ECC_CURVE_FIELD_GX); 1278 1307 if (curve->load_mask & ECC_CURVE_FIELD_GY) 1279 mp_clear(curve->Gy);1308 wc_ecc_curve_cache_free_spec_item(curve, curve->Gy, ECC_CURVE_FIELD_GY); 1280 1309 1281 1310 curve->load_mask = 0; … … 1284 1313 static void wc_ecc_curve_free(ecc_curve_spec* curve) 1285 1314 { 1286 /* don't free cached curves */ 1287 #ifndef ECC_CACHE_CURVE 1288 _wc_ecc_curve_free(curve); 1289 #endif 1290 (void)curve; 1291 } 1292 1293 static int wc_ecc_curve_load_item(const char* src, mp_int** dst, 1294 ecc_curve_spec* curve, byte mask) 1315 if (curve) { 1316 #ifdef ECC_CACHE_CURVE 1317 #ifdef WOLFSSL_CUSTOM_CURVES 1318 /* only free custom curves (rest are globally cached) */ 1319 if (curve->dp && curve->dp->id == ECC_CURVE_CUSTOM) { 1320 wc_ecc_curve_cache_free_spec(curve); 1321 XFREE(curve, NULL, DYNAMIC_TYPE_ECC); 1322 } 1323 #endif 1324 #else 1325 wc_ecc_curve_cache_free_spec(curve); 1326 #endif 1327 } 1328 } 1329 1330 static int wc_ecc_curve_cache_load_item(ecc_curve_spec* curve, const char* src, 1331 mp_int** dst, byte mask) 1295 1332 { 1296 1333 int err; … … 1322 1359 byte load_mask) 1323 1360 { 1324 int ret = 0 , x;1361 int ret = 0; 1325 1362 ecc_curve_spec* curve; 1326 1363 byte load_items = 0; /* mask of items to load */ 1364 #ifdef ECC_CACHE_CURVE 1365 int x; 1366 #endif 1327 1367 1328 1368 if (dp == NULL || pCurve == NULL) … … 1342 1382 1343 1383 /* make sure cache has been allocated */ 1344 if (ecc_curve_spec_cache[x] == NULL) { 1345 ecc_curve_spec_cache[x] = (ecc_curve_spec*)XMALLOC( 1346 sizeof(ecc_curve_spec), NULL, DYNAMIC_TYPE_ECC); 1347 if (ecc_curve_spec_cache[x] == NULL) { 1384 if (ecc_curve_spec_cache[x] == NULL 1385 #ifdef WOLFSSL_CUSTOM_CURVES 1386 || dp->id == ECC_CURVE_CUSTOM 1387 #endif 1388 ) { 1389 curve = (ecc_curve_spec*)XMALLOC(sizeof(ecc_curve_spec), NULL, DYNAMIC_TYPE_ECC); 1390 if (curve == NULL) { 1348 1391 #if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) 1349 1392 wc_UnLockMutex(&ecc_curve_cache_mutex); … … 1351 1394 return MEMORY_E; 1352 1395 } 1353 XMEMSET(ecc_curve_spec_cache[x], 0, sizeof(ecc_curve_spec)); 1354 } 1355 1356 /* set curve pointer to cache */ 1357 *pCurve = ecc_curve_spec_cache[x]; 1358 1396 XMEMSET(curve, 0, sizeof(ecc_curve_spec)); 1397 1398 /* set curve pointer to cache */ 1399 #ifdef WOLFSSL_CUSTOM_CURVES 1400 if (dp->id != ECC_CURVE_CUSTOM) 1401 #endif 1402 { 1403 ecc_curve_spec_cache[x] = curve; 1404 } 1405 } 1406 else { 1407 curve = ecc_curve_spec_cache[x]; 1408 } 1409 /* return new or cached curve */ 1410 *pCurve = curve; 1411 #else 1412 curve = *pCurve; 1359 1413 #endif /* ECC_CACHE_CURVE */ 1360 curve = *pCurve;1361 1414 1362 1415 /* make sure the curve is initialized */ … … 1382 1435 1383 1436 /* load items */ 1384 x = 0;1385 1437 if (load_items & ECC_CURVE_FIELD_PRIME) 1386 x += wc_ecc_curve_load_item(dp->prime, &curve->prime, curve,1438 ret += wc_ecc_curve_cache_load_item(curve, dp->prime, &curve->prime, 1387 1439 ECC_CURVE_FIELD_PRIME); 1388 1440 if (load_items & ECC_CURVE_FIELD_AF) 1389 x += wc_ecc_curve_load_item(dp->Af, &curve->Af, curve,1441 ret += wc_ecc_curve_cache_load_item(curve, dp->Af, &curve->Af, 1390 1442 ECC_CURVE_FIELD_AF); 1391 1443 #ifdef USE_ECC_B_PARAM 1392 1444 if (load_items & ECC_CURVE_FIELD_BF) 1393 x += wc_ecc_curve_load_item(dp->Bf, &curve->Bf, curve,1445 ret += wc_ecc_curve_cache_load_item(curve, dp->Bf, &curve->Bf, 1394 1446 ECC_CURVE_FIELD_BF); 1395 1447 #endif 1396 1448 if (load_items & ECC_CURVE_FIELD_ORDER) 1397 x += wc_ecc_curve_load_item(dp->order, &curve->order, curve,1449 ret += wc_ecc_curve_cache_load_item(curve, dp->order, &curve->order, 1398 1450 ECC_CURVE_FIELD_ORDER); 1399 1451 if (load_items & ECC_CURVE_FIELD_GX) 1400 x += wc_ecc_curve_load_item(dp->Gx, &curve->Gx, curve,1452 ret += wc_ecc_curve_cache_load_item(curve, dp->Gx, &curve->Gx, 1401 1453 ECC_CURVE_FIELD_GX); 1402 1454 if (load_items & ECC_CURVE_FIELD_GY) 1403 x += wc_ecc_curve_load_item(dp->Gy, &curve->Gy, curve,1455 ret += wc_ecc_curve_cache_load_item(curve, dp->Gy, &curve->Gy, 1404 1456 ECC_CURVE_FIELD_GY); 1405 1457 1406 1458 /* check for error */ 1407 if ( x!= 0) {1459 if (ret != 0) { 1408 1460 wc_ecc_curve_free(curve); 1409 1461 ret = MP_READ_E; … … 1434 1486 for (x = 0; x < (int)ECC_SET_COUNT; x++) { 1435 1487 if (ecc_curve_spec_cache[x]) { 1436 _wc_ecc_curve_free(ecc_curve_spec_cache[x]);1488 wc_ecc_curve_cache_free_spec(ecc_curve_spec_cache[x]); 1437 1489 XFREE(ecc_curve_spec_cache[x], NULL, DYNAMIC_TYPE_ECC); 1438 1490 ecc_curve_spec_cache[x] = NULL; … … 1510 1562 1511 1563 1512 #if ndef WOLFSSL_ATECC508A1564 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) 1513 1565 1514 1566 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL) … … 1527 1579 mp_int* a, mp_int* modulus, mp_digit mp) 1528 1580 { 1529 #if ndef WOLFSSL_SP_MATH1581 #if !defined(WOLFSSL_SP_MATH) 1530 1582 #ifdef WOLFSSL_SMALL_STACK 1531 1583 mp_int* t1 = NULL; … … 1612 1664 1613 1665 /* should we dbl instead? */ 1614 if (err == MP_OKAY) 1666 if (err == MP_OKAY) { 1667 #ifdef ECC_TIMING_RESISTANT 1668 err = mp_submod_ct(modulus, Q->y, modulus, t1); 1669 #else 1615 1670 err = mp_sub(modulus, Q->y, t1); 1671 #endif 1672 } 1616 1673 if (err == MP_OKAY) { 1617 1674 if ( (mp_cmp(P->x, Q->x) == MP_EQ) && … … 1721 1778 /* Y = Y - T1 */ 1722 1779 if (err == MP_OKAY) 1723 err = mp_sub(y, t1, y); 1724 if (err == MP_OKAY) { 1725 if (mp_isneg(y)) 1726 err = mp_add(y, modulus, y); 1727 } 1780 err = mp_submod_ct(y, t1, modulus, y); 1728 1781 /* T1 = 2T1 */ 1729 1782 if (err == MP_OKAY) 1730 err = mp_add(t1, t1, t1); 1731 if (err == MP_OKAY) { 1732 if (mp_cmp(t1, modulus) != MP_LT) 1733 err = mp_sub(t1, modulus, t1); 1734 } 1783 err = mp_addmod_ct(t1, t1, modulus, t1); 1735 1784 /* T1 = Y + T1 */ 1736 1785 if (err == MP_OKAY) 1737 err = mp_add(t1, y, t1); 1738 if (err == MP_OKAY) { 1739 if (mp_cmp(t1, modulus) != MP_LT) 1740 err = mp_sub(t1, modulus, t1); 1741 } 1786 err = mp_addmod_ct(t1, y, modulus, t1); 1742 1787 /* X = X - T2 */ 1743 1788 if (err == MP_OKAY) 1744 err = mp_sub(x, t2, x); 1745 if (err == MP_OKAY) { 1746 if (mp_isneg(x)) 1747 err = mp_add(x, modulus, x); 1748 } 1789 err = mp_submod_ct(x, t2, modulus, x); 1749 1790 /* T2 = 2T2 */ 1750 1791 if (err == MP_OKAY) 1751 err = mp_add(t2, t2, t2); 1752 if (err == MP_OKAY) { 1753 if (mp_cmp(t2, modulus) != MP_LT) 1754 err = mp_sub(t2, modulus, t2); 1755 } 1792 err = mp_addmod_ct(t2, t2, modulus, t2); 1756 1793 /* T2 = X + T2 */ 1757 1794 if (err == MP_OKAY) 1758 err = mp_add(t2, x, t2); 1759 if (err == MP_OKAY) { 1760 if (mp_cmp(t2, modulus) != MP_LT) 1761 err = mp_sub(t2, modulus, t2); 1762 } 1795 err = mp_addmod_ct(t2, x, modulus, t2); 1763 1796 1764 1797 if (err == MP_OKAY) { … … 1809 1842 /* X = X - T2 */ 1810 1843 if (err == MP_OKAY) 1811 err = mp_sub(x, t2, x); 1812 if (err == MP_OKAY) { 1813 if (mp_isneg(x)) 1814 err = mp_add(x, modulus, x); 1815 } 1844 err = mp_submod_ct(x, t2, modulus, x); 1816 1845 /* T2 = T2 - X */ 1817 1846 if (err == MP_OKAY) 1818 err = mp_sub(t2, x, t2); 1819 if (err == MP_OKAY) { 1820 if (mp_isneg(t2)) 1821 err = mp_add(t2, modulus, t2); 1822 } 1847 err = mp_submod_ct(t2, x, modulus, t2); 1823 1848 /* T2 = T2 - X */ 1824 1849 if (err == MP_OKAY) 1825 err = mp_sub(t2, x, t2); 1826 if (err == MP_OKAY) { 1827 if (mp_isneg(t2)) 1828 err = mp_add(t2, modulus, t2); 1829 } 1850 err = mp_submod_ct(t2, x, modulus, t2); 1830 1851 /* T2 = T2 * Y */ 1831 1852 if (err == MP_OKAY) … … 1836 1857 /* Y = T2 - T1 */ 1837 1858 if (err == MP_OKAY) 1838 err = mp_sub(t2, t1, y); 1839 if (err == MP_OKAY) { 1840 if (mp_isneg(y)) 1841 err = mp_add(y, modulus, y); 1842 } 1859 err = mp_submod_ct(t2, t1, modulus, y); 1843 1860 /* Y = Y/2 */ 1844 if (err == MP_OKAY) {1845 if (mp_isodd(y) == MP_YES)1846 err = mp_add(y, modulus, y);1847 }1848 1861 if (err == MP_OKAY) 1849 err = mp_div_2 (y, y);1862 err = mp_div_2_mod_ct(y, modulus, y); 1850 1863 1851 1864 #ifdef ALT_ECC_SIZE … … 1933 1946 mp_int* modulus, mp_digit mp) 1934 1947 { 1935 #if ndef WOLFSSL_SP_MATH1948 #if !defined(WOLFSSL_SP_MATH) 1936 1949 #ifdef WOLFSSL_SMALL_STACK 1937 1950 mp_int* t1 = NULL; … … 2064 2077 /* Z = 2Z */ 2065 2078 if (err == MP_OKAY) 2066 err = mp_add(z, z, z); 2067 if (err == MP_OKAY) { 2068 if (mp_cmp(z, modulus) != MP_LT) 2069 err = mp_sub(z, modulus, z); 2070 } 2079 err = mp_addmod_ct(z, z, modulus, z); 2071 2080 2072 2081 /* Determine if curve "a" should be used in calc */ … … 2076 2085 err = mp_submod(modulus, a, modulus, t2); 2077 2086 } 2078 if (err == MP_OKAY && mp_cmp_d(t2, 3) != MP_EQ) { 2087 if (err == MP_OKAY && mp_iszero(t2)) { 2088 /* T2 = X * X */ 2089 if (err == MP_OKAY) 2090 err = mp_sqr(x, t2); 2091 if (err == MP_OKAY) 2092 err = mp_montgomery_reduce(t2, modulus, mp); 2093 /* T1 = T2 + T1 */ 2094 if (err == MP_OKAY) 2095 err = mp_addmod_ct(t2, t2, modulus, t1); 2096 /* T1 = T2 + T1 */ 2097 if (err == MP_OKAY) 2098 err = mp_addmod_ct(t1, t2, modulus, t1); 2099 } 2100 else if (err == MP_OKAY && mp_cmp_d(t2, 3) != MP_EQ) { 2079 2101 /* use "a" in calc */ 2080 2102 … … 2094 2116 /* T1 = T2 + T1 */ 2095 2117 if (err == MP_OKAY) 2096 err = mp_add(t1, t2, t1); 2097 if (err == MP_OKAY) { 2098 if (mp_cmp(t1, modulus) != MP_LT) 2099 err = mp_sub(t1, modulus, t1); 2100 } 2118 err = mp_addmod_ct(t1, t2, modulus, t1); 2101 2119 /* T1 = T2 + T1 */ 2102 2120 if (err == MP_OKAY) 2103 err = mp_add(t1, t2, t1); 2104 if (err == MP_OKAY) { 2105 if (mp_cmp(t1, modulus) != MP_LT) 2106 err = mp_sub(t1, modulus, t1); 2107 } 2121 err = mp_addmod_ct(t1, t2, modulus, t1); 2108 2122 /* T1 = T2 + T1 */ 2109 2123 if (err == MP_OKAY) 2110 err = mp_add(t1, t2, t1); 2111 if (err == MP_OKAY) { 2112 if (mp_cmp(t1, modulus) != MP_LT) 2113 err = mp_sub(t1, modulus, t1); 2114 } 2124 err = mp_addmod_ct(t1, t2, modulus, t1); 2115 2125 } 2116 2126 else … … 2122 2132 /* T2 = X - T1 */ 2123 2133 if (err == MP_OKAY) 2124 err = mp_sub(x, t1, t2); 2125 if (err == MP_OKAY) { 2126 if (mp_isneg(t2)) 2127 err = mp_add(t2, modulus, t2); 2128 } 2134 err = mp_submod_ct(x, t1, modulus, t2); 2129 2135 /* T1 = X + T1 */ 2130 2136 if (err == MP_OKAY) 2131 err = mp_add(t1, x, t1); 2132 if (err == MP_OKAY) { 2133 if (mp_cmp(t1, modulus) != MP_LT) 2134 err = mp_sub(t1, modulus, t1); 2135 } 2137 err = mp_addmod_ct(t1, x, modulus, t1); 2136 2138 /* T2 = T1 * T2 */ 2137 2139 if (err == MP_OKAY) … … 2142 2144 /* T1 = 2T2 */ 2143 2145 if (err == MP_OKAY) 2144 err = mp_add(t2, t2, t1); 2145 if (err == MP_OKAY) { 2146 if (mp_cmp(t1, modulus) != MP_LT) 2147 err = mp_sub(t1, modulus, t1); 2148 } 2146 err = mp_addmod_ct(t2, t2, modulus, t1); 2149 2147 /* T1 = T1 + T2 */ 2150 2148 if (err == MP_OKAY) 2151 err = mp_add(t1, t2, t1); 2152 if (err == MP_OKAY) { 2153 if (mp_cmp(t1, modulus) != MP_LT) 2154 err = mp_sub(t1, modulus, t1); 2155 } 2149 err = mp_addmod_ct(t1, t2, modulus, t1); 2156 2150 } 2157 2151 2158 2152 /* Y = 2Y */ 2159 2153 if (err == MP_OKAY) 2160 err = mp_add(y, y, y); 2161 if (err == MP_OKAY) { 2162 if (mp_cmp(y, modulus) != MP_LT) 2163 err = mp_sub(y, modulus, y); 2164 } 2154 err = mp_addmod_ct(y, y, modulus, y); 2165 2155 /* Y = Y * Y */ 2166 2156 if (err == MP_OKAY) … … 2176 2166 2177 2167 /* T2 = T2/2 */ 2178 if (err == MP_OKAY) {2179 if (mp_isodd(t2) == MP_YES)2180 err = mp_add(t2, modulus, t2);2181 }2182 2168 if (err == MP_OKAY) 2183 err = mp_div_2 (t2, t2);2169 err = mp_div_2_mod_ct(t2, modulus, t2); 2184 2170 2185 2171 /* Y = Y * X */ … … 2197 2183 /* X = X - Y */ 2198 2184 if (err == MP_OKAY) 2199 err = mp_sub(x, y, x); 2200 if (err == MP_OKAY) { 2201 if (mp_isneg(x)) 2202 err = mp_add(x, modulus, x); 2203 } 2185 err = mp_submod_ct(x, y, modulus, x); 2204 2186 /* X = X - Y */ 2205 2187 if (err == MP_OKAY) 2206 err = mp_sub(x, y, x); 2207 if (err == MP_OKAY) { 2208 if (mp_isneg(x)) 2209 err = mp_add(x, modulus, x); 2210 } 2188 err = mp_submod_ct(x, y, modulus, x); 2211 2189 2212 2190 /* Y = Y - X */ 2213 2191 if (err == MP_OKAY) 2214 err = mp_sub(y, x, y); 2215 if (err == MP_OKAY) { 2216 if (mp_isneg(y)) 2217 err = mp_add(y, modulus, y); 2218 } 2192 err = mp_submod_ct(y, x, modulus, y); 2219 2193 /* Y = Y * T1 */ 2220 2194 if (err == MP_OKAY) … … 2225 2199 /* Y = Y - T2 */ 2226 2200 if (err == MP_OKAY) 2227 err = mp_sub(y, t2, y); 2228 if (err == MP_OKAY) { 2229 if (mp_isneg(y)) 2230 err = mp_add(y, modulus, y); 2231 } 2201 err = mp_submod_ct(y, t2, modulus, y); 2232 2202 2233 2203 #ifdef ALT_ECC_SIZE … … 2292 2262 int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) 2293 2263 { 2294 #if ndef WOLFSSL_SP_MATH2264 #if !defined(WOLFSSL_SP_MATH) 2295 2265 #ifdef WOLFSSL_SMALL_STACK 2296 2266 mp_int* t1 = NULL; … … 2409 2379 /* get 1/z */ 2410 2380 if (err == MP_OKAY) { 2411 #if defined(ECC_TIMING_RESISTANT) && defined(USE_FAST_MATH) 2381 #if defined(ECC_TIMING_RESISTANT) && (defined(USE_FAST_MATH) || \ 2382 defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) 2412 2383 if (ct) { 2413 2384 err = mp_invmod_mont_ct(z, modulus, t1, mp); … … 2508 2479 #if !defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_STM32_PKA) 2509 2480 2510 #if !defined(FP_ECC) || !defined(WOLFSSL_SP_MATH) 2481 #if !defined(WOLFSSL_SP_MATH) 2482 2483 #ifndef ECC_TIMING_RESISTANT 2484 2485 /* size of sliding window, don't change this! */ 2486 #define WINSIZE 4 2487 #define M_POINTS 8 2488 2489 static int ecc_mulmod(mp_int* k, ecc_point* tG, ecc_point* R, ecc_point** M, 2490 mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) 2491 { 2492 int err = MP_OKAY; 2493 int i; 2494 int first = 1, bitbuf = 0, bitcpy = 0, j; 2495 int bitcnt = 0, mode = 0, digidx = 0; 2496 mp_digit buf; 2497 int infinity; 2498 2499 (void)rng; 2500 2501 /* calc the M tab, which holds kG for k==8..15 */ 2502 /* M[0] == 8G */ 2503 if (err == MP_OKAY) 2504 err = ecc_projective_dbl_point_safe(tG, M[0], a, modulus, mp); 2505 if (err == MP_OKAY) 2506 err = ecc_projective_dbl_point_safe(M[0], M[0], a, modulus, mp); 2507 if (err == MP_OKAY) 2508 err = ecc_projective_dbl_point_safe(M[0], M[0], a, modulus, mp); 2509 2510 /* now find (8+k)G for k=1..7 */ 2511 if (err == MP_OKAY) 2512 for (j = 9; j < 16; j++) { 2513 err = ecc_projective_add_point_safe(M[j-9], tG, M[j-M_POINTS], a, 2514 modulus, mp, &infinity); 2515 if (err != MP_OKAY) break; 2516 } 2517 2518 /* setup sliding window */ 2519 if (err == MP_OKAY) { 2520 mode = 0; 2521 bitcnt = 1; 2522 buf = 0; 2523 digidx = get_digit_count(k) - 1; 2524 bitcpy = bitbuf = 0; 2525 first = 1; 2526 2527 /* perform ops */ 2528 for (;;) { 2529 /* grab next digit as required */ 2530 if (--bitcnt == 0) { 2531 if (digidx == -1) { 2532 break; 2533 } 2534 buf = get_digit(k, digidx); 2535 bitcnt = (int) DIGIT_BIT; 2536 --digidx; 2537 } 2538 2539 /* grab the next msb from the ltiplicand */ 2540 i = (int)(buf >> (DIGIT_BIT - 1)) & 1; 2541 buf <<= 1; 2542 2543 /* skip leading zero bits */ 2544 if (mode == 0 && i == 0) 2545 continue; 2546 2547 /* if the bit is zero and mode == 1 then we double */ 2548 if (mode == 1 && i == 0) { 2549 err = ecc_projective_dbl_point_safe(R, R, a, modulus, mp); 2550 if (err != MP_OKAY) break; 2551 continue; 2552 } 2553 2554 /* else we add it to the window */ 2555 bitbuf |= (i << (WINSIZE - ++bitcpy)); 2556 mode = 2; 2557 2558 if (bitcpy == WINSIZE) { 2559 /* if this is the first window we do a simple copy */ 2560 if (first == 1) { 2561 /* R = kG [k = first window] */ 2562 err = mp_copy(M[bitbuf-M_POINTS]->x, R->x); 2563 if (err != MP_OKAY) break; 2564 2565 err = mp_copy(M[bitbuf-M_POINTS]->y, R->y); 2566 if (err != MP_OKAY) break; 2567 2568 err = mp_copy(M[bitbuf-M_POINTS]->z, R->z); 2569 first = 0; 2570 } else { 2571 /* normal window */ 2572 /* ok window is filled so double as required and add */ 2573 /* double first */ 2574 for (j = 0; j < WINSIZE; j++) { 2575 err = ecc_projective_dbl_point_safe(R, R, a, modulus, 2576 mp); 2577 if (err != MP_OKAY) break; 2578 } 2579 if (err != MP_OKAY) break; /* out of first for(;;) */ 2580 2581 /* now add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ 2582 err = ecc_projective_add_point_safe(R, M[bitbuf-M_POINTS], R, 2583 a, modulus, mp, &infinity); 2584 } 2585 if (err != MP_OKAY) break; 2586 /* empty window and reset */ 2587 bitcpy = bitbuf = 0; 2588 mode = 1; 2589 } 2590 } 2591 } 2592 2593 /* if bits remain then double/add */ 2594 if (err == MP_OKAY) { 2595 if (mode == 2 && bitcpy > 0) { 2596 /* double then add */ 2597 for (j = 0; j < bitcpy; j++) { 2598 /* only double if we have had at least one add first */ 2599 if (first == 0) { 2600 err = ecc_projective_dbl_point_safe(R, R, a, modulus, mp); 2601 if (err != MP_OKAY) break; 2602 } 2603 2604 bitbuf <<= 1; 2605 if ((bitbuf & (1 << WINSIZE)) != 0) { 2606 if (first == 1) { 2607 /* first add, so copy */ 2608 err = mp_copy(tG->x, R->x); 2609 if (err != MP_OKAY) break; 2610 2611 err = mp_copy(tG->y, R->y); 2612 if (err != MP_OKAY) break; 2613 2614 err = mp_copy(tG->z, R->z); 2615 if (err != MP_OKAY) break; 2616 first = 0; 2617 } else { 2618 /* then add */ 2619 err = ecc_projective_add_point_safe(R, tG, R, a, modulus, 2620 mp, &infinity); 2621 if (err != MP_OKAY) break; 2622 } 2623 } 2624 } 2625 } 2626 } 2627 2628 #undef WINSIZE 2629 2630 return err; 2631 } 2632 2633 #else 2634 2635 static int wc_ecc_gen_z(WC_RNG* rng, int size, ecc_point* p, 2636 mp_int* modulus, mp_digit mp, mp_int* tx, mp_int* ty) 2637 { 2638 int err = MP_OKAY; 2639 #ifdef WOLFSSL_SMALL_STACK 2640 mp_int* mu = NULL; 2641 #else 2642 mp_int mu[1]; 2643 #endif 2644 2645 #ifdef WOLFSSL_SMALL_STACK 2646 mu = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2647 if (mu == NULL) 2648 err = MEMORY_E; 2649 #endif 2650 2651 if (err == MP_OKAY) 2652 err = mp_init(mu); 2653 if (err == MP_OKAY) 2654 err = mp_montgomery_calc_normalization(mu, modulus); 2655 if (err == MP_OKAY) 2656 err = wc_ecc_gen_k(rng, size, ty, modulus); 2657 if (err == MP_OKAY) 2658 err = mp_mulmod(ty, mu, modulus, ty); 2659 if (err == MP_OKAY) 2660 err = mp_mul(p->z, ty, p->z); 2661 if (err == MP_OKAY) 2662 err = mp_montgomery_reduce(p->z, modulus, mp); 2663 if (err == MP_OKAY) 2664 err = mp_sqr(ty, tx); 2665 if (err == MP_OKAY) 2666 err = mp_montgomery_reduce(tx, modulus, mp); 2667 if (err == MP_OKAY) 2668 err = mp_mul(ty, tx, ty); 2669 if (err == MP_OKAY) 2670 err = mp_montgomery_reduce(ty, modulus, mp); 2671 if (err == MP_OKAY) 2672 err = mp_mul(p->x, tx, p->x); 2673 if (err == MP_OKAY) 2674 err = mp_montgomery_reduce(p->x, modulus, mp); 2675 if (err == MP_OKAY) 2676 err = mp_mul(p->y, ty, p->y); 2677 if (err == MP_OKAY) 2678 err = mp_montgomery_reduce(p->y, modulus, mp); 2679 2680 #ifdef WOLFSSL_SMALL_STACK 2681 if (mu != NULL) { 2682 mp_clear(mu); 2683 XFREE(mu, NULL, DYNAMIC_TYPE_ECC); 2684 } 2685 #else 2686 mp_clear(mu); 2687 #endif 2688 2689 return err; 2690 } 2691 2692 #define M_POINTS 3 2693 2694 /* Joye double-add ladder. 2695 * "Highly Regular Right-to-Left Algorithms for Scalar Multiplication" 2696 * by Marc Joye (2007) 2697 * 2698 * Algorithm 1': 2699 * Input: P element of curve, k = (k[t-1],..., k[0]) base 2 2700 * Output: Q = kP 2701 * 1: R[0] = P; R[1] = P 2702 * 2: for j = 1 to t-1 do 2703 * 3: b = 1 - k[j]; R[b] = 2*R[b] + R[k[j]] 2704 * 4: end for 2705 * 5: b = k[0]; R[b] = R[b] - P 2706 * 6: return R[0] 2707 * 2708 * Assumes: k < order. 2709 */ 2710 static int ecc_mulmod(mp_int* k, ecc_point* P, ecc_point* Q, ecc_point** R, 2711 mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng) 2712 { 2713 int err = MP_OKAY; 2714 int bytes = (mp_count_bits(modulus) + 7) / 8; 2715 int i; 2716 int j = 1; 2717 int cnt = DIGIT_BIT; 2718 int t = 0; 2719 mp_digit b; 2720 mp_digit v = 0; 2721 #ifndef WC_NO_CACHE_RESISTANT 2722 /* First bit always 1 (fix at end) and swap equals first bit */ 2723 int swap = 1; 2724 #endif 2725 int infinity; 2726 2727 /* Step 1: R[0] = P; R[1] = P */ 2728 /* R[0] = P */ 2729 if (err == MP_OKAY) 2730 err = mp_copy(P->x, R[0]->x); 2731 if (err == MP_OKAY) 2732 err = mp_copy(P->y, R[0]->y); 2733 if (err == MP_OKAY) 2734 err = mp_copy(P->z, R[0]->z); 2735 2736 /* R[1] = P */ 2737 if (err == MP_OKAY) 2738 err = mp_copy(P->x, R[1]->x); 2739 if (err == MP_OKAY) 2740 err = mp_copy(P->y, R[1]->y); 2741 if (err == MP_OKAY) 2742 err = mp_copy(P->z, R[1]->z); 2743 2744 /* Randomize z ordinates to obfuscate timing. */ 2745 if ((err == MP_OKAY) && (rng != NULL)) 2746 err = wc_ecc_gen_z(rng, bytes, R[0], modulus, mp, R[2]->x, R[2]->y); 2747 if ((err == MP_OKAY) && (rng != NULL)) 2748 err = wc_ecc_gen_z(rng, bytes, R[1], modulus, mp, R[2]->x, R[2]->y); 2749 2750 if (err == MP_OKAY) { 2751 /* Order could be one greater than the size of the modulus. */ 2752 t = mp_count_bits(modulus) + 1; 2753 v = k->dp[0] >> 1; 2754 if (cnt > t) { 2755 cnt = t; 2756 } 2757 err = mp_grow(k, modulus->used + 1); 2758 } 2759 /* Step 2: for j = 1 to t-1 do */ 2760 for (i = 1; (err == MP_OKAY) && (i < t); i++) { 2761 if (--cnt == 0) { 2762 v = k->dp[j++]; 2763 cnt = DIGIT_BIT; 2764 } 2765 2766 /* Step 3: b = 1 - k[j]; R[b] = 2*R[b] + R[k[j]] */ 2767 b = v & 1; 2768 v >>= 1; 2769 #ifdef WC_NO_CACHE_RESISTANT 2770 err = ecc_projective_dbl_point_safe(R[b^1], R[b^1], a, modulus, mp); 2771 if (err == MP_OKAY) { 2772 err = ecc_projective_add_point_safe(R[b^1], R[b], R[b^1], a, 2773 modulus, mp, &infinity); 2774 } 2775 #else 2776 /* Swap R[0] and R[1] if other index is needed. */ 2777 swap ^= b; 2778 if (err == MP_OKAY) 2779 err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, swap); 2780 if (err == MP_OKAY) 2781 err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, swap); 2782 if (err == MP_OKAY) 2783 err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, swap); 2784 swap = (int)b; 2785 2786 if (err == MP_OKAY) 2787 err = ecc_projective_dbl_point_safe(R[0], R[0], a, modulus, mp); 2788 if (err == MP_OKAY) { 2789 err = ecc_projective_add_point_safe(R[0], R[1], R[0], a, modulus, 2790 mp, &infinity); 2791 } 2792 #endif /* WC_NO_CACHE_RESISTANT */ 2793 } 2794 /* Step 4: end for */ 2795 #ifndef WC_NO_CACHE_RESISTANT 2796 /* Swap back if last bit is 0. */ 2797 swap ^= 1; 2798 if (err == MP_OKAY) 2799 err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, swap); 2800 if (err == MP_OKAY) 2801 err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, swap); 2802 if (err == MP_OKAY) 2803 err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, swap); 2804 #endif 2805 2806 /* Step 5: b = k[0]; R[b] = R[b] - P */ 2807 /* R[2] = -P */ 2808 if (err == MP_OKAY) 2809 err = mp_copy(P->x, R[2]->x); 2810 if (err == MP_OKAY) 2811 err = mp_sub(modulus, P->y, R[2]->y); 2812 if (err == MP_OKAY) 2813 err = mp_copy(P->z, R[2]->z); 2814 /* Subtract point by adding negative. */ 2815 if (err == MP_OKAY) { 2816 b = k->dp[0] & 1; 2817 #ifdef WC_NO_CACHE_RESISTANT 2818 err = ecc_projective_add_point_safe(R[b], R[2], R[b], a, modulus, mp, 2819 &infinity); 2820 #else 2821 /* Swap R[0] and R[1], if necessary, to operate on the one we want. */ 2822 err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, (int)b); 2823 if (err == MP_OKAY) 2824 err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, (int)b); 2825 if (err == MP_OKAY) 2826 err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, (int)b); 2827 if (err == MP_OKAY) 2828 err = ecc_projective_add_point_safe(R[0], R[2], R[0], a, modulus, 2829 mp, &infinity); 2830 /* Swap back if necessary. */ 2831 if (err == MP_OKAY) 2832 err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, (int)b); 2833 if (err == MP_OKAY) 2834 err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, (int)b); 2835 if (err == MP_OKAY) 2836 err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, (int)b); 2837 #endif 2838 } 2839 2840 /* Step 6: return R[0] */ 2841 if (err == MP_OKAY) 2842 err = mp_copy(R[0]->x, Q->x); 2843 if (err == MP_OKAY) 2844 err = mp_copy(R[0]->y, Q->y); 2845 if (err == MP_OKAY) 2846 err = mp_copy(R[0]->z, Q->z); 2847 2848 return err; 2849 } 2850 2851 #endif 2852 2853 /* Convert the point to montogmery form. 2854 * 2855 * @param [in] p Point to convert. 2856 * @param [out] r Point in montgomery form. 2857 * @param [in] modulus Modulus of ordinates. 2858 * @return 0 on success. 2859 * @return -ve on failure. 2860 */ 2861 static int ecc_point_to_mont(ecc_point* p, ecc_point* r, mp_int* modulus, 2862 void* heap) 2863 { 2864 int err = MP_OKAY; 2865 #ifdef WOLFSSL_SMALL_STACK 2866 mp_int* mu = NULL; 2867 #else 2868 mp_int mu[1]; 2869 #endif 2870 2871 (void)heap; 2872 2873 #ifdef WOLFSSL_SMALL_STACK 2874 mu = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2875 if (mu == NULL) 2876 err = MEMORY_E; 2877 #endif 2878 if (err == MP_OKAY) 2879 err = mp_init(mu); 2880 if (err == MP_OKAY) { 2881 err = mp_montgomery_calc_normalization(mu, modulus); 2882 2883 if (err == MP_OKAY) { 2884 if (mp_cmp_d(mu, 1) == MP_EQ) { 2885 err = mp_copy(p->x, r->x); 2886 if (err == MP_OKAY) 2887 err = mp_copy(p->y, r->y); 2888 if (err == MP_OKAY) 2889 err = mp_copy(p->z, r->z); 2890 } 2891 else { 2892 err = mp_mulmod(p->x, mu, modulus, r->x); 2893 if (err == MP_OKAY) 2894 err = mp_mulmod(p->y, mu, modulus, r->y); 2895 if (err == MP_OKAY) 2896 err = mp_mulmod(p->z, mu, modulus, r->z); 2897 } 2898 } 2899 2900 mp_clear(mu); 2901 } 2902 #ifdef WOLFSSL_SMALL_STACK 2903 if (mu != NULL) 2904 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2905 #endif 2906 return err; 2907 } 2908 2909 #ifdef WOLFSSL_SMALL_STACK_CACHE 2910 static int ecc_key_tmp_init(ecc_key* key, void* heap) 2911 { 2912 int err = MP_OKAY; 2913 2914 XMEMSET(key, 0, sizeof(*key)); 2915 2916 key->t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2917 key->t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2918 #ifdef ALT_ECC_SIZE 2919 key->x = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2920 key->y = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2921 key->z = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2922 #endif 2923 if (key->t1 == NULL || key->t2 == NULL 2924 #ifdef ALT_ECC_SIZE 2925 || key->x == NULL || key->y == NULL || key->z == NULL 2926 #endif 2927 ) { 2928 err = MEMORY_E; 2929 } 2930 2931 return err; 2932 } 2933 2934 static void ecc_key_tmp_final(ecc_key* key, void* heap) 2935 { 2936 (void)heap; 2937 #ifdef ALT_ECC_SIZE 2938 if (key->z != NULL) 2939 XFREE(key->z, heap, DYNAMIC_TYPE_ECC); 2940 if (key->y != NULL) 2941 XFREE(key->y, heap, DYNAMIC_TYPE_ECC); 2942 if (key->x != NULL) 2943 XFREE(key->x, heap, DYNAMIC_TYPE_ECC); 2944 #endif 2945 if (key->t2 != NULL) 2946 XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); 2947 if (key->t1 != NULL) 2948 XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); 2949 } 2950 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2951 #endif /* !WOLFSSL_SP_MATH */ 2952 2953 #if !defined(WOLFSSL_SP_MATH) || !defined(FP_ECC) 2511 2954 /** 2512 2955 Perform a point multiplication … … 2521 2964 */ 2522 2965 #ifdef FP_ECC 2523 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, 2524 mp_int* a, mp_int* modulus, int map, 2525 void* heap) 2966 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, 2967 mp_int* modulus, WC_RNG* rng, int map, void* heap) 2526 2968 #else 2527 int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, 2528 mp_int* a, mp_int* modulus, int map, 2529 void* heap) 2530 #endif 2531 { 2532 #ifndef WOLFSSL_SP_MATH 2533 #ifndef ECC_TIMING_RESISTANT 2534 /* size of sliding window, don't change this! */ 2535 #define WINSIZE 4 2536 #define M_POINTS 8 2537 int first = 1, bitbuf = 0, bitcpy = 0, j; 2538 #elif defined(WC_NO_CACHE_RESISTANT) 2539 #define M_POINTS 4 2969 int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, 2970 mp_int* modulus, int map, void* heap) 2971 #endif 2972 #if !defined(WOLFSSL_SP_MATH) 2973 { 2974 ecc_point *tG, *M[M_POINTS]; 2975 int i, err; 2976 #ifdef WOLFSSL_SMALL_STACK_CACHE 2977 ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, heap, DYNAMIC_TYPE_ECC); 2978 #endif 2979 mp_digit mp; 2980 2981 /* init variables */ 2982 tG = NULL; 2983 XMEMSET(M, 0, sizeof(M)); 2984 2985 if (k == NULL || G == NULL || R == NULL || modulus == NULL) { 2986 err = ECC_BAD_ARG_E; 2987 goto exit; 2988 } 2989 2990 #ifdef WOLFSSL_SMALL_STACK_CACHE 2991 if (key == NULL) { 2992 err = MP_MEM; 2993 goto exit; 2994 } 2995 err = ecc_key_tmp_init(key, heap); 2996 if (err != MP_OKAY) 2997 goto exit; 2998 R->key = key; 2999 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 3000 3001 /* alloc ram for window temps */ 3002 for (i = 0; i < M_POINTS; i++) { 3003 M[i] = wc_ecc_new_point_h(heap); 3004 if (M[i] == NULL) { 3005 err = MEMORY_E; 3006 goto exit; 3007 } 3008 #ifdef WOLFSSL_SMALL_STACK_CACHE 3009 M[i]->key = key; 3010 #endif 3011 } 3012 3013 /* make a copy of G in case R==G */ 3014 tG = wc_ecc_new_point_h(heap); 3015 if (tG == NULL) { 3016 err = MEMORY_E; 3017 goto exit; 3018 } 3019 if ((err = ecc_point_to_mont(G, tG, modulus, heap)) != MP_OKAY) { 3020 goto exit; 3021 } 3022 3023 /* init montgomery reduction */ 3024 if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { 3025 goto exit; 3026 } 3027 3028 #ifdef FP_ECC 3029 err = ecc_mulmod(k, tG, R, M, a, modulus, mp, rng); 2540 3030 #else 2541 #define M_POINTS 5 2542 #endif 2543 3031 err = ecc_mulmod(k, tG, R, M, a, modulus, mp, NULL); 3032 #endif 3033 /* map R back from projective space */ 3034 if (err == MP_OKAY && map) 3035 err = ecc_map(R, modulus, mp); 3036 3037 exit: 3038 3039 /* done */ 3040 wc_ecc_del_point_h(tG, heap); 3041 for (i = 0; i < M_POINTS; i++) { 3042 wc_ecc_del_point_h(M[i], heap); 3043 } 3044 #ifdef WOLFSSL_SMALL_STACK_CACHE 3045 if (key) { 3046 if (R) 3047 R->key = NULL; 3048 if (err == MP_OKAY) 3049 ecc_key_tmp_final(key, heap); 3050 XFREE(key, heap, DYNAMIC_TYPE_ECC); 3051 } 3052 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 3053 3054 return err; 3055 } 3056 #else 3057 { 3058 if (k == NULL || G == NULL || R == NULL || modulus == NULL) { 3059 return ECC_BAD_ARG_E; 3060 } 3061 3062 (void)a; 3063 3064 #ifdef WOLFSSL_HAVE_SP_ECC 3065 #ifndef WOLFSSL_SP_NO_256 3066 if (mp_count_bits(modulus) == 256) { 3067 return sp_ecc_mulmod_256(k, G, R, map, heap); 3068 } 3069 #endif 3070 #ifdef WOLFSSL_SP_384 3071 if (mp_count_bits(modulus) == 384) { 3072 return sp_ecc_mulmod_384(k, G, R, map, heap); 3073 } 3074 #endif 3075 #else 3076 (void)map; 3077 (void)map; 3078 (void)heap; 3079 #endif 3080 return ECC_BAD_ARG_E; 3081 } 3082 #endif 3083 #endif /* !WOLFSSL_SP_MATH || !FP_ECC */ 3084 3085 #ifndef FP_ECC 3086 /** 3087 Perform a point multiplication 3088 k The scalar to multiply by 3089 G The base point 3090 R [out] Destination for kG 3091 a ECC curve parameter a 3092 modulus The modulus of the field the ECC curve is in 3093 map Boolean whether to map back to affine or not 3094 (1==map, 0 == leave in projective) 3095 return MP_OKAY on success 3096 */ 3097 int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, 3098 mp_int* modulus, mp_int* order, WC_RNG* rng, int map, 3099 void* heap) 3100 #if !defined(WOLFSSL_SP_MATH) 3101 { 2544 3102 ecc_point *tG, *M[M_POINTS]; 2545 3103 int i, err; … … 2547 3105 ecc_key key; 2548 3106 #endif 2549 #ifdef WOLFSSL_SMALL_STACK2550 mp_int* mu = NULL;2551 #else2552 mp_int mu[1];2553 #endif2554 3107 mp_digit mp; 2555 mp_digit buf; 2556 int bitcnt = 0, mode = 0, digidx = 0; 3108 #ifdef ECC_TIMING_RESISTANT 3109 mp_int t; 3110 #endif 2557 3111 2558 3112 if (k == NULL || G == NULL || R == NULL || modulus == NULL) { 2559 3113 return ECC_BAD_ARG_E; 2560 3114 } 2561 3115 … … 2563 3117 tG = NULL; 2564 3118 XMEMSET(M, 0, sizeof(M)); 2565 #ifdef WOLFSSL_SMALL_STACK 2566 mu = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2567 if (mu == NULL) 2568 return MEMORY_E; 2569 #endif 3119 2570 3120 #ifdef WOLFSSL_SMALL_STACK_CACHE 2571 key.t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2572 key.t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2573 #ifdef ALT_ECC_SIZE 2574 key.x = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2575 key.y = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2576 key.z = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2577 #endif 2578 if (key.t1 == NULL || key.t2 == NULL 2579 #ifdef ALT_ECC_SIZE 2580 || key.x == NULL || key.y == NULL || key.z == NULL 2581 #endif 2582 ) { 2583 #ifdef ALT_ECC_SIZE 2584 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2585 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2586 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2587 #endif 2588 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2589 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2590 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2591 return MEMORY_E; 2592 } 3121 err = ecc_key_tmp_init(&key, heap); 3122 if (err != MP_OKAY) 3123 goto exit; 3124 R->key = &key; 2593 3125 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2594 2595 /* init montgomery reduction */2596 if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {2597 #ifdef WOLFSSL_SMALL_STACK_CACHE2598 #ifdef ALT_ECC_SIZE2599 XFREE(key.z, heap, DYNAMIC_TYPE_ECC);2600 XFREE(key.y, heap, DYNAMIC_TYPE_ECC);2601 XFREE(key.x, heap, DYNAMIC_TYPE_ECC);2602 #endif2603 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC);2604 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC);2605 #endif /* WOLFSSL_SMALL_STACK_CACHE */2606 #ifdef WOLFSSL_SMALL_STACK2607 XFREE(mu, heap, DYNAMIC_TYPE_ECC);2608 #endif2609 return err;2610 }2611 2612 if ((err = mp_init(mu)) != MP_OKAY) {2613 #ifdef WOLFSSL_SMALL_STACK_CACHE2614 #ifdef ALT_ECC_SIZE2615 XFREE(key.z, heap, DYNAMIC_TYPE_ECC);2616 XFREE(key.y, heap, DYNAMIC_TYPE_ECC);2617 XFREE(key.x, heap, DYNAMIC_TYPE_ECC);2618 #endif2619 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC);2620 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC);2621 #endif /* WOLFSSL_SMALL_STACK_CACHE */2622 #ifdef WOLFSSL_SMALL_STACK2623 XFREE(mu, heap, DYNAMIC_TYPE_ECC);2624 #endif2625 return err;2626 }2627 if ((err = mp_montgomery_calc_normalization(mu, modulus)) != MP_OKAY) {2628 mp_clear(mu);2629 #ifdef WOLFSSL_SMALL_STACK_CACHE2630 #ifdef ALT_ECC_SIZE2631 XFREE(key.z, heap, DYNAMIC_TYPE_ECC);2632 XFREE(key.y, heap, DYNAMIC_TYPE_ECC);2633 XFREE(key.x, heap, DYNAMIC_TYPE_ECC);2634 #endif2635 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC);2636 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC);2637 #endif /* WOLFSSL_SMALL_STACK_CACHE */2638 #ifdef WOLFSSL_SMALL_STACK2639 XFREE(mu, heap, DYNAMIC_TYPE_ECC);2640 #endif2641 return err;2642 }2643 3126 2644 3127 /* alloc ram for window temps */ … … 2646 3129 M[i] = wc_ecc_new_point_h(heap); 2647 3130 if (M[i] == NULL) { 2648 mp_clear(mu);2649 err = MEMORY_E;goto exit;3131 err = MEMORY_E; 3132 goto exit; 2650 3133 } 2651 3134 #ifdef WOLFSSL_SMALL_STACK_CACHE … … 2656 3139 /* make a copy of G in case R==G */ 2657 3140 tG = wc_ecc_new_point_h(heap); 2658 if (tG == NULL) 3141 if (tG == NULL) { 2659 3142 err = MEMORY_E; 2660 2661 /* tG = G and convert to montgomery */ 3143 goto exit; 3144 } 3145 if ((err = ecc_point_to_mont(G, tG, modulus, heap)) != MP_OKAY) { 3146 goto exit; 3147 } 3148 3149 /* init montgomery reduction */ 3150 if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { 3151 goto exit; 3152 } 3153 3154 /* k can't have more bits than order */ 3155 if (mp_count_bits(k) > mp_count_bits(order)) { 3156 err = ECC_OUT_OF_RANGE_E; 3157 goto exit; 3158 } 3159 3160 3161 #ifdef ECC_TIMING_RESISTANT 3162 if ((err = mp_init(&t)) != MP_OKAY) 3163 goto exit; 3164 3165 if (err == MP_OKAY) 3166 err = ecc_mulmod(k, tG, R, M, a, modulus, mp, rng); 3167 3168 /* Check for k == order - 1. Result will be 0 point which is not correct 3169 * Calculates order / 2 and adds order / 2 + 1 and gets infinity. 3170 * (with constant time implementation) 3171 */ 3172 if (err == MP_OKAY) 3173 err = mp_sub_d(order, 1, &t); 2662 3174 if (err == MP_OKAY) { 2663 if (mp_cmp_d(mu, 1) == MP_EQ) { 2664 err = mp_copy(G->x, tG->x); 2665 if (err == MP_OKAY) 2666 err = mp_copy(G->y, tG->y); 2667 if (err == MP_OKAY) 2668 err = mp_copy(G->z, tG->z); 2669 } else { 2670 err = mp_mulmod(G->x, mu, modulus, tG->x); 2671 if (err == MP_OKAY) 2672 err = mp_mulmod(G->y, mu, modulus, tG->y); 2673 if (err == MP_OKAY) 2674 err = mp_mulmod(G->z, mu, modulus, tG->z); 2675 } 2676 } 2677 2678 /* done with mu */ 2679 mp_clear(mu); 2680 2681 #ifdef WOLFSSL_SMALL_STACK_CACHE 2682 R->key = &key; 2683 #endif 2684 #ifndef ECC_TIMING_RESISTANT 2685 2686 /* calc the M tab, which holds kG for k==8..15 */ 2687 /* M[0] == 8G */ 2688 if (err == MP_OKAY) 2689 err = ecc_projective_dbl_point(tG, M[0], a, modulus, mp); 2690 if (err == MP_OKAY) 2691 err = ecc_projective_dbl_point(M[0], M[0], a, modulus, mp); 2692 if (err == MP_OKAY) 2693 err = ecc_projective_dbl_point(M[0], M[0], a, modulus, mp); 2694 2695 /* now find (8+k)G for k=1..7 */ 2696 if (err == MP_OKAY) 2697 for (j = 9; j < 16; j++) { 2698 err = ecc_projective_add_point(M[j-9], tG, M[j-M_POINTS], a, modulus, 2699 mp); 2700 if (err != MP_OKAY) break; 2701 } 2702 2703 /* setup sliding window */ 2704 if (err == MP_OKAY) { 2705 mode = 0; 2706 bitcnt = 1; 2707 buf = 0; 2708 digidx = get_digit_count(k) - 1; 2709 bitcpy = bitbuf = 0; 2710 first = 1; 2711 2712 /* perform ops */ 2713 for (;;) { 2714 /* grab next digit as required */ 2715 if (--bitcnt == 0) { 2716 if (digidx == -1) { 2717 break; 2718 } 2719 buf = get_digit(k, digidx); 2720 bitcnt = (int) DIGIT_BIT; 2721 --digidx; 2722 } 2723 2724 /* grab the next msb from the ltiplicand */ 2725 i = (int)(buf >> (DIGIT_BIT - 1)) & 1; 2726 buf <<= 1; 2727 2728 /* skip leading zero bits */ 2729 if (mode == 0 && i == 0) 2730 continue; 2731 2732 /* if the bit is zero and mode == 1 then we double */ 2733 if (mode == 1 && i == 0) { 2734 err = ecc_projective_dbl_point(R, R, a, modulus, mp); 2735 if (err != MP_OKAY) break; 2736 continue; 2737 } 2738 2739 /* else we add it to the window */ 2740 bitbuf |= (i << (WINSIZE - ++bitcpy)); 2741 mode = 2; 2742 2743 if (bitcpy == WINSIZE) { 2744 /* if this is the first window we do a simple copy */ 2745 if (first == 1) { 2746 /* R = kG [k = first window] */ 2747 err = mp_copy(M[bitbuf-M_POINTS]->x, R->x); 2748 if (err != MP_OKAY) break; 2749 2750 err = mp_copy(M[bitbuf-M_POINTS]->y, R->y); 2751 if (err != MP_OKAY) break; 2752 2753 err = mp_copy(M[bitbuf-M_POINTS]->z, R->z); 2754 first = 0; 2755 } else { 2756 /* normal window */ 2757 /* ok window is filled so double as required and add */ 2758 /* double first */ 2759 for (j = 0; j < WINSIZE; j++) { 2760 err = ecc_projective_dbl_point(R, R, a, modulus, mp); 2761 if (err != MP_OKAY) break; 2762 } 2763 if (err != MP_OKAY) break; /* out of first for(;;) */ 2764 2765 /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ 2766 err = ecc_projective_add_point(R, M[bitbuf-M_POINTS], R, a, 2767 modulus, mp); 2768 } 2769 if (err != MP_OKAY) break; 2770 /* empty window and reset */ 2771 bitcpy = bitbuf = 0; 2772 mode = 1; 2773 } 2774 } 2775 } 2776 2777 /* if bits remain then double/add */ 2778 if (err == MP_OKAY) { 2779 if (mode == 2 && bitcpy > 0) { 2780 /* double then add */ 2781 for (j = 0; j < bitcpy; j++) { 2782 /* only double if we have had at least one add first */ 2783 if (first == 0) { 2784 err = ecc_projective_dbl_point(R, R, a, modulus, mp); 2785 if (err != MP_OKAY) break; 2786 } 2787 2788 bitbuf <<= 1; 2789 if ((bitbuf & (1 << WINSIZE)) != 0) { 2790 if (first == 1) { 2791 /* first add, so copy */ 2792 err = mp_copy(tG->x, R->x); 2793 if (err != MP_OKAY) break; 2794 2795 err = mp_copy(tG->y, R->y); 2796 if (err != MP_OKAY) break; 2797 2798 err = mp_copy(tG->z, R->z); 2799 if (err != MP_OKAY) break; 2800 first = 0; 2801 } else { 2802 /* then add */ 2803 err = ecc_projective_add_point(R, tG, R, a, modulus, mp); 2804 if (err != MP_OKAY) break; 2805 } 2806 } 2807 } 2808 } 2809 } 2810 2811 #undef WINSIZE 2812 2813 #else /* ECC_TIMING_RESISTANT */ 2814 2815 /* calc the M tab */ 2816 /* M[0] == G */ 2817 if (err == MP_OKAY) 2818 err = mp_copy(tG->x, M[0]->x); 2819 if (err == MP_OKAY) 2820 err = mp_copy(tG->y, M[0]->y); 2821 if (err == MP_OKAY) 2822 err = mp_copy(tG->z, M[0]->z); 2823 2824 /* M[1] == 2G */ 2825 if (err == MP_OKAY) 2826 err = ecc_projective_dbl_point(tG, M[1], a, modulus, mp); 2827 #ifdef WC_NO_CACHE_RESISTANT 2828 if (err == MP_OKAY) 2829 err = wc_ecc_copy_point(M[0], M[2]); 3175 int kIsMinusOne = (mp_cmp(k, &t) == MP_EQ); 3176 err = mp_cond_copy(tG->x, kIsMinusOne, R->x); 3177 if (err == 0) { 3178 err = mp_sub(modulus, tG->y, &t); 3179 } 3180 if (err == 0) { 3181 err = mp_cond_copy(&t, kIsMinusOne, R->y); 3182 } 3183 if (err == 0) { 3184 err = mp_cond_copy(tG->z, kIsMinusOne, R->z); 3185 } 3186 } 3187 3188 mp_free(&t); 2830 3189 #else 2831 if (err == MP_OKAY) 2832 err = wc_ecc_copy_point(M[0], M[3]); 2833 if (err == MP_OKAY) 2834 err = wc_ecc_copy_point(M[1], M[4]); 2835 #endif 2836 2837 /* setup sliding window */ 2838 mode = 0; 2839 bitcnt = 1; 2840 buf = 0; 2841 digidx = get_digit_count(modulus) - 1; 2842 /* The order MAY be 1 bit longer than the modulus. */ 2843 digidx += (modulus->dp[digidx] >> (DIGIT_BIT-1)); 2844 2845 /* perform ops */ 2846 if (err == MP_OKAY) { 2847 for (;;) { 2848 /* grab next digit as required */ 2849 if (--bitcnt == 0) { 2850 if (digidx == -1) { 2851 break; 2852 } 2853 buf = get_digit(k, digidx); 2854 bitcnt = (int)DIGIT_BIT; 2855 --digidx; 2856 } 2857 2858 /* grab the next msb from the multiplicand */ 2859 i = (buf >> (DIGIT_BIT - 1)) & 1; 2860 buf <<= 1; 2861 2862 #ifdef WC_NO_CACHE_RESISTANT 2863 if (mode == 0) { 2864 /* timing resistant - dummy operations */ 2865 if (err == MP_OKAY) 2866 err = ecc_projective_add_point(M[1], M[2], M[2], a, modulus, 2867 mp); 2868 if (err == MP_OKAY) 2869 err = ecc_projective_dbl_point(M[2], M[3], a, modulus, mp); 2870 } 2871 else { 2872 if (err == MP_OKAY) 2873 err = ecc_projective_add_point(M[0], M[1], M[i^1], a, 2874 modulus, mp); 2875 if (err == MP_OKAY) 2876 err = ecc_projective_dbl_point(M[i], M[i], a, modulus, mp); 2877 } 2878 #else 2879 if (err == MP_OKAY) 2880 err = ecc_projective_add_point(M[0], M[1], M[2], a, modulus, mp); 2881 if (err == MP_OKAY) 2882 err = mp_cond_copy(M[2]->x, i, M[0]->x); 2883 if (err == MP_OKAY) 2884 err = mp_cond_copy(M[2]->y, i, M[0]->y); 2885 if (err == MP_OKAY) 2886 err = mp_cond_copy(M[2]->z, i, M[0]->z); 2887 if (err == MP_OKAY) 2888 err = mp_cond_copy(M[2]->x, i ^ 1, M[1]->x); 2889 if (err == MP_OKAY) 2890 err = mp_cond_copy(M[2]->y, i ^ 1, M[1]->y); 2891 if (err == MP_OKAY) 2892 err = mp_cond_copy(M[2]->z, i ^ 1, M[1]->z); 2893 2894 if (err == MP_OKAY) 2895 err = mp_cond_copy(M[0]->x, i ^ 1, M[2]->x); 2896 if (err == MP_OKAY) 2897 err = mp_cond_copy(M[0]->y, i ^ 1, M[2]->y); 2898 if (err == MP_OKAY) 2899 err = mp_cond_copy(M[0]->z, i ^ 1, M[2]->z); 2900 if (err == MP_OKAY) 2901 err = mp_cond_copy(M[1]->x, i, M[2]->x); 2902 if (err == MP_OKAY) 2903 err = mp_cond_copy(M[1]->y, i, M[2]->y); 2904 if (err == MP_OKAY) 2905 err = mp_cond_copy(M[1]->z, i, M[2]->z); 2906 2907 if (err == MP_OKAY) 2908 err = ecc_projective_dbl_point(M[2], M[2], a, modulus, mp); 2909 if (err == MP_OKAY) 2910 err = mp_cond_copy(M[2]->x, i ^ 1, M[0]->x); 2911 if (err == MP_OKAY) 2912 err = mp_cond_copy(M[2]->y, i ^ 1, M[0]->y); 2913 if (err == MP_OKAY) 2914 err = mp_cond_copy(M[2]->z, i ^ 1, M[0]->z); 2915 if (err == MP_OKAY) 2916 err = mp_cond_copy(M[2]->x, i, M[1]->x); 2917 if (err == MP_OKAY) 2918 err = mp_cond_copy(M[2]->y, i, M[1]->y); 2919 if (err == MP_OKAY) 2920 err = mp_cond_copy(M[2]->z, i, M[1]->z); 2921 2922 if (err == MP_OKAY) 2923 err = mp_cond_copy(M[3]->x, (mode ^ 1) & i, M[0]->x); 2924 if (err == MP_OKAY) 2925 err = mp_cond_copy(M[3]->y, (mode ^ 1) & i, M[0]->y); 2926 if (err == MP_OKAY) 2927 err = mp_cond_copy(M[3]->z, (mode ^ 1) & i, M[0]->z); 2928 if (err == MP_OKAY) 2929 err = mp_cond_copy(M[4]->x, (mode ^ 1) & i, M[1]->x); 2930 if (err == MP_OKAY) 2931 err = mp_cond_copy(M[4]->y, (mode ^ 1) & i, M[1]->y); 2932 if (err == MP_OKAY) 2933 err = mp_cond_copy(M[4]->z, (mode ^ 1) & i, M[1]->z); 2934 #endif /* WC_NO_CACHE_RESISTANT */ 2935 2936 if (err != MP_OKAY) 2937 break; 2938 2939 mode |= i; 2940 } /* end for */ 2941 } 2942 2943 /* copy result out */ 2944 if (err == MP_OKAY) 2945 err = mp_copy(M[0]->x, R->x); 2946 if (err == MP_OKAY) 2947 err = mp_copy(M[0]->y, R->y); 2948 if (err == MP_OKAY) 2949 err = mp_copy(M[0]->z, R->z); 2950 2951 #endif /* ECC_TIMING_RESISTANT */ 2952 3190 err = ecc_mulmod(k, tG, R, M, a, modulus, mp, rng); 3191 3192 (void)order; 3193 #endif 2953 3194 /* map R back from projective space */ 2954 3195 if (err == MP_OKAY && map) 2955 3196 err = ecc_map(R, modulus, mp); 2956 3197 2957 3198 exit: … … 2960 3201 wc_ecc_del_point_h(tG, heap); 2961 3202 for (i = 0; i < M_POINTS; i++) { 2962 3203 wc_ecc_del_point_h(M[i], heap); 2963 3204 } 2964 3205 #ifdef WOLFSSL_SMALL_STACK_CACHE 2965 3206 R->key = NULL; 2966 #ifdef ALT_ECC_SIZE 2967 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2968 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2969 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2970 #endif 2971 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2972 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 3207 ecc_key_tmp_final(&key, heap); 2973 3208 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2974 #ifdef WOLFSSL_SMALL_STACK2975 XFREE(mu, heap, DYNAMIC_TYPE_ECC);2976 #endif2977 3209 2978 3210 return err; 3211 } 2979 3212 #else 3213 { 2980 3214 if (k == NULL || G == NULL || R == NULL || modulus == NULL) { 2981 3215 return ECC_BAD_ARG_E; … … 2983 3217 2984 3218 (void)a; 2985 3219 (void)order; 3220 (void)rng; 3221 3222 #ifdef WOLFSSL_HAVE_SP_ECC 2986 3223 #ifndef WOLFSSL_SP_NO_256 2987 3224 if (mp_count_bits(modulus) == 256) { … … 2994 3231 } 2995 3232 #endif 3233 #else 3234 (void)map; 3235 (void)heap; 3236 #endif 2996 3237 return ECC_BAD_ARG_E; 2997 #endif 2998 } 2999 3000 #endif /* !FP_ECC || !WOLFSSL_SP_MATH */ 3238 } 3239 #endif /* !WOLFSSL_SP_MATH */ 3240 #endif /* !FP_ECC */ 3001 3241 3002 3242 #endif /* !FREESCALE_LTC_ECC && !WOLFSSL_STM32_PKA */ … … 3535 3775 { 3536 3776 int err; 3537 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) 3777 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ 3778 !defined(WOLFSSL_ATECC608A) 3538 3779 CRYS_ECDH_TempData_t tempBuff; 3539 3780 #endif … … 3569 3810 } 3570 3811 3571 #if def WOLFSSL_ATECC508A3812 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 3572 3813 /* For SECP256R1 use hardware */ 3573 3814 if (private_key->dp->id == ECC_SECP256R1) { … … 3591 3832 return err; 3592 3833 } 3593 3834 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 3835 err = silabs_ecc_shared_secret(private_key, public_key, out, outlen); 3594 3836 #else 3595 3837 err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen); … … 3600 3842 3601 3843 3602 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 3844 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 3845 !defined(WOLFSSL_CRYPTOCELL) 3603 3846 3604 3847 static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, 3605 3848 byte* out, word32* outlen, ecc_curve_spec* curve) 3606 3849 { 3607 int err ;3608 #if ndef WOLFSSL_SP_MATH3850 int err = MP_OKAY; 3851 #if !defined(WOLFSSL_SP_MATH) 3609 3852 ecc_point* result = NULL; 3610 3853 word32 x = 0; … … 3614 3857 mp_int k_lcl; 3615 3858 3859 WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync"); 3616 3860 /* if cofactor flag has been set */ 3617 3861 if (private_key->flags & WC_ECC_FLAG_COFACTOR) { … … 3630 3874 } 3631 3875 } 3876 #else 3877 WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync"); 3632 3878 #endif 3633 3879 … … 3647 3893 else 3648 3894 #endif 3649 #endif 3650 #ifdef WOLFSSL_SP_MATH 3895 #else 3896 (void)point; 3897 (void)out; 3898 (void)outlen; 3899 (void)k; 3900 #endif 3901 #if defined(WOLFSSL_SP_MATH) 3651 3902 { 3652 3903 err = WC_KEY_SIZE_E; … … 3668 3919 } 3669 3920 3670 /* Map in a separate call as this should be constant time */ 3671 err = wc_ecc_mulmod_ex(k, point, result, curve->Af, curve->prime, 0, 3672 private_key->heap); 3921 #ifdef ECC_TIMING_RESISTANT 3922 if (private_key->rng == NULL) { 3923 err = MISSING_RNG_E; 3924 } 3925 #endif 3926 3927 if (err == MP_OKAY) { 3928 /* Map in a separate call as this should be constant time */ 3929 #ifdef ECC_TIMING_RESISTANT 3930 err = wc_ecc_mulmod_ex2(k, point, result, curve->Af, curve->prime, 3931 curve->order, private_key->rng, 0, 3932 private_key->heap); 3933 #else 3934 err = wc_ecc_mulmod_ex2(k, point, result, curve->Af, curve->prime, 3935 curve->order, NULL, 0, private_key->heap); 3936 #endif 3937 } 3673 3938 if (err == MP_OKAY) { 3674 3939 err = mp_montgomery_setup(curve->prime, &mp); … … 3700 3965 #endif 3701 3966 3967 WOLFSSL_LEAVE("wc_ecc_shared_secret_gen_sync", err); 3968 3702 3969 return err; 3703 3970 } … … 3711 3978 3712 3979 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) 3713 #ifdef HAVE_CAVIUM_V 3714 /* verify the curve is supported by hardware */ 3715 if (NitroxEccIsCurveSupported(private_key)) 3716 #endif 3717 { 3980 if (private_key->dp 3981 #ifdef WOLFSSL_CUSTOM_CURVES 3982 && private_key->dp->id != ECC_CURVE_CUSTOM 3983 #endif 3984 #ifdef HAVE_CAVIUM_V 3985 /* verify the curve is supported by hardware */ 3986 && NitroxEccIsCurveSupported(private_key) 3987 #endif 3988 ) { 3718 3989 word32 keySz = private_key->dp->size; 3719 3990 … … 3770 4041 { 3771 4042 int err; 3772 DECLARE_CURVE_SPECS(curve, 2);4043 DECLARE_CURVE_SPECS(curve, 3); 3773 4044 3774 4045 if (private_key == NULL || point == NULL || out == NULL || … … 3778 4049 3779 4050 /* load curve info */ 3780 ALLOC_CURVE_SPECS( 2);4051 ALLOC_CURVE_SPECS(3); 3781 4052 err = wc_ecc_curve_load(private_key->dp, &curve, 3782 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF ));4053 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF | ECC_CURVE_FIELD_ORDER)); 3783 4054 if (err != MP_OKAY) { 3784 4055 FREE_CURVE_SPECS(); … … 3826 4097 if (private_key->type != ECC_PRIVATEKEY && 3827 4098 private_key->type != ECC_PRIVATEKEY_ONLY) { 4099 WOLFSSL_MSG("ECC_BAD_ARG_E"); 3828 4100 return ECC_BAD_ARG_E; 3829 4101 } 3830 4102 3831 4103 /* Verify domain params supplied */ 3832 if (wc_ecc_is_valid_idx(private_key->idx) == 0) 4104 if (wc_ecc_is_valid_idx(private_key->idx) == 0) { 4105 WOLFSSL_MSG("wc_ecc_is_valid_idx failed"); 3833 4106 return ECC_BAD_ARG_E; 4107 } 3834 4108 3835 4109 switch(private_key->state) { … … 3865 4139 } /* switch */ 3866 4140 4141 WOLFSSL_LEAVE("wc_ecc_shared_secret_ex", err); 4142 3867 4143 /* if async pending then return and skip done cleanup below */ 3868 4144 if (err == WC_PENDING_E) { … … 3882 4158 #endif /* HAVE_ECC_DHE */ 3883 4159 3884 3885 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 4160 #ifdef USE_ECC_B_PARAM 4161 /* Checks if a point p lies on the curve with index curve_idx */ 4162 int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx) 4163 { 4164 int err; 4165 DECLARE_CURVE_SPECS(curve, 3); 4166 4167 if (p == NULL) 4168 return BAD_FUNC_ARG; 4169 4170 /* is the IDX valid ? */ 4171 if (wc_ecc_is_valid_idx(curve_idx) != 1) { 4172 return ECC_BAD_ARG_E; 4173 } 4174 4175 ALLOC_CURVE_SPECS(3); 4176 err = wc_ecc_curve_load(wc_ecc_get_curve_params(curve_idx), &curve, 4177 ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF | 4178 ECC_CURVE_FIELD_BF); 4179 if (err == MP_OKAY) { 4180 err = wc_ecc_is_point(p, curve->Af, curve->Bf, curve->prime); 4181 } 4182 4183 wc_ecc_curve_free(curve); 4184 FREE_CURVE_SPECS(); 4185 4186 return err; 4187 } 4188 #endif /* USE_ECC_B_PARAM */ 4189 4190 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 4191 !defined(WOLFSSL_CRYPTOCELL) 3886 4192 /* return 1 if point is at infinity, 0 if not, < 0 on error */ 3887 4193 int wc_ecc_point_is_at_infinity(ecc_point* p) … … 3895 4201 return 0; 3896 4202 } 4203 #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL */ 3897 4204 3898 4205 /* generate random and ensure its greater than 0 and less than order */ … … 3938 4245 #endif /* !WC_NO_RNG */ 3939 4246 } 3940 #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL */3941 4247 3942 4248 static WC_INLINE void wc_ecc_reset(ecc_key* key) … … 3945 4251 key->state = ECC_STATE_NONE; 3946 4252 } 3947 3948 4253 3949 4254 /* create the public ECC key from a private key … … 3960 4265 * returns MP_OKAY on success 3961 4266 */ 3962 static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,3963 ecc_point* pubOut )4267 static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, 4268 ecc_point* pubOut, WC_RNG* rng) 3964 4269 { 3965 4270 int err = MP_OKAY; 3966 #ifndef WOLFSSL_ATECC508A 3967 #ifndef WOLFSSL_SP_MATH 4271 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) \ 4272 && !defined(WOLFSSL_SILABS_SE_ACCEL) 4273 #if !defined(WOLFSSL_SP_MATH) 3968 4274 ecc_point* base = NULL; 3969 4275 #endif … … 3972 4278 #endif /* !WOLFSSL_ATECC508A */ 3973 4279 4280 (void)rng; 4281 3974 4282 if (key == NULL) { 3975 4283 return BAD_FUNC_ARG; 3976 4284 } 3977 4285 3978 #ifndef WOLFSSL_ATECC508A 4286 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) \ 4287 && !defined(WOLFSSL_SILABS_SE_ACCEL) 3979 4288 3980 4289 /* if ecc_point passed in then use it as output for public key point */ … … 3999 4308 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); 4000 4309 } 4310 } 4311 4312 if ((err == MP_OKAY) && (mp_iszero(&key->k) || mp_isneg(&key->k) || 4313 (mp_cmp(&key->k, curve->order) != MP_LT))) 4314 { 4315 err = ECC_PRIV_KEY_E; 4001 4316 } 4002 4317 … … 4014 4329 } 4015 4330 4016 4017 4331 if (err != MP_OKAY) { 4018 4332 } … … 4032 4346 #endif 4033 4347 #endif 4034 #if def WOLFSSL_SP_MATH4348 #if defined(WOLFSSL_SP_MATH) 4035 4349 err = WC_KEY_SIZE_E; 4036 4350 #else 4037 4351 { 4038 mp_digit mp ;4352 mp_digit mp = 0; 4039 4353 4040 4354 base = wc_ecc_new_point_h(key->heap); … … 4047 4361 err = mp_copy(curve->Gy, base->y); 4048 4362 if (err == MP_OKAY) 4363 err = mp_montgomery_setup(curve->prime, &mp); 4364 if (err == MP_OKAY) 4049 4365 err = mp_set(base->z, 1); 4050 4366 … … 4052 4368 if (err == MP_OKAY) { 4053 4369 /* Map in a separate call as this should be constant time */ 4054 err = wc_ecc_mulmod_ex (&key->k, base, pub, curve->Af, curve->prime,4055 4370 err = wc_ecc_mulmod_ex2(&key->k, base, pub, curve->Af, curve->prime, 4371 curve->order, rng, 0, key->heap); 4056 4372 if (err == MP_MEM) { 4057 4373 err = MEMORY_E; 4058 4374 } 4059 }4060 if (err == MP_OKAY) {4061 err = mp_montgomery_setup(curve->prime, &mp);4062 4375 } 4063 4376 if (err == MP_OKAY) { … … 4095 4408 (void)curveIn; 4096 4409 err = NOT_COMPILED_IN; 4097 #endif /* WOLFSSL_ATECC508A */4410 #endif /* WOLFSSL_ATECC508A || WOLFSSL_SILABS_SE_ACCEL */ 4098 4411 4099 4412 /* change key state if public part is cached */ … … 4119 4432 WOLFSSL_ENTER("wc_ecc_make_pub"); 4120 4433 4121 return wc_ecc_make_pub_ex(key, NULL, pubOut); 4122 } 4123 4124 4125 WOLFSSL_ABI 4126 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) 4127 { 4434 return ecc_make_pub_ex(key, NULL, pubOut, NULL); 4435 } 4436 4437 /* create the public ECC key from a private key - mask timing use random z 4438 * 4439 * key an initialized private key to generate public part from 4440 * pubOut [out]ecc_point holding the public key, if NULL then public key part 4441 * is cached in key instead. 4442 * 4443 * 4444 * returns MP_OKAY on success 4445 */ 4446 int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng) 4447 { 4448 WOLFSSL_ENTER("wc_ecc_make_pub"); 4449 4450 return ecc_make_pub_ex(key, NULL, pubOut, rng); 4451 } 4452 4453 4454 int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id, 4455 int flags) 4456 { 4457 4128 4458 int err; 4129 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 4130 #ifndef WOLFSSL_SP_MATH 4459 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 4460 !defined(WOLFSSL_CRYPTOCELL) 4461 #if !defined(WOLFSSL_SP_MATH) 4131 4462 DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); 4132 4463 #endif 4133 4464 #endif /* !WOLFSSL_ATECC508A */ 4134 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) 4465 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ 4466 !defined(WOLFSSL_ATECC608A) 4135 4467 const CRYS_ECPKI_Domain_t* pDomain; 4136 4468 CRYS_ECPKI_KG_TempData_t tempBuff; … … 4150 4482 return err; 4151 4483 } 4484 4485 key->flags = flags; 4152 4486 4153 4487 #ifdef WOLF_CRYPTO_CB … … 4179 4513 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ 4180 4514 4181 #if def WOLFSSL_ATECC508A4515 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 4182 4516 if (key->dp->id == ECC_SECP256R1) { 4183 4517 key->type = ECC_PRIVATEKEY; … … 4251 4585 } 4252 4586 4587 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 4588 return silabs_ecc_make_key(key, keysize); 4253 4589 #else 4254 4590 … … 4275 4611 4276 4612 { /* software key gen */ 4277 #if def WOLFSSL_SP_MATH4613 #if defined(WOLFSSL_SP_MATH) 4278 4614 err = WC_KEY_SIZE_E; 4279 4615 #else … … 4294 4630 /* generate public key from k */ 4295 4631 if (err == MP_OKAY) 4296 err = wc_ecc_make_pub_ex(key, curve, NULL);4632 err = ecc_make_pub_ex(key, curve, NULL, rng); 4297 4633 4298 4634 if (err == MP_OKAY) … … 4327 4663 } 4328 4664 4665 WOLFSSL_ABI 4666 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) 4667 { 4668 return wc_ecc_make_key_ex2(rng, keysize, key, curve_id, WC_ECC_FLAG_NONE); 4669 } 4670 4329 4671 #ifdef ECC_DUMP_OID 4330 4672 /* Optional dump of encoded OID for adding new curves */ … … 4452 4794 #endif 4453 4795 4454 #if def WOLFSSL_ATECC508A4796 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 4455 4797 key->slot = ATECC_INVALID_SLOT; 4456 4798 #else … … 4498 4840 } 4499 4841 4500 #ifdef HAVE_PKCS114842 #ifdef WOLF_CRYPTO_CB 4501 4843 int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, 4502 4844 int devId) … … 4511 4853 if (ret == 0) 4512 4854 ret = wc_ecc_init_ex(key, heap, devId); 4513 4514 4855 if (ret == 0 && id != NULL && len != 0) { 4515 4856 XMEMCPY(key->id, id, len); 4516 4857 key->idLen = len; 4858 } 4859 4860 return ret; 4861 } 4862 4863 int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId) 4864 { 4865 int ret = 0; 4866 int labelLen = 0; 4867 4868 if (key == NULL || label == NULL) 4869 ret = BAD_FUNC_ARG; 4870 if (ret == 0) { 4871 labelLen = (int)XSTRLEN(label); 4872 if (labelLen == 0 || labelLen > ECC_MAX_LABEL_LEN) 4873 ret = BUFFER_E; 4874 } 4875 4876 if (ret == 0) 4877 ret = wc_ecc_init_ex(key, heap, devId); 4878 if (ret == 0) { 4879 XMEMCPY(key->label, label, labelLen); 4880 key->labelLen = labelLen; 4517 4881 } 4518 4882 … … 4554 4918 #ifndef NO_ASN 4555 4919 4556 #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || \ 4557 defined(WOLFSSL_CRYPTOCELL) 4920 4921 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ 4922 defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \ 4923 defined(WOLFSSL_SILABS_SE_ACCEL) 4558 4924 static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, 4559 4925 mp_int* r, mp_int* s, byte* out, word32 *outlen, WC_RNG* rng, … … 4565 4931 #endif 4566 4932 { 4567 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) 4933 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ 4934 !defined(WOLFSSL_ATECC608A) 4568 4935 CRYS_ECDSA_SignUserContext_t sigCtxTemp; 4569 4936 word32 raw_sig_size = *outlen; … … 4572 4939 #endif 4573 4940 word32 keysize = (word32)key->dp->size; 4941 #ifdef PLUTON_CRYPTO_ECC 4574 4942 word32 orderBits = wc_ecc_get_curve_order_bit_count(key->dp); 4943 #endif 4575 4944 4576 4945 /* Check args */ … … 4579 4948 } 4580 4949 4581 #if defined(WOLFSSL_ATECC508A) 4582 key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE); 4583 if (key->slot == ATECC_INVALID_SLOT) { 4584 return ECC_BAD_ARG_E; 4585 } 4586 4950 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 4587 4951 /* Sign: Result is 32-bytes of R then 32-bytes of S */ 4588 4952 err = atmel_ecc_sign(key->slot, in, out); … … 4604 4968 } 4605 4969 } 4970 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 4971 err = silabs_ecc_sign_hash(in, inlen, out, outlen, key); 4972 if (err != 0) { 4973 return WC_HW_E; 4974 } 4606 4975 #elif defined(WOLFSSL_CRYPTOCELL) 4607 4976 /* truncate if hash is longer than key size */ 4977 if (msgLenInBytes > keysize) { 4978 msgLenInBytes = keysize; 4979 } 4608 4980 hash_mode = cc310_hashModeECC(msgLenInBytes); 4609 4981 if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) { 4610 4982 hash_mode = cc310_hashModeECC(keysize); 4611 4983 hash_mode = CRYS_ECPKI_HASH_SHA256_mode; 4612 } 4613 4614 /* truncate if hash is longer than key size */ 4615 if (msgLenInBytes > keysize) { 4616 msgLenInBytes = keysize; 4984 4617 4985 } 4618 4986 … … 4800 5168 4801 5169 /* hardware crypto */ 4802 #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) 5170 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ 5171 defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \ 5172 defined(WOLFSSL_SILABS_SE_ACCEL) 4803 5173 err = wc_ecc_sign_hash_hw(in, inlen, r, s, out, outlen, rng, key); 4804 5174 #else … … 4806 5176 #endif 4807 5177 if (err < 0) { 5178 mp_clear(r); 5179 mp_clear(s); 4808 5180 #ifdef WOLFSSL_SMALL_STACK 4809 5181 XFREE(s, key->heap, DYNAMIC_TYPE_ECC); … … 4836 5208 return stm32_ecc_sign_hash_ex(in, inlen, rng, key, r, s); 4837 5209 } 4838 #elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 5210 #elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 5211 !defined(WOLFSSL_CRYPTOCELL) 4839 5212 /** 4840 5213 Sign a message digest … … 4850 5223 { 4851 5224 int err = 0; 4852 #if ndef WOLFSSL_SP_MATH5225 #if !defined(WOLFSSL_SP_MATH) 4853 5226 mp_int* e; 4854 5227 #if (!defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)) && \ … … 4857 5230 #endif 4858 5231 4859 #if defined(WOLFSSL_ECDSA_SET_K) || \5232 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ 4860 5233 (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ 4861 5234 (defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA))) … … 4880 5253 } 4881 5254 4882 #ifdef WOLFSSL_SP_MATH 4883 #ifndef WOLFSSL_SP_NO_256 4884 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 4885 #ifndef WOLFSSL_ECDSA_SET_K 4886 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, NULL, key->heap); 5255 #if defined(WOLFSSL_SP_MATH) 5256 if (key->idx == ECC_CUSTOM_IDX || 5257 (ecc_sets[key->idx].id != ECC_SECP256R1 && 5258 ecc_sets[key->idx].id != ECC_SECP384R1)) { 5259 return WC_KEY_SIZE_E; 5260 } 5261 #endif 5262 5263 #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ 5264 defined(WOLFSSL_HAVE_SP_ECC) 5265 if (key->idx != ECC_CUSTOM_IDX 5266 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 5267 && key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC 5268 #endif 5269 ) { 5270 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) 5271 mp_int* sign_k = key->sign_k; 4887 5272 #else 4888 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->sign_k, 4889 key->heap); 5273 mp_int* sign_k = NULL; 4890 5274 #endif 4891 } 4892 #endif 4893 #ifdef WOLFSSL_SP_384 4894 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { 4895 #ifndef WOLFSSL_ECDSA_SET_K 4896 return sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, NULL, key->heap); 4897 #else 4898 return sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, key->sign_k, 4899 key->heap); 5275 #if defined(WC_ECC_NONBLOCK) && defined(WC_ECC_NONBLOCK_ONLY) 5276 /* perform blocking call to non-blocking function */ 5277 ecc_nb_ctx_t nb_ctx; 5278 XMEMSET(&nb_ctx, 0, sizeof(nb_ctx)); 4900 5279 #endif 4901 } 4902 #endif 4903 return WC_KEY_SIZE_E; 5280 #ifndef WOLFSSL_SP_NO_256 5281 if (ecc_sets[key->idx].id == ECC_SECP256R1) { 5282 #ifdef WC_ECC_NONBLOCK 5283 if (key->nb_ctx) { 5284 return sp_ecc_sign_256_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, 5285 &key->k, r, s, sign_k, key->heap); 5286 } 5287 #ifdef WC_ECC_NONBLOCK_ONLY 5288 do { /* perform blocking call to non-blocking function */ 5289 err = sp_ecc_sign_256_nb(&nb_ctx.sp_ctx, in, inlen, rng, 5290 &key->k, r, s, sign_k, key->heap); 5291 } while (err == FP_WOULDBLOCK); 5292 return err; 5293 #endif 5294 #endif /* WC_ECC_NONBLOCK */ 5295 #if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY)) 5296 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, sign_k, 5297 key->heap); 5298 #endif 5299 } 5300 #endif 5301 #ifdef WOLFSSL_SP_384 5302 if (ecc_sets[key->idx].id == ECC_SECP384R1) { 5303 #ifdef WC_ECC_NONBLOCK 5304 if (key->nb_ctx) { 5305 return sp_ecc_sign_384_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, 5306 &key->k, r, s, sign_k, key->heap); 5307 } 5308 #ifdef WC_ECC_NONBLOCK_ONLY 5309 do { /* perform blocking call to non-blocking function */ 5310 err = sp_ecc_sign_384_nb(&nb_ctx.sp_ctx, in, inlen, rng, 5311 &key->k, r, s, sign_k, key->heap); 5312 } while (err == FP_WOULDBLOCK); 5313 return err; 5314 #endif 5315 #endif /* WC_ECC_NONBLOCK */ 5316 #if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY)) 5317 return sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, sign_k, 5318 key->heap); 5319 #endif 5320 } 5321 #endif 5322 } 4904 5323 #else 4905 #ifdef WOLFSSL_HAVE_SP_ECC 4906 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 4907 if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC) 4908 #endif 4909 { 4910 #ifndef WOLFSSL_SP_NO_256 4911 if (key->idx != ECC_CUSTOM_IDX && 4912 ecc_sets[key->idx].id == ECC_SECP256R1) { 4913 #ifndef WOLFSSL_ECDSA_SET_K 4914 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, NULL, 4915 key->heap); 4916 #else 4917 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->sign_k, 4918 key->heap); 4919 #endif 4920 } 4921 #endif 4922 #ifdef WOLFSSL_SP_384 4923 if (key->idx != ECC_CUSTOM_IDX && 4924 ecc_sets[key->idx].id == ECC_SECP384R1) { 4925 #ifndef WOLFSSL_ECDSA_SET_K 4926 return sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, NULL, 4927 key->heap); 4928 #else 4929 return sp_ecc_sign_384(in, inlen, rng, &key->k, r, s, key->sign_k, 4930 key->heap); 4931 #endif 4932 } 4933 #endif 4934 } 4935 #endif /* WOLFSSL_HAVE_SP_ECC */ 4936 5324 (void)inlen; 5325 #endif 4937 5326 4938 5327 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ … … 4952 5341 #endif 4953 5342 5343 5344 #if !defined(WOLFSSL_SP_MATH) 5345 4954 5346 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V) 4955 5347 err = wc_ecc_alloc_mpint(key, &key->e); … … 4977 5369 4978 5370 /* load curve info */ 4979 #if defined(WOLFSSL_ECDSA_SET_K) 5371 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) 4980 5372 ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); 4981 5373 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); … … 5147 5539 break; 5148 5540 } 5149 #if def WOLFSSL_ECDSA_SET_K5541 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) 5150 5542 if (key->sign_k != NULL) { 5151 5543 if (loop_check > 1) { … … 5154 5546 } 5155 5547 5548 /* use provided sign_k */ 5156 5549 err = mp_copy(key->sign_k, &pubkey->k); 5157 5550 if (err != MP_OKAY) break; 5158 5551 5552 /* free sign_k, so only used once */ 5159 5553 mp_forcezero(key->sign_k); 5160 5554 mp_free(key->sign_k); 5161 5555 XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); 5162 5556 key->sign_k = NULL; 5163 err = wc_ecc_make_pub_ex(pubkey, curve, NULL); 5557 #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP 5558 loop_check = 64; 5559 #endif 5560 5561 /* compute public key based on provided "k" */ 5562 err = ecc_make_pub_ex(pubkey, curve, NULL, rng); 5164 5563 } 5165 5564 else … … 5175 5574 if (err != MP_OKAY) break; 5176 5575 5177 if (mp_iszero(r) == MP_YES) { 5178 #ifndef ALT_ECC_SIZE 5179 mp_clear(pubkey->pubkey.x); 5180 mp_clear(pubkey->pubkey.y); 5181 mp_clear(pubkey->pubkey.z); 5182 #endif 5183 mp_forcezero(&pubkey->k); 5184 } 5185 else { 5576 if (mp_iszero(r) == MP_NO) { 5577 mp_int* ep = &pubkey->k; 5578 mp_int* kp = &pubkey->k; 5579 mp_int* x = &key->k; 5580 5186 5581 /* find s = (e + xr)/k 5187 5582 = b.(e/k.b + x.r/k.b) */ 5188 5583 5189 /* k = k.b */5190 err = mp_mulmod(&pubkey->k, b, curve->order, &pubkey->k);5584 /* k' = k.b */ 5585 err = mp_mulmod(&pubkey->k, b, curve->order, kp); 5191 5586 if (err != MP_OKAY) break; 5192 5587 5193 /* k = 1/k.b */ 5194 err = mp_invmod(&pubkey->k, curve->order, &pubkey->k); 5588 /* k' = 1/k.b 5589 = 1/k' */ 5590 err = mp_invmod(kp, curve->order, kp); 5195 5591 if (err != MP_OKAY) break; 5196 5592 5197 5593 /* s = x.r */ 5198 err = mp_mulmod( &key->k, r, curve->order, s);5594 err = mp_mulmod(x, r, curve->order, s); 5199 5595 if (err != MP_OKAY) break; 5200 5596 5201 /* s = x.r/k.b */ 5202 err = mp_mulmod(&pubkey->k, s, curve->order, s); 5597 /* s = x.r/k.b 5598 = k'.s */ 5599 err = mp_mulmod(kp, s, curve->order, s); 5203 5600 if (err != MP_OKAY) break; 5204 5601 5205 /* e = e/k.b */ 5206 err = mp_mulmod(&pubkey->k, e, curve->order, e); 5602 /* e' = e/k.b 5603 = e.k' */ 5604 err = mp_mulmod(kp, e, curve->order, ep); 5207 5605 if (err != MP_OKAY) break; 5208 5606 5209 /* s = e/k.b + x.r/k.b 5210 = (e + x.r)/k.b*/5211 err = mp_add (e, s, s);5607 /* s = e/k.b + x.r/k.b = (e + x.r)/k.b 5608 = e' + s */ 5609 err = mp_addmod_ct(ep, s, curve->order, s); 5212 5610 if (err != MP_OKAY) break; 5213 5611 5214 /* s = b.(e + x.r)/k.b 5215 = (e + x.r)/k*/5612 /* s = b.(e + x.r)/k.b = (e + x.r)/k 5613 = b.s */ 5216 5614 err = mp_mulmod(s, b, curve->order, s); 5217 5615 if (err != MP_OKAY) break; 5218 5616 5219 /* s = (e + xr)/k */ 5220 err = mp_mod(s, curve->order, s); 5221 if (err != MP_OKAY) break; 5222 5223 if (mp_iszero(s) == MP_NO) 5617 if (mp_iszero(s) == MP_NO) { 5618 /* sign successful */ 5224 5619 break; 5620 } 5225 5621 } 5622 #ifndef ALT_ECC_SIZE 5623 mp_clear(pubkey->pubkey.x); 5624 mp_clear(pubkey->pubkey.y); 5625 mp_clear(pubkey->pubkey.z); 5626 #endif 5627 mp_forcezero(&pubkey->k); 5226 5628 } 5227 5629 mp_clear(b); 5228 mp_free(b);5229 5630 #ifdef WOLFSSL_SMALL_STACK 5230 5631 XFREE(b, key->heap, DYNAMIC_TYPE_ECC); … … 5243 5644 #endif 5244 5645 FREE_CURVE_SPECS(); 5245 #endif /* WOLFSSL_SP_MATH */5646 #endif /* !WOLFSSL_SP_MATH */ 5246 5647 5247 5648 return err; 5248 5649 } 5249 5650 5250 #if def WOLFSSL_ECDSA_SET_K5651 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) 5251 5652 int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key) 5252 5653 { 5253 int ret = 0; 5654 int ret; 5655 DECLARE_CURVE_SPECS(curve, 1); 5254 5656 5255 5657 if (k == NULL || klen == 0 || key == NULL) { 5256 ret = BAD_FUNC_ARG; 5257 } 5258 5259 if (ret == 0) { 5260 if (key->sign_k == NULL) { 5261 key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, 5262 DYNAMIC_TYPE_ECC); 5263 if (key->sign_k == NULL) { 5264 ret = MEMORY_E; 5265 } 5266 } 5267 } 5268 5269 if (ret == 0) { 5270 ret = mp_init(key->sign_k); 5271 } 5658 return BAD_FUNC_ARG; 5659 } 5660 5661 ALLOC_CURVE_SPECS(1); 5662 ret = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER); 5663 if (ret != 0) { 5664 FREE_CURVE_SPECS(); 5665 return ret; 5666 } 5667 5668 if (key->sign_k == NULL) { 5669 key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, 5670 DYNAMIC_TYPE_ECC); 5671 if (key->sign_k) { 5672 ret = mp_init(key->sign_k); 5673 } 5674 else { 5675 ret = MEMORY_E; 5676 } 5677 } 5678 5272 5679 if (ret == 0) { 5273 5680 ret = mp_read_unsigned_bin(key->sign_k, k, klen); 5274 5681 } 5275 5682 if (ret == 0 && mp_cmp(key->sign_k, curve->order) != MP_LT) { 5683 ret = MP_VAL; 5684 } 5685 5686 wc_ecc_curve_free(curve); 5687 FREE_CURVE_SPECS(); 5276 5688 return ret; 5277 5689 } 5278 #endif /* WOLFSSL_ECDSA_SET_K */5279 #endif /* WOLFSSL_ATECC508A && WOLFSSL_CRYPTOCELL */5280 5281 #endif /* HAVE_ECC_SIGN */5690 #endif /* WOLFSSL_ECDSA_SET_K || WOLFSSL_ECDSA_SET_K_ONE_LOOP */ 5691 #endif /* WOLFSSL_ATECC508A && WOLFSSL_CRYPTOCELL */ 5692 5693 #endif /* !HAVE_ECC_SIGN */ 5282 5694 5283 5695 #ifdef WOLFSSL_CUSTOM_CURVES … … 5316 5728 } 5317 5729 5318 #if def WOLFSSL_ECDSA_SET_K5730 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) 5319 5731 if (key->sign_k != NULL) { 5320 5732 mp_forcezero(key->sign_k); … … 5331 5743 #endif 5332 5744 5333 #if def WOLFSSL_ATECC508A5745 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 5334 5746 atmel_ecc_free(key->slot); 5335 5747 key->slot = ATECC_INVALID_SLOT; … … 5350 5762 } 5351 5763 5352 #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 5764 #ifndef WOLFSSL_SP_MATH 5765 /* Handles add failure cases: 5766 * 5767 * Before add: 5768 * Case 1: A is infinity 5769 * -> Copy B into result. 5770 * Case 2: B is infinity 5771 * -> Copy A into result. 5772 * Case 3: x and z are the same in A and B (same x value in affine) 5773 * Case 3a: y values the same - same point 5774 * -> Double instead of add. 5775 * Case 3b: y values different - negative of the other when points on curve 5776 * -> Need to set result to infinity. 5777 * 5778 * After add: 5779 * Case 1: A and B are the same point (maybe different z) 5780 * (Result was: x == y == z == 0) 5781 * -> Need to double instead. 5782 * 5783 * Case 2: A + B = <infinity> = 0. 5784 * (Result was: z == 0, x and/or y not 0) 5785 * -> Need to set result to infinity. 5786 */ 5787 int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R, 5788 mp_int* a, mp_int* modulus, mp_digit mp, int* infinity) 5789 { 5790 int err; 5791 5792 if (mp_iszero(A->x) && mp_iszero(A->y)) { 5793 /* A is infinity. */ 5794 err = wc_ecc_copy_point(B, R); 5795 } 5796 else if (mp_iszero(B->x) && mp_iszero(B->y)) { 5797 /* B is infinity. */ 5798 err = wc_ecc_copy_point(A, R); 5799 } 5800 else if ((mp_cmp(A->x, B->x) == MP_EQ) && (mp_cmp(A->z, B->z) == MP_EQ)) { 5801 /* x ordinattes the same. */ 5802 if (mp_cmp(A->y, B->y) == MP_EQ) { 5803 /* A = B */ 5804 err = ecc_projective_dbl_point(B, R, a, modulus, mp); 5805 } 5806 else { 5807 /* A = -B */ 5808 err = mp_set(R->x, 0); 5809 if (err == MP_OKAY) 5810 err = mp_set(R->y, 0); 5811 if (err == MP_OKAY) 5812 err = mp_set(R->z, 1); 5813 if ((err == MP_OKAY) && (infinity != NULL)) 5814 *infinity = 1; 5815 } 5816 } 5817 else { 5818 err = ecc_projective_add_point(A, B, R, a, modulus, mp); 5819 if ((err == MP_OKAY) && mp_iszero(R->z)) { 5820 /* When all zero then should have done a double */ 5821 if (mp_iszero(R->x) && mp_iszero(R->y)) { 5822 err = ecc_projective_dbl_point(B, R, a, modulus, mp); 5823 } 5824 /* When only Z zero then result is infinity */ 5825 else { 5826 err = mp_set(R->x, 0); 5827 if (err == MP_OKAY) 5828 err = mp_set(R->y, 0); 5829 if (err == MP_OKAY) 5830 err = mp_set(R->z, 1); 5831 if ((err == MP_OKAY) && (infinity != NULL)) 5832 *infinity = 1; 5833 } 5834 } 5835 } 5836 5837 return err; 5838 } 5839 5840 /* Handles when P is the infinity point. 5841 * 5842 * Double infinity -> infinity. 5843 * Otherwise do normal double - which can't lead to infinity as odd order. 5844 */ 5845 int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a, 5846 mp_int* modulus, mp_digit mp) 5847 { 5848 int err; 5849 5850 if (mp_iszero(P->x) && mp_iszero(P->y)) { 5851 /* P is infinity. */ 5852 err = wc_ecc_copy_point(P, R); 5853 } 5854 else { 5855 err = ecc_projective_dbl_point(P, R, a, modulus, mp); 5856 } 5857 5858 return err; 5859 } 5860 #endif 5861 5862 #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \ 5863 !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) 5353 5864 #ifdef ECC_SHAMIR 5354 5865 … … 5531 6042 } 5532 6043 5533 if (err == MP_OKAY) 6044 if (err == MP_OKAY) { 5534 6045 /* precomp [i,0](A + B) table */ 5535 err = ecc_projective_dbl_point(precomp[1], precomp[2], a, modulus, mp); 5536 5537 if (err == MP_OKAY) 5538 err = ecc_projective_add_point(precomp[1], precomp[2], precomp[3], 5539 a, modulus, mp); 5540 if (err == MP_OKAY) 6046 err = ecc_projective_dbl_point_safe(precomp[1], precomp[2], a, modulus, mp); 6047 } 6048 if (err == MP_OKAY) { 6049 err = ecc_projective_add_point_safe(precomp[1], precomp[2], precomp[3], 6050 a, modulus, mp, NULL); 6051 } 6052 6053 if (err == MP_OKAY) { 5541 6054 /* precomp [0,i](A + B) table */ 5542 err = ecc_projective_dbl_point(precomp[1<<2], precomp[2<<2], a, modulus, mp); 5543 5544 if (err == MP_OKAY) 5545 err = ecc_projective_add_point(precomp[1<<2], precomp[2<<2], precomp[3<<2], 5546 a, modulus, mp); 6055 err = ecc_projective_dbl_point_safe(precomp[1<<2], precomp[2<<2], a, 6056 modulus, mp); 6057 } 6058 if (err == MP_OKAY) { 6059 err = ecc_projective_add_point_safe(precomp[1<<2], precomp[2<<2], 6060 precomp[3<<2], a, modulus, mp, NULL); 6061 } 5547 6062 5548 6063 if (err == MP_OKAY) { … … 5551 6066 for (y = 1; y < 4; y++) { 5552 6067 if (err == MP_OKAY) { 5553 err = ecc_projective_add_point(precomp[x], precomp[(y<<2)], 5554 precomp[x+(y<<2)], a, modulus, mp); 6068 err = ecc_projective_add_point_safe(precomp[x], precomp[(y<<2)], 6069 precomp[x+(y<<2)], a, modulus, 6070 mp, NULL); 5555 6071 } 5556 6072 } … … 5590 6106 /* double twice */ 5591 6107 if (err == MP_OKAY) 5592 err = ecc_projective_dbl_point (C, C, a, modulus, mp);6108 err = ecc_projective_dbl_point_safe(C, C, a, modulus, mp); 5593 6109 if (err == MP_OKAY) 5594 err = ecc_projective_dbl_point (C, C, a, modulus, mp);6110 err = ecc_projective_dbl_point_safe(C, C, a, modulus, mp); 5595 6111 else 5596 6112 break; … … 5599 6115 /* if not both zero */ 5600 6116 if ((nA != 0) || (nB != 0)) { 6117 int i = nA + (nB<<2); 5601 6118 if (first == 1) { 5602 6119 /* if first, copy from table */ 5603 6120 first = 0; 5604 6121 if (err == MP_OKAY) 5605 err = mp_copy(precomp[ nA + (nB<<2)]->x, C->x);6122 err = mp_copy(precomp[i]->x, C->x); 5606 6123 5607 6124 if (err == MP_OKAY) 5608 err = mp_copy(precomp[ nA + (nB<<2)]->y, C->y);6125 err = mp_copy(precomp[i]->y, C->y); 5609 6126 5610 6127 if (err == MP_OKAY) 5611 err = mp_copy(precomp[ nA + (nB<<2)]->z, C->z);6128 err = mp_copy(precomp[i]->z, C->z); 5612 6129 else 5613 6130 break; … … 5615 6132 /* if not first, add from table */ 5616 6133 if (err == MP_OKAY) 5617 err = ecc_projective_add_point(C, precomp[nA + (nB<<2)], C, 5618 a, modulus, mp); 6134 err = ecc_projective_add_point_safe(C, precomp[i], 6135 C, a, modulus, mp, 6136 &first); 5619 6137 if (err != MP_OKAY) 5620 6138 break; 5621 if (mp_iszero(C->z)) {5622 /* When all zero then should have done an add */5623 if (mp_iszero(C->x) && mp_iszero(C->y)) {5624 err = ecc_projective_dbl_point(precomp[nA + (nB<<2)], C,5625 a, modulus, mp);5626 if (err != MP_OKAY)5627 break;5628 }5629 /* When only Z zero then result is infinity */5630 else {5631 err = mp_set(C->x, 0);5632 if (err != MP_OKAY)5633 break;5634 err = mp_set(C->y, 0);5635 if (err != MP_OKAY)5636 break;5637 err = mp_set(C->z, 1);5638 if (err != MP_OKAY)5639 break;5640 first = 1;5641 }5642 }5643 6139 } 5644 6140 } … … 5677 6173 5678 6174 #endif /* ECC_SHAMIR */ 5679 #endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCEL*/ 6175 #endif /* (!WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && 6176 * !WOLFSSL_CRYPTOCEL */ 5680 6177 5681 6178 … … 5821 6318 #endif /* !NO_ASN */ 5822 6319 6320 static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) 6321 { 6322 int err; 6323 DECLARE_CURVE_SPECS(curve, 1); 6324 6325 ALLOC_CURVE_SPECS(1); 6326 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER); 6327 if (err != 0) { 6328 FREE_CURVE_SPECS(); 6329 return err; 6330 } 6331 6332 if (mp_iszero(r) || mp_iszero(s)) { 6333 err = MP_ZERO_E; 6334 } 6335 if ((err == 0) && (mp_cmp(r, curve->order) != MP_LT)) { 6336 err = MP_VAL; 6337 } 6338 if ((err == 0) && (mp_cmp(s, curve->order) != MP_LT)) { 6339 err = MP_VAL; 6340 } 6341 6342 wc_ecc_curve_free(curve); 6343 FREE_CURVE_SPECS(); 6344 return err; 6345 } 5823 6346 5824 6347 /** … … 5839 6362 return stm32_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); 5840 6363 } 6364 #elif defined(WOLFSSL_PSOC6_CRYPTO) 6365 { 6366 return psoc6_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); 6367 } 5841 6368 #else 5842 6369 { 5843 6370 int err; 5844 word32 keySz ;5845 #if def WOLFSSL_ATECC508A6371 word32 keySz = 0; 6372 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 5846 6373 byte sigRS[ATECC_KEY_SIZE*2]; 5847 6374 #elif defined(WOLFSSL_CRYPTOCELL) … … 5850 6377 word32 msgLenInBytes = hashlen; 5851 6378 CRYS_ECPKI_HASH_OpMode_t hash_mode; 6379 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 6380 byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2]; 5852 6381 #elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC) 5853 6382 int did_init = 0; … … 5885 6414 } 5886 6415 6416 err = wc_ecc_check_r_s_range(key, r, s); 6417 if (err != MP_OKAY) { 6418 return err; 6419 } 6420 5887 6421 keySz = key->dp->size; 5888 6422 … … 5903 6437 #endif 5904 6438 5905 #if def WOLFSSL_ATECC508A6439 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 5906 6440 /* Extract R and S */ 5907 6441 err = mp_to_unsigned_bin(r, &sigRS[0]); … … 5932 6466 } 5933 6467 6468 /* truncate if hash is longer than key size */ 6469 if (msgLenInBytes > keySz) { 6470 msgLenInBytes = keySz; 6471 } 5934 6472 hash_mode = cc310_hashModeECC(msgLenInBytes); 5935 6473 if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) { 5936 6474 /* hash_mode = */ cc310_hashModeECC(keySz); 5937 6475 hash_mode = CRYS_ECPKI_HASH_SHA256_mode; 5938 }5939 /* truncate if hash is longer than key size */5940 if (msgLenInBytes > keySz) {5941 msgLenInBytes = keySz;5942 6476 } 5943 6477 … … 5957 6491 /* valid signature if we get to this point */ 5958 6492 *res = 1; 6493 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 6494 /* Extract R and S */ 6495 6496 err = mp_to_unsigned_bin(r, &sigRS[0]); 6497 if (err != MP_OKAY) { 6498 return err; 6499 } 6500 err = mp_to_unsigned_bin(s, &sigRS[keySz]); 6501 if (err != MP_OKAY) { 6502 return err; 6503 } 6504 6505 err = silabs_ecc_verify_hash(&sigRS[0], keySz*2, 6506 hash, hashlen, 6507 res, key); 6508 5959 6509 #else 5960 6510 /* checking if private key with no public part */ 5961 6511 if (key->type == ECC_PRIVATEKEY_ONLY) { 5962 6512 WOLFSSL_MSG("Verify called with private key, generating public part"); 5963 err = wc_ecc_make_pub_ex(key, NULL, NULL);6513 err = ecc_make_pub_ex(key, NULL, NULL, NULL); 5964 6514 if (err != MP_OKAY) { 5965 6515 WOLFSSL_MSG("Unable to extract public key"); … … 5970 6520 #if defined(WOLFSSL_DSP) && !defined(FREESCALE_LTC_ECC) 5971 6521 if (key->handle != -1) { 5972 return sp_dsp_ecc_verify_256(key->handle, hash, hashlen, key->pubkey.x, key->pubkey.y,5973 6522 return sp_dsp_ecc_verify_256(key->handle, hash, hashlen, key->pubkey.x, 6523 key->pubkey.y, key->pubkey.z, r, s, res, key->heap); 5974 6524 } 5975 6525 if (wolfSSL_GetHandleCbSet() == 1) { 5976 return sp_dsp_ecc_verify_256(0, hash, hashlen, key->pubkey.x, key->pubkey.y,5977 6526 return sp_dsp_ecc_verify_256(0, hash, hashlen, key->pubkey.x, 6527 key->pubkey.y, key->pubkey.z, r, s, res, key->heap); 5978 6528 } 5979 6529 #endif 6530 5980 6531 #if defined(WOLFSSL_SP_MATH) && !defined(FREESCALE_LTC_ECC) 5981 #ifndef WOLFSSL_SP_NO_256 5982 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 5983 return sp_ecc_verify_256(hash, hashlen, key->pubkey.x, key->pubkey.y, 5984 key->pubkey.z, r, s, res, key->heap); 5985 } 5986 #endif 5987 #ifdef WOLFSSL_SP_384 5988 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { 5989 return sp_ecc_verify_384(hash, hashlen, key->pubkey.x, key->pubkey.y, 5990 key->pubkey.z, r, s, res, key->heap); 5991 } 5992 #endif 5993 return WC_KEY_SIZE_E; 5994 #else 5995 #if defined WOLFSSL_HAVE_SP_ECC && !defined(FREESCALE_LTC_ECC) 6532 if (key->idx == ECC_CUSTOM_IDX || 6533 (ecc_sets[key->idx].id != ECC_SECP256R1 && 6534 ecc_sets[key->idx].id != ECC_SECP384R1)) { 6535 return WC_KEY_SIZE_E; 6536 } 6537 #endif 6538 6539 #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ 6540 defined(WOLFSSL_HAVE_SP_ECC) 6541 if (key->idx != ECC_CUSTOM_IDX 5996 6542 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 5997 if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC)6543 && key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC 5998 6544 #endif 5999 { 6000 #ifndef WOLFSSL_SP_NO_256 6001 if (key->idx != ECC_CUSTOM_IDX && 6002 ecc_sets[key->idx].id == ECC_SECP256R1) { 6003 return sp_ecc_verify_256(hash, hashlen, key->pubkey.x, 6004 key->pubkey.y, key->pubkey.z,r, s, res, 6005 key->heap); 6006 } 6007 #endif /* WOLFSSL_SP_NO_256 */ 6008 #ifdef WOLFSSL_SP_384 6009 if (key->idx != ECC_CUSTOM_IDX && 6010 ecc_sets[key->idx].id == ECC_SECP384R1) { 6011 return sp_ecc_verify_384(hash, hashlen, key->pubkey.x, 6012 key->pubkey.y, key->pubkey.z,r, s, res, 6013 key->heap); 6014 } 6015 #endif /* WOLFSSL_SP_384 */ 6016 } 6017 #endif /* WOLFSSL_HAVE_SP_ECC */ 6018 6545 ) { 6546 #if defined(WC_ECC_NONBLOCK) && defined(WC_ECC_NONBLOCK_ONLY) 6547 /* perform blocking call to non-blocking function */ 6548 ecc_nb_ctx_t nb_ctx; 6549 XMEMSET(&nb_ctx, 0, sizeof(nb_ctx)); 6550 err = NOT_COMPILED_IN; /* set default error */ 6551 #endif 6552 #ifndef WOLFSSL_SP_NO_256 6553 if (ecc_sets[key->idx].id == ECC_SECP256R1) { 6554 #ifdef WC_ECC_NONBLOCK 6555 if (key->nb_ctx) { 6556 return sp_ecc_verify_256_nb(&key->nb_ctx->sp_ctx, hash, hashlen, 6557 key->pubkey.x, key->pubkey.y, key->pubkey.z, r, s, res, 6558 key->heap); 6559 } 6560 #ifdef WC_ECC_NONBLOCK_ONLY 6561 do { /* perform blocking call to non-blocking function */ 6562 err = sp_ecc_verify_256_nb(&nb_ctx.sp_ctx, hash, hashlen, 6563 key->pubkey.x, key->pubkey.y, key->pubkey.z, r, s, res, 6564 key->heap); 6565 } while (err == FP_WOULDBLOCK); 6566 return err; 6567 #endif 6568 #endif /* WC_ECC_NONBLOCK */ 6569 #if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY)) 6570 return sp_ecc_verify_256(hash, hashlen, key->pubkey.x, 6571 key->pubkey.y, key->pubkey.z, r, s, res, key->heap); 6572 #endif 6573 } 6574 #endif 6575 #ifdef WOLFSSL_SP_384 6576 if (ecc_sets[key->idx].id == ECC_SECP384R1) { 6577 #ifdef WC_ECC_NONBLOCK 6578 if (key->nb_ctx) { 6579 return sp_ecc_verify_384_nb(&key->nb_ctx->sp_ctx, hash, hashlen, 6580 key->pubkey.x, key->pubkey.y, key->pubkey.z, r, s, res, 6581 key->heap); 6582 } 6583 #ifdef WC_ECC_NONBLOCK_ONLY 6584 do { /* perform blocking call to non-blocking function */ 6585 err = sp_ecc_verify_384_nb(&nb_ctx.sp_ctx, hash, hashlen, 6586 key->pubkey.x, key->pubkey.y, key->pubkey.z, r, s, res, 6587 key->heap); 6588 } while (err == FP_WOULDBLOCK); 6589 return err; 6590 #endif 6591 #endif /* WC_ECC_NONBLOCK */ 6592 #if !defined(WC_ECC_NONBLOCK) || (defined(WC_ECC_NONBLOCK) && !defined(WC_ECC_NONBLOCK_ONLY)) 6593 return sp_ecc_verify_384(hash, hashlen, key->pubkey.x, 6594 key->pubkey.y, key->pubkey.z, r, s, res, key->heap); 6595 #endif 6596 } 6597 #endif 6598 } 6599 #endif 6600 6601 #if !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC) 6019 6602 ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); 6020 6603 … … 6043 6626 /* read in the specs for this curve */ 6044 6627 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); 6045 6046 /* check for zero */6047 if (err == MP_OKAY) {6048 if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES ||6049 mp_cmp(r, curve->order) != MP_LT ||6050 mp_cmp(s, curve->order) != MP_LT) {6051 err = MP_ZERO_E;6052 }6053 }6054 6628 6055 6629 /* read hash */ … … 6132 6706 if ((err = mp_init_multi(v, w, u1, u2, NULL, NULL)) != MP_OKAY) { 6133 6707 err = MEMORY_E; 6708 } else { 6709 did_init = 1; 6134 6710 } 6135 did_init = 1;6136 6711 } 6137 6712 … … 6200 6775 /* add them */ 6201 6776 if (err == MP_OKAY) 6202 err = ecc_projective_add_point(mQ, mG, mG, curve->Af, 6203 curve->prime, mp); 6204 if (err == MP_OKAY && mp_iszero(mG->z)) { 6205 /* When all zero then should have done an add */ 6206 if (mp_iszero(mG->x) && mp_iszero(mG->y)) { 6207 err = ecc_projective_dbl_point(mQ, mG, curve->Af, 6208 curve->prime, mp); 6209 } 6210 /* When only Z zero then result is infinity */ 6211 else { 6212 err = mp_set(mG->x, 0); 6213 if (err == MP_OKAY) 6214 err = mp_set(mG->y, 0); 6215 if (err == MP_OKAY) 6216 err = mp_set(mG->z, 1); 6217 } 6218 } 6777 err = ecc_projective_add_point_safe(mQ, mG, mG, curve->Af, 6778 curve->prime, mp, NULL); 6219 6779 } 6220 6780 else { … … 6273 6833 FREE_CURVE_SPECS(); 6274 6834 6275 #endif /* WOLFSSL_SP_MATH*/6835 #endif /* !WOLFSSL_SP_MATH || FREESCALE_LTC_ECC */ 6276 6836 #endif /* WOLFSSL_ATECC508A */ 6277 6837 … … 6357 6917 #ifdef HAVE_COMP_KEY 6358 6918 if (err == MP_OKAY && compressed == 1) { /* build y */ 6359 #ifndef WOLFSSL_SP_MATH 6360 int did_init = 0; 6361 mp_int t1, t2; 6362 DECLARE_CURVE_SPECS(curve, 3); 6363 6364 ALLOC_CURVE_SPECS(3); 6365 6366 if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) 6367 err = MEMORY_E; 6368 else 6369 did_init = 1; 6370 6371 /* load curve info */ 6372 if (err == MP_OKAY) 6373 err = wc_ecc_curve_load(&ecc_sets[curve_idx], &curve, 6374 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF | 6375 ECC_CURVE_FIELD_BF)); 6376 6377 /* compute x^3 */ 6378 if (err == MP_OKAY) 6379 err = mp_sqr(point->x, &t1); 6380 if (err == MP_OKAY) 6381 err = mp_mulmod(&t1, point->x, curve->prime, &t1); 6382 6383 /* compute x^3 + a*x */ 6384 if (err == MP_OKAY) 6385 err = mp_mulmod(curve->Af, point->x, curve->prime, &t2); 6386 if (err == MP_OKAY) 6387 err = mp_add(&t1, &t2, &t1); 6388 6389 /* compute x^3 + a*x + b */ 6390 if (err == MP_OKAY) 6391 err = mp_add(&t1, curve->Bf, &t1); 6392 6393 /* compute sqrt(x^3 + a*x + b) */ 6394 if (err == MP_OKAY) 6395 err = mp_sqrtmod_prime(&t1, curve->prime, &t2); 6396 6397 /* adjust y */ 6398 if (err == MP_OKAY) { 6399 if ((mp_isodd(&t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || 6400 (mp_isodd(&t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { 6401 err = mp_mod(&t2, curve->prime, point->y); 6402 } 6403 else { 6404 err = mp_submod(curve->prime, &t2, curve->prime, point->y); 6405 } 6406 } 6407 6408 if (did_init) { 6409 mp_clear(&t2); 6410 mp_clear(&t1); 6411 } 6412 6413 wc_ecc_curve_free(curve); 6414 FREE_CURVE_SPECS(); 6415 #else 6416 #ifndef WOLFSSL_SP_NO_256 6919 #if defined(WOLFSSL_HAVE_SP_ECC) 6920 #ifndef WOLFSSL_SP_NO_256 6417 6921 if (curve_idx != ECC_CUSTOM_IDX && 6418 6922 ecc_sets[curve_idx].id == ECC_SECP256R1) { … … 6420 6924 } 6421 6925 else 6422 #endif6423 #ifdef WOLFSSL_SP_3846926 #endif 6927 #ifdef WOLFSSL_SP_384 6424 6928 if (curve_idx != ECC_CUSTOM_IDX && 6425 6929 ecc_sets[curve_idx].id == ECC_SECP384R1) { … … 6427 6931 } 6428 6932 else 6933 #endif 6429 6934 #endif 6935 #if !defined(WOLFSSL_SP_MATH) 6936 { 6937 int did_init = 0; 6938 mp_int t1, t2; 6939 DECLARE_CURVE_SPECS(curve, 3); 6940 6941 ALLOC_CURVE_SPECS(3); 6942 6943 if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) 6944 err = MEMORY_E; 6945 else 6946 did_init = 1; 6947 6948 /* load curve info */ 6949 if (err == MP_OKAY) 6950 err = wc_ecc_curve_load(&ecc_sets[curve_idx], &curve, 6951 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF | 6952 ECC_CURVE_FIELD_BF)); 6953 6954 #if defined(WOLFSSL_CUSTOM_CURVES) && \ 6955 defined(WOLFSSL_VALIDATE_ECC_IMPORT) 6956 /* validate prime is prime for custom curves */ 6957 if (err == MP_OKAY && curve_idx == ECC_CUSTOM_IDX) { 6958 int isPrime = MP_NO; 6959 err = mp_prime_is_prime(curve->prime, 8, &isPrime); 6960 if (err == MP_OKAY && isPrime == MP_NO) 6961 err = MP_VAL; 6962 } 6963 #endif 6964 6965 /* compute x^3 */ 6966 if (err == MP_OKAY) 6967 err = mp_sqr(point->x, &t1); 6968 if (err == MP_OKAY) 6969 err = mp_mulmod(&t1, point->x, curve->prime, &t1); 6970 6971 /* compute x^3 + a*x */ 6972 if (err == MP_OKAY) 6973 err = mp_mulmod(curve->Af, point->x, curve->prime, &t2); 6974 if (err == MP_OKAY) 6975 err = mp_add(&t1, &t2, &t1); 6976 6977 /* compute x^3 + a*x + b */ 6978 if (err == MP_OKAY) 6979 err = mp_add(&t1, curve->Bf, &t1); 6980 6981 /* compute sqrt(x^3 + a*x + b) */ 6982 if (err == MP_OKAY) 6983 err = mp_sqrtmod_prime(&t1, curve->prime, &t2); 6984 6985 /* adjust y */ 6986 if (err == MP_OKAY) { 6987 if ((mp_isodd(&t2) == MP_YES && 6988 pointType == ECC_POINT_COMP_ODD) || 6989 (mp_isodd(&t2) == MP_NO && 6990 pointType == ECC_POINT_COMP_EVEN)) { 6991 err = mp_mod(&t2, curve->prime, point->y); 6992 } 6993 else { 6994 err = mp_submod(curve->prime, &t2, curve->prime, point->y); 6995 } 6996 } 6997 6998 if (did_init) { 6999 mp_clear(&t2); 7000 mp_clear(&t1); 7001 } 7002 7003 wc_ecc_curve_free(curve); 7004 FREE_CURVE_SPECS(); 7005 } 7006 #else 6430 7007 { 6431 7008 err = WC_KEY_SIZE_E; 6432 7009 } 6433 #endif7010 #endif 6434 7011 } 6435 7012 #endif … … 6633 7210 return ECC_PRIVATEONLY_E; 6634 7211 6635 if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) { 6636 return ECC_BAD_ARG_E; 6637 } 7212 if (key->type == 0 || 7213 wc_ecc_is_valid_idx(key->idx) == 0 || 7214 key->dp == NULL) { 7215 return ECC_BAD_ARG_E; 7216 } 7217 6638 7218 numlen = key->dp->size; 6639 7219 … … 6703 7283 6704 7284 6705 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 7285 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 7286 !defined(WOLFSSL_CRYPTOCELL) 6706 7287 6707 7288 /* is ecc point on curve described by dp ? */ 6708 7289 int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) 6709 7290 { 6710 #if ndef WOLFSSL_SP_MATH7291 #if !defined(WOLFSSL_SP_MATH) 6711 7292 int err; 6712 7293 #ifdef WOLFSSL_SMALL_STACK … … 6750 7331 /* compute y^2 - x^3 */ 6751 7332 if (err == MP_OKAY) 6752 err = mp_sub (t1, t2, t1);7333 err = mp_submod(t1, t2, prime, t1); 6753 7334 6754 7335 /* Determine if curve "a" should be used in calc */ … … 6795 7376 if (err == MP_OKAY) { 6796 7377 if (mp_cmp(t1, b) != MP_EQ) { 6797 err = MP_VAL;7378 err = IS_POINT_E; 6798 7379 } else { 6799 7380 err = MP_OKAY; … … 6813 7394 (void)b; 6814 7395 7396 #ifdef WOLFSSL_HAVE_SP_ECC 6815 7397 #ifndef WOLFSSL_SP_NO_256 6816 7398 if (mp_count_bits(prime) == 256) { … … 6823 7405 } 6824 7406 #endif 7407 #else 7408 (void)ecp; 7409 (void)prime; 7410 #endif 6825 7411 return WC_KEY_SIZE_E; 6826 7412 #endif 6827 7413 } 6828 7414 6829 #if ndef WOLFSSL_SP_MATH7415 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_VALIDATE_ECC_IMPORT) 6830 7416 /* validate privkey * generator == pubkey, 0 on success */ 6831 7417 static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) … … 6834 7420 ecc_point* base = NULL; 6835 7421 ecc_point* res = NULL; 6836 DECLARE_CURVE_SPECS(curve, 2);7422 DECLARE_CURVE_SPECS(curve, 3); 6837 7423 6838 7424 if (key == NULL) 6839 7425 return BAD_FUNC_ARG; 6840 7426 6841 ALLOC_CURVE_SPECS( 2);7427 ALLOC_CURVE_SPECS(3); 6842 7428 6843 7429 res = wc_ecc_new_point_h(key->heap); … … 6870 7456 if (err == MP_OKAY) { 6871 7457 /* load curve info */ 6872 err = wc_ecc_curve_load(key->dp, &curve, 6873 (ECC_CURVE_FIELD_GX | ECC_CURVE_FIELD_GY));7458 err = wc_ecc_curve_load(key->dp, &curve, (ECC_CURVE_FIELD_GX | 7459 ECC_CURVE_FIELD_GY | ECC_CURVE_FIELD_ORDER)); 6874 7460 } 6875 7461 … … 6882 7468 err = mp_set(base->z, 1); 6883 7469 7470 #ifdef ECC_TIMING_RESISTANT 6884 7471 if (err == MP_OKAY) 6885 err = wc_ecc_mulmod_ex(&key->k, base, res, a, prime, 1, key->heap); 7472 err = wc_ecc_mulmod_ex2(&key->k, base, res, a, prime, curve->order, 7473 key->rng, 1, key->heap); 7474 #else 7475 if (err == MP_OKAY) 7476 err = wc_ecc_mulmod_ex2(&key->k, base, res, a, prime, curve->order, 7477 NULL, 1, key->heap); 7478 #endif 6886 7479 } 6887 7480 … … 6903 7496 return err; 6904 7497 } 6905 #endif 7498 #endif /* !WOLFSSL_SP_MATH || WOLFSSL_VALIDATE_ECC_IMPORT */ 6906 7499 6907 7500 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT … … 6911 7504 { 6912 7505 int err; 6913 #if ndef WOLFSSL_ATECC508A7506 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) 6914 7507 DECLARE_CURVE_SPECS(curve, 2); 6915 7508 #endif … … 6918 7511 return BAD_FUNC_ARG; 6919 7512 6920 #if def WOLFSSL_ATECC508A7513 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 6921 7514 /* Hardware based private key, so this operation is not supported */ 6922 7515 err = MP_OKAY; /* just report success */ 6923 7516 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 7517 /* Hardware based private key, so this operation is not supported */ 7518 err = MP_OKAY; /* just report success */ 6924 7519 #else 6925 7520 ALLOC_CURVE_SPECS(2); … … 6973 7568 #endif 6974 7569 #endif 6975 #if ndef WOLFSSL_SP_MATH7570 #if !defined(WOLFSSL_SP_MATH) 6976 7571 err = wc_ecc_mulmod_ex(order, pubkey, inf, a, prime, 1, key->heap); 6977 7572 if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf)) 6978 7573 err = ECC_INF_E; 6979 7574 #else 7575 { 6980 7576 (void)a; 6981 7577 (void)prime; 6982 7578 6983 7579 err = WC_KEY_SIZE_E; 7580 } 6984 7581 #endif 6985 7582 } … … 7022 7619 int wc_ecc_check_key(ecc_key* key) 7023 7620 { 7621 #ifndef WOLFSSL_SP_MATH 7024 7622 int err; 7025 #if ndef WOLFSSL_SP_MATH7026 #if !defined(WOLFSSL_ATECC508A) &&!defined(WOLFSSL_CRYPTOCELL)7623 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 7624 !defined(WOLFSSL_CRYPTOCELL) 7027 7625 mp_int* b = NULL; 7028 7626 #ifdef USE_ECC_B_PARAM … … 7035 7633 #endif /* USE_ECC_B_PARAM */ 7036 7634 #endif /* WOLFSSL_ATECC508A */ 7635 #endif /* !WOLFSSL_SP_MATH */ 7037 7636 7038 7637 if (key == NULL) 7039 7638 return BAD_FUNC_ARG; 7040 7639 7041 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_CRYPTOCELL) 7042 7043 err = 0; /* consider key check success on ATECC508A */ 7640 #ifdef WOLFSSL_HAVE_SP_ECC 7641 #ifndef WOLFSSL_SP_NO_256 7642 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 7643 return sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y, 7644 key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); 7645 } 7646 #endif 7647 #ifdef WOLFSSL_SP_384 7648 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { 7649 return sp_ecc_check_key_384(key->pubkey.x, key->pubkey.y, 7650 key->type == ECC_PRIVATEKEY ? &key->k : NULL, key->heap); 7651 } 7652 #endif 7653 #endif 7654 7655 #ifndef WOLFSSL_SP_MATH 7656 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ 7657 defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) 7658 7659 err = 0; /* consider key check success on ATECC508/608A */ 7044 7660 7045 7661 #else … … 7113 7729 curve->order); 7114 7730 7731 /* SP 800-56Ar3, section 5.6.2.1.2 */ 7732 /* private keys must be in the range [1, n-1] */ 7733 if ((err == MP_OKAY) && (key->type == ECC_PRIVATEKEY) && 7734 (mp_iszero(&key->k) || mp_isneg(&key->k) || 7735 (mp_cmp(&key->k, curve->order) != MP_LT))) { 7736 err = ECC_PRIV_KEY_E; 7737 } 7738 7115 7739 /* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */ 7116 7740 /* private * base generator must equal pubkey */ … … 7129 7753 FREE_CURVE_SPECS(); 7130 7754 7755 return err; 7131 7756 #endif /* WOLFSSL_ATECC508A */ 7132 7757 #else 7133 if (key == NULL) 7134 return BAD_FUNC_ARG; 7135 7136 /* pubkey point cannot be at infinity */ 7137 #ifndef WOLFSSL_SP_NO_256 7138 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 7139 err = sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y, &key->k, 7140 key->heap); 7141 } 7142 else 7143 #endif 7144 #ifdef WOLFSSL_SP_384 7145 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { 7146 err = sp_ecc_check_key_384(key->pubkey.x, key->pubkey.y, &key->k, 7147 key->heap); 7148 } 7149 else 7150 #endif 7151 { 7152 err = WC_KEY_SIZE_E; 7153 } 7154 #endif 7155 7156 return err; 7758 return WC_KEY_SIZE_E; 7759 #endif /* !WOLFSSL_SP_MATH */ 7157 7760 } 7158 7761 … … 7215 7818 in += 1; 7216 7819 7217 #if def WOLFSSL_ATECC508A7820 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 7218 7821 /* For SECP256R1 only save raw public key for hardware */ 7219 7822 if (curve_id == ECC_SECP256R1 && inLen <= sizeof(key->pubkey_raw)) { … … 7244 7847 #ifdef HAVE_COMP_KEY 7245 7848 if (err == MP_OKAY && compressed == 1) { /* build y */ 7246 #if ndef WOLFSSL_SP_MATH7849 #if !defined(WOLFSSL_SP_MATH) 7247 7850 mp_int t1, t2; 7248 7851 int did_init = 0; … … 7261 7864 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF | 7262 7865 ECC_CURVE_FIELD_BF)); 7866 7867 #if defined(WOLFSSL_CUSTOM_CURVES) && \ 7868 defined(WOLFSSL_VALIDATE_ECC_IMPORT) 7869 /* validate prime is prime for custom curves */ 7870 if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { 7871 int isPrime = MP_NO; 7872 err = mp_prime_is_prime(curve->prime, 8, &isPrime); 7873 if (err == MP_OKAY && isPrime == MP_NO) 7874 err = MP_VAL; 7875 } 7876 #endif 7263 7877 7264 7878 /* compute x^3 */ … … 7334 7948 err = mp_set(key->pubkey.z, 1); 7335 7949 7950 #ifdef WOLFSSL_SILABS_SE_ACCEL 7951 err = silabs_ecc_import(key, keysize); 7952 #endif 7953 7336 7954 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT 7337 7955 if (err == MP_OKAY) … … 7382 8000 return BAD_FUNC_ARG; 7383 8001 7384 #if def WOLFSSL_ATECC508A8002 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 7385 8003 /* Hardware cannot export private portion */ 7386 8004 return NOT_COMPILED_IN; … … 7460 8078 { 7461 8079 int ret; 7462 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)8080 #ifdef WOLFSSL_CRYPTOCELL 7463 8081 const CRYS_ECPKI_Domain_t* pDomain; 7464 8082 CRYS_ECPKI_BUILD_TempData_t tempBuff; … … 7476 8094 key->type = ECC_PRIVATEKEY; 7477 8095 #else 8096 (void)pubSz; 7478 8097 ret = NOT_COMPILED_IN; 7479 8098 #endif … … 7491 8110 return ret; 7492 8111 7493 #ifdef WOLFSSL_ATECC508A 7494 /* Hardware does not support loading private keys */ 7495 return NOT_COMPILED_IN; 7496 #elif defined(WOLFSSL_CRYPTOCELL) 8112 #ifdef WOLFSSL_CRYPTOCELL 7497 8113 pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id)); 7498 8114 … … 7526 8142 ret = mp_read_unsigned_bin(&key->k, priv, privSz); 7527 8143 } 7528 8144 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 8145 if (ret == MP_OKAY) 8146 ret = mp_read_unsigned_bin(&key->k, priv, privSz); 8147 8148 if (ret == MP_OKAY) { 8149 if (pub) { 8150 ret = silabs_ecc_import(key, key->dp->size); 8151 } else 8152 { 8153 ret = silabs_ecc_import_private(key, key->dp->size); 8154 } 8155 } 7529 8156 #else 7530 8157 … … 7538 8165 #endif /* HAVE_WOLF_BIGINT */ 7539 8166 7540 7541 #endif /* WOLFSSL_ATECC508A */ 8167 #endif /* WOLFSSL_CRYPTOCELL */ 7542 8168 7543 8169 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT … … 7606 8232 err = mp_read_radix(stmp, s, MP_RADIX_HEX); 7607 8233 8234 if (err == MP_OKAY) { 8235 if (mp_iszero(rtmp) == MP_YES || mp_iszero(stmp) == MP_YES) 8236 err = MP_ZERO_E; 8237 } 8238 7608 8239 /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ 7609 8240 if (err == MP_OKAY) 7610 8241 err = StoreECC_DSA_Sig(out, outlen, rtmp, stmp); 7611 7612 if (err == MP_OKAY) {7613 if (mp_iszero(rtmp) == MP_YES || mp_iszero(stmp) == MP_YES)7614 err = MP_ZERO_E;7615 }7616 8242 7617 8243 mp_clear(rtmp); … … 7638 8264 byte* out, word32* outlen) 7639 8265 { 7640 int err;7641 #ifdef WOLFSSL_SMALL_STACK7642 mp_int* rtmp = NULL;7643 mp_int* stmp = NULL;7644 #else7645 mp_int rtmp[1];7646 mp_int stmp[1];7647 #endif7648 7649 8266 if (r == NULL || s == NULL || out == NULL || outlen == NULL) 7650 8267 return ECC_BAD_ARG_E; 7651 8268 7652 #ifdef WOLFSSL_SMALL_STACK7653 rtmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC);7654 if (rtmp == NULL)7655 return MEMORY_E;7656 stmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC);7657 if (stmp == NULL) {7658 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC);7659 return MEMORY_E;7660 }7661 #endif7662 7663 err = mp_init_multi(rtmp, stmp, NULL, NULL, NULL, NULL);7664 if (err != MP_OKAY) {7665 #ifdef WOLFSSL_SMALL_STACK7666 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC);7667 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC);7668 #endif7669 return err;7670 }7671 7672 err = mp_read_unsigned_bin(rtmp, r, rSz);7673 if (err == MP_OKAY)7674 err = mp_read_unsigned_bin(stmp, s, sSz);7675 7676 8269 /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ 7677 if (err == MP_OKAY) 7678 err = StoreECC_DSA_Sig(out, outlen, rtmp, stmp); 7679 7680 if (err == MP_OKAY) { 7681 if (mp_iszero(rtmp) == MP_YES || mp_iszero(stmp) == MP_YES) 7682 err = MP_ZERO_E; 7683 } 7684 7685 mp_clear(rtmp); 7686 mp_clear(stmp); 7687 #ifdef WOLFSSL_SMALL_STACK 7688 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 7689 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 7690 #endif 7691 7692 return err; 8270 return StoreECC_DSA_Sig_Bin(out, outlen, r, rSz, s, sSz); 7693 8271 } 7694 8272 … … 7706 8284 byte* s, word32* sLen) 7707 8285 { 7708 int err;7709 int tmp_valid = 0;7710 word32 x = 0;7711 #ifdef WOLFSSL_SMALL_STACK7712 mp_int* rtmp = NULL;7713 mp_int* stmp = NULL;7714 #else7715 mp_int rtmp[1];7716 mp_int stmp[1];7717 #endif7718 7719 8286 if (sig == NULL || r == NULL || rLen == NULL || s == NULL || sLen == NULL) 7720 8287 return ECC_BAD_ARG_E; 7721 8288 7722 #ifdef WOLFSSL_SMALL_STACK 7723 rtmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 7724 if (rtmp == NULL) 7725 return MEMORY_E; 7726 stmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 7727 if (stmp == NULL) { 7728 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 7729 return MEMORY_E; 7730 } 7731 #endif 7732 7733 err = DecodeECC_DSA_Sig(sig, sigLen, rtmp, stmp); 7734 7735 /* rtmp and stmp are initialized */ 7736 if (err == MP_OKAY) { 7737 tmp_valid = 1; 7738 7739 /* extract r */ 7740 x = mp_unsigned_bin_size(rtmp); 7741 if (*rLen < x) 7742 err = BUFFER_E; 7743 } 7744 if (err == MP_OKAY) { 7745 *rLen = x; 7746 err = mp_to_unsigned_bin(rtmp, r); 7747 } 7748 7749 /* extract s */ 7750 if (err == MP_OKAY) { 7751 x = mp_unsigned_bin_size(stmp); 7752 if (*sLen < x) 7753 err = BUFFER_E; 7754 7755 if (err == MP_OKAY) { 7756 *sLen = x; 7757 err = mp_to_unsigned_bin(stmp, s); 7758 } 7759 } 7760 7761 if (tmp_valid) { 7762 mp_clear(rtmp); 7763 mp_clear(stmp); 7764 } 7765 #ifdef WOLFSSL_SMALL_STACK 7766 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 7767 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 7768 #endif 7769 7770 return err; 8289 return DecodeECC_DSA_Sig_Bin(sig, sigLen, r, rLen, s, sLen); 7771 8290 } 7772 8291 #endif /* !NO_ASN */ … … 7777 8296 { 7778 8297 int err = MP_OKAY; 7779 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) 8298 #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ 8299 !defined(WOLFSSL_ATECC608A) 7780 8300 const CRYS_ECPKI_Domain_t* pDomain; 7781 8301 CRYS_ECPKI_BUILD_TempData_t tempBuff; 7782 8302 byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; 8303 #endif 8304 8305 #if (defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ 8306 !defined(WOLFSSL_ATECC608A)) || \ 8307 defined(WOLFSSL_SILABS_SE_ACCEL) 7783 8308 word32 keySz = 0; 7784 8309 #endif 8310 7785 8311 /* if d is NULL, only import as public key using Qx,Qy */ 7786 8312 if (key == NULL || qx == NULL || qy == NULL) { … … 7820 8346 err = mp_read_unsigned_bin(key->pubkey.x, (const byte*)qx, 7821 8347 key->dp->size); 8348 8349 if (mp_iszero(key->pubkey.x)) { 8350 WOLFSSL_MSG("Invalid Qx"); 8351 err = BAD_FUNC_ARG; 8352 } 7822 8353 } 7823 8354 … … 7830 8361 key->dp->size); 7831 8362 8363 if (mp_iszero(key->pubkey.y)) { 8364 WOLFSSL_MSG("Invalid Qy"); 8365 err = BAD_FUNC_ARG; 8366 } 7832 8367 } 7833 8368 … … 7835 8370 err = mp_set(key->pubkey.z, 1); 7836 8371 7837 #if def WOLFSSL_ATECC508A8372 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 7838 8373 /* For SECP256R1 only save raw public key for hardware */ 7839 8374 if (err == MP_OKAY && curve_id == ECC_SECP256R1) { 7840 word32keySz = key->dp->size;8375 keySz = key->dp->size; 7841 8376 err = wc_export_int(key->pubkey.x, key->pubkey_raw, 7842 8377 &keySz, keySz, WC_TYPE_UNSIGNED_BIN); … … 7844 8379 err = wc_export_int(key->pubkey.y, &key->pubkey_raw[keySz], 7845 8380 &keySz, keySz, WC_TYPE_UNSIGNED_BIN); 8381 } 8382 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 8383 keySz = key->dp->size; 8384 if (err == MP_OKAY) { 8385 err = silabs_ecc_sig_to_rs(key, keySz); 7846 8386 } 7847 8387 #elif defined(WOLFSSL_CRYPTOCELL) … … 7877 8417 /* import private key */ 7878 8418 if (err == MP_OKAY) { 7879 if (d != NULL && d[0] != '\0') {7880 #if def WOLFSSL_ATECC508A8419 if (d != NULL) { 8420 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) 7881 8421 /* Hardware doesn't support loading private key */ 7882 8422 err = NOT_COMPILED_IN; 7883 8423 8424 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 8425 err = silabs_ecc_import_private_raw(key, keySz, d, encType); 8426 7884 8427 #elif defined(WOLFSSL_CRYPTOCELL) 7885 7886 8428 key->type = ECC_PRIVATEKEY; 7887 8429 … … 7918 8460 key->dp->size); 7919 8461 #endif /* WOLFSSL_ATECC508A */ 8462 if (mp_iszero(&key->k)) { 8463 WOLFSSL_MSG("Invalid private key"); 8464 return BAD_FUNC_ARG; 8465 } 7920 8466 } else { 7921 8467 key->type = ECC_PUBLICKEY; … … 8087 8633 8088 8634 8089 #if ndef WOLFSSL_SP_MATH8635 #if !defined(WOLFSSL_SP_MATH) 8090 8636 8091 8637 /** Our FP cache */ … … 8093 8639 ecc_point* g; /* cached COPY of base point */ 8094 8640 ecc_point* LUT[1U<<FP_LUT]; /* fixed point lookup */ 8641 int LUT_set; /* flag to determine if the LUT has been computed */ 8095 8642 mp_int mu; /* copy of the montgomery constant */ 8096 8643 int lru_count; /* amount of times this entry has been used */ … … 8666 9213 fp_cache[z].LUT[x] = NULL; 8667 9214 } 9215 fp_cache[z].LUT_set = 0; 8668 9216 fp_cache[z].lru_count = 0; 8669 9217 } … … 8723 9271 } 8724 9272 9273 fp_cache[idx].LUT_set = 0; 8725 9274 fp_cache[idx].lru_count = 0; 8726 9275 … … 8729 9278 #endif 8730 9279 8731 #if ndef WOLFSSL_SP_MATH9280 #if !defined(WOLFSSL_SP_MATH) 8732 9281 /* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart 8733 9282 * … … 8741 9290 unsigned x, y, bitlen, lut_gap; 8742 9291 mp_int tmp; 9292 int infinity; 8743 9293 8744 9294 if (mp_init(&tmp) != MP_OKAY) … … 8791 9341 /* now double it bitlen/FP_LUT times */ 8792 9342 for (y = 0; y < lut_gap; y++) { 8793 if ((err = ecc_projective_dbl_point (fp_cache[idx].LUT[1<<x],9343 if ((err = ecc_projective_dbl_point_safe(fp_cache[idx].LUT[1<<x], 8794 9344 fp_cache[idx].LUT[1<<x], a, modulus, mp)) != MP_OKAY) { 8795 9345 break; … … 8807 9357 8808 9358 /* perform the add */ 8809 if ((err = ecc_projective_add_point (9359 if ((err = ecc_projective_add_point_safe( 8810 9360 fp_cache[idx].LUT[lut_orders[y].terma], 8811 9361 fp_cache[idx].LUT[lut_orders[y].termb], 8812 fp_cache[idx].LUT[y], a, modulus, mp)) != MP_OKAY) { 9362 fp_cache[idx].LUT[y], a, modulus, mp, 9363 &infinity)) != MP_OKAY) { 8813 9364 break; 8814 9365 } … … 8854 9405 mp_clear(&tmp); 8855 9406 8856 if (err == MP_OKAY) 8857 return MP_OKAY; 9407 if (err == MP_OKAY) { 9408 fp_cache[idx].LUT_set = 1; 9409 return MP_OKAY; 9410 } 8858 9411 8859 9412 /* err cleanup */ … … 8864 9417 wc_ecc_del_point(fp_cache[idx].g); 8865 9418 fp_cache[idx].g = NULL; 9419 fp_cache[idx].LUT_set = 0; 8866 9420 fp_cache[idx].lru_count = 0; 8867 9421 mp_clear(&fp_cache[idx].mu); … … 8878 9432 #ifdef WOLFSSL_SMALL_STACK 8879 9433 unsigned char* kb = NULL; 9434 mp_int* tk = NULL; 9435 mp_int* order = NULL; 8880 9436 #else 8881 9437 unsigned char kb[KB_SIZE]; 9438 mp_int tk[1]; 9439 mp_int order[1]; 8882 9440 #endif 8883 9441 int x, err; 8884 unsigned y, z = 0, bitlen, bitpos, lut_gap, first; 8885 mp_int tk, order; 8886 8887 if (mp_init_multi(&tk, &order, NULL, NULL, NULL, NULL) != MP_OKAY) 8888 return MP_INIT_E; 9442 unsigned y, z = 0, bitlen, bitpos, lut_gap; 9443 int first; 9444 9445 #ifdef WOLFSSL_SMALL_STACK 9446 tk = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 9447 if (tk == NULL) { 9448 err = MEMORY_E; goto done; 9449 } 9450 order = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 9451 if (order == NULL) { 9452 err = MEMORY_E; goto done; 9453 } 9454 #endif 9455 9456 if (mp_init_multi(tk, order, NULL, NULL, NULL, NULL) != MP_OKAY) { 9457 err = MP_INIT_E; goto done; 9458 } 8889 9459 8890 9460 /* if it's smaller than modulus we fine */ … … 8899 9469 if (y == 66) --x; 8900 9470 8901 if ((err = mp_read_radix( &order, ecc_sets[x].order,9471 if ((err = mp_read_radix(order, ecc_sets[x].order, 8902 9472 MP_RADIX_HEX)) != MP_OKAY) { 8903 9473 goto done; … … 8905 9475 8906 9476 /* k must be less than modulus */ 8907 if (mp_cmp(k, &order) != MP_LT) {8908 if ((err = mp_mod(k, &order, &tk)) != MP_OKAY) {9477 if (mp_cmp(k, order) != MP_LT) { 9478 if ((err = mp_mod(k, order, tk)) != MP_OKAY) { 8909 9479 goto done; 8910 9480 } 8911 9481 } else { 8912 if ((err = mp_copy(k, &tk)) != MP_OKAY) {9482 if ((err = mp_copy(k, tk)) != MP_OKAY) { 8913 9483 goto done; 8914 9484 } 8915 9485 } 8916 9486 } else { 8917 if ((err = mp_copy(k, &tk)) != MP_OKAY) {9487 if ((err = mp_copy(k, tk)) != MP_OKAY) { 8918 9488 goto done; 8919 9489 } … … 8929 9499 8930 9500 /* get the k value */ 8931 if (mp_unsigned_bin_size( &tk) > (int)(KB_SIZE - 2)) {9501 if (mp_unsigned_bin_size(tk) > (int)(KB_SIZE - 2)) { 8932 9502 err = BUFFER_E; goto done; 8933 9503 } … … 8942 9512 8943 9513 XMEMSET(kb, 0, KB_SIZE); 8944 if ((err = mp_to_unsigned_bin( &tk, kb)) == MP_OKAY) {9514 if ((err = mp_to_unsigned_bin(tk, kb)) == MP_OKAY) { 8945 9515 /* let's reverse kb so it's little endian */ 8946 9516 x = 0; 8947 y = mp_unsigned_bin_size( &tk);9517 y = mp_unsigned_bin_size(tk); 8948 9518 if (y > 0) { 8949 9519 y -= 1; … … 8969 9539 /* double if not first */ 8970 9540 if (!first) { 8971 if ((err = ecc_projective_dbl_point (R, R, a, modulus,9541 if ((err = ecc_projective_dbl_point_safe(R, R, a, modulus, 8972 9542 mp)) != MP_OKAY) { 8973 9543 break; … … 8977 9547 /* add if not first, otherwise copy */ 8978 9548 if (!first && z) { 8979 if ((err = ecc_projective_add_point (R, fp_cache[idx].LUT[z], R, a,8980 modulus, mp)) != MP_OKAY) {9549 if ((err = ecc_projective_add_point_safe(R, fp_cache[idx].LUT[z], 9550 R, a, modulus, mp, &first)) != MP_OKAY) { 8981 9551 break; 8982 }8983 if (mp_iszero(R->z)) {8984 /* When all zero then should have done an add */8985 if (mp_iszero(R->x) && mp_iszero(R->y)) {8986 if ((err = ecc_projective_dbl_point(fp_cache[idx].LUT[z],8987 R, a, modulus, mp)) != MP_OKAY) {8988 break;8989 }8990 }8991 /* When only Z zero then result is infinity */8992 else {8993 err = mp_set(R->x, 0);8994 if (err != MP_OKAY) {8995 break;8996 }8997 err = mp_set(R->y, 0);8998 if (err != MP_OKAY) {8999 break;9000 }9001 err = mp_copy(&fp_cache[idx].mu, R->z);9002 if (err != MP_OKAY) {9003 break;9004 }9005 first = 1;9006 }9007 9552 } 9008 9553 } else if (z) { … … 9032 9577 done: 9033 9578 /* cleanup */ 9034 mp_clear( &order);9035 mp_clear( &tk);9579 mp_clear(order); 9580 mp_clear(tk); 9036 9581 9037 9582 #ifdef WOLFSSL_SMALL_STACK 9038 9583 XFREE(kb, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9584 XFREE(order, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9585 XFREE(tk, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9039 9586 #endif 9040 9587 … … 9046 9593 9047 9594 #ifdef ECC_SHAMIR 9048 #if ndef WOLFSSL_SP_MATH9595 #if !defined(WOLFSSL_SP_MATH) 9049 9596 /* perform a fixed point ECC mulmod */ 9050 9597 static int accel_fp_mul2add(int idx1, int idx2, … … 9057 9604 #ifdef WOLFSSL_SMALL_STACK 9058 9605 unsigned char* kb[2] = {NULL, NULL}; 9606 mp_int* tka = NULL; 9607 mp_int* tkb = NULL; 9608 mp_int* order = NULL; 9059 9609 #else 9060 9610 unsigned char kb[2][KB_SIZE]; 9611 mp_int tka[1]; 9612 mp_int tkb[1]; 9613 mp_int order[1]; 9061 9614 #endif 9062 9615 int x, err; 9063 unsigned y, z, bitlen, bitpos, lut_gap, first, zA, zB; 9064 mp_int tka, tkb, order; 9065 9066 if (mp_init_multi(&tka, &tkb, &order, NULL, NULL, NULL) != MP_OKAY) 9067 return MP_INIT_E; 9616 unsigned y, z, bitlen, bitpos, lut_gap, zA, zB; 9617 int first; 9618 9619 #ifdef WOLFSSL_SMALL_STACK 9620 tka = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 9621 if (tka == NULL) { 9622 err = MEMORY_E; goto done; 9623 } 9624 tkb = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 9625 if (tkb == NULL) { 9626 err = MEMORY_E; goto done; 9627 } 9628 order = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 9629 if (order == NULL) { 9630 err = MEMORY_E; goto done; 9631 } 9632 #endif 9633 9634 if (mp_init_multi(tka, tkb, order, NULL, NULL, NULL) != MP_OKAY) { 9635 err = MP_INIT_E; goto done; 9636 } 9068 9637 9069 9638 /* if it's smaller than modulus we fine */ … … 9078 9647 if (y == 66) --x; 9079 9648 9080 if ((err = mp_read_radix( &order, ecc_sets[x].order,9649 if ((err = mp_read_radix(order, ecc_sets[x].order, 9081 9650 MP_RADIX_HEX)) != MP_OKAY) { 9082 9651 goto done; … … 9084 9653 9085 9654 /* kA must be less than modulus */ 9086 if (mp_cmp(kA, &order) != MP_LT) {9087 if ((err = mp_mod(kA, &order, &tka)) != MP_OKAY) {9655 if (mp_cmp(kA, order) != MP_LT) { 9656 if ((err = mp_mod(kA, order, tka)) != MP_OKAY) { 9088 9657 goto done; 9089 9658 } 9090 9659 } else { 9091 if ((err = mp_copy(kA, &tka)) != MP_OKAY) {9660 if ((err = mp_copy(kA, tka)) != MP_OKAY) { 9092 9661 goto done; 9093 9662 } 9094 9663 } 9095 9664 } else { 9096 if ((err = mp_copy(kA, &tka)) != MP_OKAY) {9665 if ((err = mp_copy(kA, tka)) != MP_OKAY) { 9097 9666 goto done; 9098 9667 } … … 9110 9679 if (y == 66) --x; 9111 9680 9112 if ((err = mp_read_radix( &order, ecc_sets[x].order,9681 if ((err = mp_read_radix(order, ecc_sets[x].order, 9113 9682 MP_RADIX_HEX)) != MP_OKAY) { 9114 9683 goto done; … … 9116 9685 9117 9686 /* kB must be less than modulus */ 9118 if (mp_cmp(kB, &order) != MP_LT) {9119 if ((err = mp_mod(kB, &order, &tkb)) != MP_OKAY) {9687 if (mp_cmp(kB, order) != MP_LT) { 9688 if ((err = mp_mod(kB, order, tkb)) != MP_OKAY) { 9120 9689 goto done; 9121 9690 } 9122 9691 } else { 9123 if ((err = mp_copy(kB, &tkb)) != MP_OKAY) {9692 if ((err = mp_copy(kB, tkb)) != MP_OKAY) { 9124 9693 goto done; 9125 9694 } 9126 9695 } 9127 9696 } else { 9128 if ((err = mp_copy(kB, &tkb)) != MP_OKAY) {9697 if ((err = mp_copy(kB, tkb)) != MP_OKAY) { 9129 9698 goto done; 9130 9699 } … … 9140 9709 9141 9710 /* get the k value */ 9142 if ((mp_unsigned_bin_size( &tka) > (int)(KB_SIZE - 2)) ||9143 (mp_unsigned_bin_size( &tkb) > (int)(KB_SIZE - 2)) ) {9711 if ((mp_unsigned_bin_size(tka) > (int)(KB_SIZE - 2)) || 9712 (mp_unsigned_bin_size(tkb) > (int)(KB_SIZE - 2)) ) { 9144 9713 err = BUFFER_E; goto done; 9145 9714 } … … 9154 9723 9155 9724 XMEMSET(kb[0], 0, KB_SIZE); 9156 if ((err = mp_to_unsigned_bin( &tka, kb[0])) != MP_OKAY) {9725 if ((err = mp_to_unsigned_bin(tka, kb[0])) != MP_OKAY) { 9157 9726 goto done; 9158 9727 } … … 9160 9729 /* let's reverse kb so it's little endian */ 9161 9730 x = 0; 9162 y = mp_unsigned_bin_size( &tka);9731 y = mp_unsigned_bin_size(tka); 9163 9732 if (y > 0) { 9164 9733 y -= 1; 9165 9734 } 9166 mp_clear( &tka);9735 mp_clear(tka); 9167 9736 while ((unsigned)x < y) { 9168 9737 z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = (byte)z; … … 9179 9748 9180 9749 XMEMSET(kb[1], 0, KB_SIZE); 9181 if ((err = mp_to_unsigned_bin( &tkb, kb[1])) == MP_OKAY) {9750 if ((err = mp_to_unsigned_bin(tkb, kb[1])) == MP_OKAY) { 9182 9751 x = 0; 9183 y = mp_unsigned_bin_size( &tkb);9752 y = mp_unsigned_bin_size(tkb); 9184 9753 if (y > 0) { 9185 9754 y -= 1; … … 9206 9775 /* double if not first */ 9207 9776 if (!first) { 9208 if ((err = ecc_projective_dbl_point (R, R, a, modulus,9777 if ((err = ecc_projective_dbl_point_safe(R, R, a, modulus, 9209 9778 mp)) != MP_OKAY) { 9210 9779 break; … … 9213 9782 /* add if not first, otherwise copy */ 9214 9783 if (zA) { 9215 if ((err = ecc_projective_add_point(R, fp_cache[idx1].LUT[zA], 9216 R, a, modulus, mp)) != MP_OKAY) { 9784 if ((err = ecc_projective_add_point_safe(R, 9785 fp_cache[idx1].LUT[zA], R, a, 9786 modulus, mp, &first)) != MP_OKAY) { 9217 9787 break; 9218 9788 } 9219 if (mp_iszero(R->z)) {9220 /* When all zero then should have done an add */9221 if (mp_iszero(R->x) && mp_iszero(R->y)) {9222 if ((err = ecc_projective_dbl_point(9223 fp_cache[idx1].LUT[zA], R,9224 a, modulus, mp)) != MP_OKAY) {9225 break;9226 }9227 }9228 /* When only Z zero then result is infinity */9229 else {9230 err = mp_set(R->x, 0);9231 if (err != MP_OKAY) {9232 break;9233 }9234 err = mp_set(R->y, 0);9235 if (err != MP_OKAY) {9236 break;9237 }9238 err = mp_copy(&fp_cache[idx1].mu, R->z);9239 if (err != MP_OKAY) {9240 break;9241 }9242 first = 1;9243 }9244 }9245 9789 } 9246 9790 9247 9791 if (zB) { 9248 if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB], 9249 R, a, modulus, mp)) != MP_OKAY) { 9792 if ((err = ecc_projective_add_point_safe(R, 9793 fp_cache[idx2].LUT[zB], R, a, 9794 modulus, mp, &first)) != MP_OKAY) { 9250 9795 break; 9251 }9252 if (mp_iszero(R->z)) {9253 /* When all zero then should have done an add */9254 if (mp_iszero(R->x) && mp_iszero(R->y)) {9255 if ((err = ecc_projective_dbl_point(9256 fp_cache[idx2].LUT[zB], R,9257 a, modulus, mp)) != MP_OKAY) {9258 break;9259 }9260 }9261 /* When only Z zero then result is infinity */9262 else {9263 err = mp_set(R->x, 0);9264 if (err != MP_OKAY) {9265 break;9266 }9267 err = mp_set(R->y, 0);9268 if (err != MP_OKAY) {9269 break;9270 }9271 err = mp_copy(&fp_cache[idx2].mu, R->z);9272 if (err != MP_OKAY) {9273 break;9274 }9275 first = 1;9276 }9277 9796 } 9278 9797 } … … 9289 9808 if (zB && first == 0) { 9290 9809 if (zB) { 9291 if ((err = ecc_projective_add_point(R, 9292 fp_cache[idx2].LUT[zB], R, a, modulus, mp)) != MP_OKAY){ 9810 if ((err = ecc_projective_add_point_safe(R, 9811 fp_cache[idx2].LUT[zB], R, a, 9812 modulus, mp, &first)) != MP_OKAY){ 9293 9813 break; 9294 }9295 if (mp_iszero(R->z)) {9296 /* When all zero then should have done an add */9297 if (mp_iszero(R->x) && mp_iszero(R->y)) {9298 if ((err = ecc_projective_dbl_point(9299 fp_cache[idx2].LUT[zB], R,9300 a, modulus, mp)) != MP_OKAY) {9301 break;9302 }9303 }9304 /* When only Z zero then result is infinity */9305 else {9306 err = mp_set(R->x, 0);9307 if (err != MP_OKAY) {9308 break;9309 }9310 err = mp_set(R->y, 0);9311 if (err != MP_OKAY) {9312 break;9313 }9314 err = mp_copy(&fp_cache[idx2].mu, R->z);9315 if (err != MP_OKAY) {9316 break;9317 }9318 first = 1;9319 }9320 9814 } 9321 9815 } … … 9335 9829 done: 9336 9830 /* cleanup */ 9337 mp_clear( &tkb);9338 mp_clear( &tka);9339 mp_clear( &order);9831 mp_clear(tkb); 9832 mp_clear(tka); 9833 mp_clear(order); 9340 9834 9341 9835 #ifdef WOLFSSL_SMALL_STACK … … 9349 9843 9350 9844 #ifdef WOLFSSL_SMALL_STACK 9845 XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER); 9351 9846 XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER); 9352 XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER); 9847 XFREE(order, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9848 XFREE(tkb, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9849 XFREE(tka, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9353 9850 #endif 9354 9851 … … 9379 9876 int idx1 = -1, idx2 = -1, err, mpInit = 0; 9380 9877 mp_digit mp; 9381 mp_int mu; 9382 9383 err = mp_init(&mu); 9384 if (err != MP_OKAY) 9878 #ifdef WOLFSSL_SMALL_STACK 9879 mp_int *mu = (mp_int *)XMALLOC(sizeof *mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9880 9881 if (mu == NULL) 9882 return MP_MEM; 9883 #else 9884 mp_int mu[1]; 9885 #endif 9886 9887 err = mp_init(mu); 9888 if (err != MP_OKAY) { 9889 #ifdef WOLFSSL_SMALL_STACK 9890 XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9891 #endif 9385 9892 return err; 9893 } 9386 9894 9387 9895 #ifndef HAVE_THREAD_LS 9388 if (initMutex == 0) { 9896 if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ 9389 9897 wc_InitMutex(&ecc_fp_lock); 9390 9898 initMutex = 1; 9391 9899 } 9392 if (wc_LockMutex(&ecc_fp_lock) != 0) 9900 9901 if (wc_LockMutex(&ecc_fp_lock) != 0) { 9902 #ifdef WOLFSSL_SMALL_STACK 9903 XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9904 #endif 9393 9905 return BAD_MUTEX_E; 9906 } 9394 9907 #endif /* HAVE_THREAD_LS */ 9395 9908 … … 9427 9940 9428 9941 if (err == MP_OKAY) { 9429 /* if it's 2 build the LUT, if it's higher just usethe LUT */9430 if (idx1 >= 0 && fp_cache[idx1].lru_count == 2) {9942 /* if it's >= 2 AND the LUT is not set build the LUT */ 9943 if (idx1 >= 0 && fp_cache[idx1].lru_count >= 2 && !fp_cache[idx1].LUT_set) { 9431 9944 /* compute mp */ 9432 9945 err = mp_montgomery_setup(modulus, &mp); … … 9434 9947 if (err == MP_OKAY) { 9435 9948 mpInit = 1; 9436 err = mp_montgomery_calc_normalization( &mu, modulus);9949 err = mp_montgomery_calc_normalization(mu, modulus); 9437 9950 } 9438 9951 9439 9952 if (err == MP_OKAY) 9440 9953 /* build the LUT */ 9441 err = build_lut(idx1, a, modulus, mp, &mu);9954 err = build_lut(idx1, a, modulus, mp, mu); 9442 9955 } 9443 9956 } 9444 9957 9445 9958 if (err == MP_OKAY) { 9446 /* if it's 2 build the LUT, if it's higher just usethe LUT */9447 if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) {9959 /* if it's >= 2 AND the LUT is not set build the LUT */ 9960 if (idx2 >= 0 && fp_cache[idx2].lru_count >= 2 && !fp_cache[idx2].LUT_set) { 9448 9961 if (mpInit == 0) { 9449 9962 /* compute mp */ … … 9451 9964 if (err == MP_OKAY) { 9452 9965 mpInit = 1; 9453 err = mp_montgomery_calc_normalization( &mu, modulus);9966 err = mp_montgomery_calc_normalization(mu, modulus); 9454 9967 } 9455 9968 } 9456 9969 9457 9970 if (err == MP_OKAY) 9458 /* build the LUT */9459 err = build_lut(idx2, a, modulus, mp, &mu);9971 /* build the LUT */ 9972 err = build_lut(idx2, a, modulus, mp, mu); 9460 9973 } 9461 9974 } … … 9463 9976 9464 9977 if (err == MP_OKAY) { 9465 if (idx1 >=0 && idx2 >= 0 && fp_cache[idx1]. lru_count >= 2&&9466 fp_cache[idx2]. lru_count >= 2) {9978 if (idx1 >=0 && idx2 >= 0 && fp_cache[idx1].LUT_set && 9979 fp_cache[idx2].LUT_set) { 9467 9980 if (mpInit == 0) { 9468 9981 /* compute mp */ … … 9479 9992 wc_UnLockMutex(&ecc_fp_lock); 9480 9993 #endif /* HAVE_THREAD_LS */ 9481 mp_clear(&mu); 9994 mp_clear(mu); 9995 #ifdef WOLFSSL_SMALL_STACK 9996 XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); 9997 #endif 9482 9998 9483 9999 return err; … … 9499 10015 mp_int* modulus, int map, void* heap) 9500 10016 { 9501 #if ndef WOLFSSL_SP_MATH10017 #if !defined(WOLFSSL_SP_MATH) 9502 10018 int idx, err = MP_OKAY; 9503 10019 mp_digit mp; … … 9513 10029 9514 10030 #ifndef HAVE_THREAD_LS 9515 if (initMutex == 0) { 10031 if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ 9516 10032 wc_InitMutex(&ecc_fp_lock); 9517 10033 initMutex = 1; … … 9541 10057 if (err == MP_OKAY) { 9542 10058 /* if it's 2 build the LUT, if it's higher just use the LUT */ 9543 if (idx >= 0 && fp_cache[idx].lru_count == 2) {10059 if (idx >= 0 && fp_cache[idx].lru_count >= 2 && !fp_cache[idx].LUT_set) { 9544 10060 /* compute mp */ 9545 10061 err = mp_montgomery_setup(modulus, &mp); … … 9558 10074 9559 10075 if (err == MP_OKAY) { 9560 if (idx >= 0 && fp_cache[idx]. lru_count >= 2) {10076 if (idx >= 0 && fp_cache[idx].LUT_set) { 9561 10077 if (mpSetup == 0) { 9562 10078 /* compute mp */ … … 9566 10082 err = accel_fp_mul(idx, k, R, a, modulus, mp, map); 9567 10083 } else { 9568 err = normal_ecc_mulmod(k, G, R, a, modulus, map, heap);10084 err = normal_ecc_mulmod(k, G, R, a, modulus, NULL, map, heap); 9569 10085 } 9570 10086 } … … 9595 10111 } 9596 10112 9597 #ifndef WOLFSSL_SP_MATH 10113 /** ECC Fixed Point mulmod global 10114 k The multiplicand 10115 G Base point to multiply 10116 R [out] Destination of product 10117 a ECC curve parameter a 10118 modulus The modulus for the curve 10119 map [boolean] If non-zero maps the point back to affine coordinates, 10120 otherwise it's left in jacobian-montgomery form 10121 return MP_OKAY if successful 10122 */ 10123 int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, 10124 mp_int* modulus, mp_int* order, WC_RNG* rng, int map, void* heap) 10125 { 10126 #if !defined(WOLFSSL_SP_MATH) 10127 int idx, err = MP_OKAY; 10128 mp_digit mp; 10129 mp_int mu; 10130 int mpSetup = 0; 10131 10132 if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL || 10133 order == NULL) { 10134 return ECC_BAD_ARG_E; 10135 } 10136 10137 if (mp_init(&mu) != MP_OKAY) 10138 return MP_INIT_E; 10139 10140 /* k can't have more bits than order */ 10141 if (mp_count_bits(k) > mp_count_bits(order)) { 10142 return ECC_OUT_OF_RANGE_E; 10143 } 10144 10145 #ifndef HAVE_THREAD_LS 10146 if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ 10147 wc_InitMutex(&ecc_fp_lock); 10148 initMutex = 1; 10149 } 10150 10151 if (wc_LockMutex(&ecc_fp_lock) != 0) 10152 return BAD_MUTEX_E; 10153 #endif /* HAVE_THREAD_LS */ 10154 10155 /* find point */ 10156 idx = find_base(G); 10157 10158 /* no entry? */ 10159 if (idx == -1) { 10160 /* find hole and add it */ 10161 idx = find_hole(); 10162 10163 if (idx >= 0) 10164 err = add_entry(idx, G); 10165 } 10166 if (err == MP_OKAY && idx >= 0) { 10167 /* increment LRU */ 10168 ++(fp_cache[idx].lru_count); 10169 } 10170 10171 10172 if (err == MP_OKAY) { 10173 /* if it's 2 build the LUT, if it's higher just use the LUT */ 10174 if (idx >= 0 && fp_cache[idx].lru_count >= 2 && !fp_cache[idx].LUT_set) { 10175 /* compute mp */ 10176 err = mp_montgomery_setup(modulus, &mp); 10177 10178 if (err == MP_OKAY) { 10179 /* compute mu */ 10180 mpSetup = 1; 10181 err = mp_montgomery_calc_normalization(&mu, modulus); 10182 } 10183 10184 if (err == MP_OKAY) 10185 /* build the LUT */ 10186 err = build_lut(idx, a, modulus, mp, &mu); 10187 } 10188 } 10189 10190 if (err == MP_OKAY) { 10191 if (idx >= 0 && fp_cache[idx].LUT_set) { 10192 if (mpSetup == 0) { 10193 /* compute mp */ 10194 err = mp_montgomery_setup(modulus, &mp); 10195 } 10196 if (err == MP_OKAY) 10197 err = accel_fp_mul(idx, k, R, a, modulus, mp, map); 10198 } else { 10199 err = normal_ecc_mulmod(k, G, R, a, modulus, rng, map, heap); 10200 } 10201 } 10202 10203 #ifndef HAVE_THREAD_LS 10204 wc_UnLockMutex(&ecc_fp_lock); 10205 #endif /* HAVE_THREAD_LS */ 10206 mp_clear(&mu); 10207 10208 return err; 10209 #else 10210 (void)rng; 10211 10212 if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL || 10213 order == NULL) { 10214 return ECC_BAD_ARG_E; 10215 } 10216 10217 #ifndef WOLFSSL_SP_NO_256 10218 if (mp_count_bits(modulus) == 256) { 10219 return sp_ecc_mulmod_256(k, G, R, map, heap); 10220 } 10221 #endif 10222 #ifdef WOLFSSL_SP_384 10223 if (mp_count_bits(modulus) == 384) { 10224 return sp_ecc_mulmod_384(k, G, R, map, heap); 10225 } 10226 #endif 10227 return WC_KEY_SIZE_E; 10228 #endif 10229 } 10230 10231 #if !defined(WOLFSSL_SP_MATH) 9598 10232 /* helper function for freeing the cache ... 9599 10233 must be called with the cache mutex locked */ … … 9610 10244 fp_cache[x].g = NULL; 9611 10245 mp_clear(&fp_cache[x].mu); 10246 fp_cache[x].LUT_set = 0; 9612 10247 fp_cache[x].lru_count = 0; 9613 10248 fp_cache[x].lock = 0; … … 9617 10252 #endif 9618 10253 9619 /** Free the Fixed Point cache */ 9620 void wc_ecc_fp_free(void) 10254 10255 /** Init the Fixed Point cache */ 10256 void wc_ecc_fp_init(void) 9621 10257 { 9622 10258 #ifndef WOLFSSL_SP_MATH … … 9626 10262 initMutex = 1; 9627 10263 } 10264 #endif 10265 #endif 10266 } 10267 10268 10269 /** Free the Fixed Point cache */ 10270 void wc_ecc_fp_free(void) 10271 { 10272 #if !defined(WOLFSSL_SP_MATH) 10273 #ifndef HAVE_THREAD_LS 10274 if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ 10275 wc_InitMutex(&ecc_fp_lock); 10276 initMutex = 1; 10277 } 9628 10278 9629 10279 if (wc_LockMutex(&ecc_fp_lock) == 0) { … … 9643 10293 9644 10294 #endif /* FP_ECC */ 10295 10296 #ifdef ECC_TIMING_RESISTANT 10297 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng) 10298 { 10299 int err = 0; 10300 10301 if (key == NULL) { 10302 err = BAD_FUNC_ARG; 10303 } 10304 else { 10305 key->rng = rng; 10306 } 10307 10308 return err; 10309 } 10310 #endif 9645 10311 9646 10312 #ifdef HAVE_ECC_ENCRYPT … … 9682 10348 byte cliSt; /* protocol state, for sanity checks */ 9683 10349 byte srvSt; /* protocol state, for sanity checks */ 10350 WC_RNG* rng; 9684 10351 }; 9685 10352 … … 9779 10446 9780 10447 9781 static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags , WC_RNG* rng)10448 static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags) 9782 10449 { 9783 10450 byte* saltBuffer = NULL; 9784 10451 9785 if (ctx == NULL || rng == NULL ||flags == 0)10452 if (ctx == NULL || flags == 0) 9786 10453 return BAD_FUNC_ARG; 9787 10454 9788 10455 saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt; 9789 10456 9790 return wc_RNG_GenerateBlock( rng, saltBuffer, EXCHANGE_SALT_SZ);9791 } 9792 9793 9794 static void ecc_ctx_init(ecEncCtx* ctx, int flags )10457 return wc_RNG_GenerateBlock(ctx->rng, saltBuffer, EXCHANGE_SALT_SZ); 10458 } 10459 10460 10461 static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng) 9795 10462 { 9796 10463 if (ctx) { … … 9801 10468 ctx->macAlgo = ecHMAC_SHA256; 9802 10469 ctx->protocol = (byte)flags; 10470 ctx->rng = rng; 9803 10471 9804 10472 if (flags == REQ_RESP_CLIENT) … … 9816 10484 return BAD_FUNC_ARG; 9817 10485 9818 ecc_ctx_init(ctx, ctx->protocol );9819 return ecc_ctx_set_salt(ctx, ctx->protocol , rng);10486 ecc_ctx_init(ctx, ctx->protocol, rng); 10487 return ecc_ctx_set_salt(ctx, ctx->protocol); 9820 10488 } 9821 10489 … … 9921 10589 9922 10590 if (ctx == NULL) { /* use defaults */ 9923 ecc_ctx_init(&localCtx, 0 );10591 ecc_ctx_init(&localCtx, 0, NULL); 9924 10592 ctx = &localCtx; 9925 10593 } … … 9954 10622 if (*outSz < (msgSz + digestSz)) 9955 10623 return BUFFER_E; 10624 10625 #ifdef ECC_TIMING_RESISTANT 10626 if (ctx->rng != NULL && privKey->rng == NULL) 10627 privKey->rng = ctx->rng; 10628 #endif 9956 10629 9957 10630 #ifdef WOLFSSL_SMALL_STACK … … 9997 10670 case ecAES_128_CBC: 9998 10671 { 9999 Aes aes; 10000 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 10672 #ifdef WOLFSSL_SMALL_STACK 10673 Aes *aes = (Aes *)XMALLOC(sizeof *aes, NULL, 10674 DYNAMIC_TYPE_AES); 10675 if (aes == NULL) { 10676 ret = MEMORY_E; 10677 break; 10678 } 10679 #else 10680 Aes aes[1]; 10681 #endif 10682 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 10001 10683 if (ret == 0) { 10002 ret = wc_AesSetKey( &aes, encKey, KEY_SIZE_128, encIv,10684 ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, 10003 10685 AES_ENCRYPTION); 10004 10686 if (ret == 0) { 10005 ret = wc_AesCbcEncrypt( &aes, out, msg, msgSz);10687 ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); 10006 10688 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) 10007 ret = wc_AsyncWait(ret, &aes .asyncDev,10689 ret = wc_AsyncWait(ret, &aes->asyncDev, 10008 10690 WC_ASYNC_FLAG_NONE); 10009 10691 #endif 10010 10692 } 10011 wc_AesFree( &aes);10693 wc_AesFree(aes); 10012 10694 } 10695 #ifdef WOLFSSL_SMALL_STACK 10696 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 10697 #endif 10013 10698 if (ret != 0) 10014 10699 break; … … 10026 10711 case ecHMAC_SHA256: 10027 10712 { 10028 Hmac hmac; 10029 ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); 10713 #ifdef WOLFSSL_SMALL_STACK 10714 Hmac *hmac = (Hmac *)XMALLOC(sizeof *hmac, NULL, 10715 DYNAMIC_TYPE_HMAC); 10716 if (hmac == NULL) { 10717 ret = MEMORY_E; 10718 break; 10719 } 10720 #else 10721 Hmac hmac[1]; 10722 #endif 10723 ret = wc_HmacInit(hmac, NULL, INVALID_DEVID); 10030 10724 if (ret == 0) { 10031 ret = wc_HmacSetKey( &hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);10725 ret = wc_HmacSetKey(hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE); 10032 10726 if (ret == 0) 10033 ret = wc_HmacUpdate( &hmac, out, msgSz);10727 ret = wc_HmacUpdate(hmac, out, msgSz); 10034 10728 if (ret == 0) 10035 ret = wc_HmacUpdate( &hmac, ctx->macSalt, ctx->macSaltSz);10729 ret = wc_HmacUpdate(hmac, ctx->macSalt, ctx->macSaltSz); 10036 10730 if (ret == 0) 10037 ret = wc_HmacFinal( &hmac, out+msgSz);10038 wc_HmacFree( &hmac);10731 ret = wc_HmacFinal(hmac, out+msgSz); 10732 wc_HmacFree(hmac); 10039 10733 } 10734 #ifdef WOLFSSL_SMALL_STACK 10735 XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC); 10736 #endif 10040 10737 } 10041 10738 break; … … 10090 10787 10091 10788 if (ctx == NULL) { /* use defaults */ 10092 ecc_ctx_init(&localCtx, 0 );10789 ecc_ctx_init(&localCtx, 0, NULL); 10093 10790 ctx = &localCtx; 10094 10791 } … … 10123 10820 if (*outSz < (msgSz - digestSz)) 10124 10821 return BUFFER_E; 10822 10823 #ifdef ECC_TIMING_RESISTANT 10824 if (ctx->rng != NULL && privKey->rng == NULL) 10825 privKey->rng = ctx->rng; 10826 #endif 10125 10827 10126 10828 #ifdef WOLFSSL_SMALL_STACK … … 10167 10869 { 10168 10870 byte verify[WC_SHA256_DIGEST_SIZE]; 10169 Hmac hmac; 10170 10171 ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); 10871 #ifdef WOLFSSL_SMALL_STACK 10872 Hmac *hmac = (Hmac *)XMALLOC(sizeof *hmac, NULL, DYNAMIC_TYPE_HMAC); 10873 if (hmac == NULL) { 10874 ret = MEMORY_E; 10875 break; 10876 } 10877 #else 10878 Hmac hmac[1]; 10879 #endif 10880 ret = wc_HmacInit(hmac, NULL, INVALID_DEVID); 10172 10881 if (ret == 0) { 10173 ret = wc_HmacSetKey( &hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE);10882 ret = wc_HmacSetKey(hmac, WC_SHA256, macKey, WC_SHA256_DIGEST_SIZE); 10174 10883 if (ret == 0) 10175 ret = wc_HmacUpdate( &hmac, msg, msgSz-digestSz);10884 ret = wc_HmacUpdate(hmac, msg, msgSz-digestSz); 10176 10885 if (ret == 0) 10177 ret = wc_HmacUpdate( &hmac, ctx->macSalt, ctx->macSaltSz);10886 ret = wc_HmacUpdate(hmac, ctx->macSalt, ctx->macSaltSz); 10178 10887 if (ret == 0) 10179 ret = wc_HmacFinal( &hmac, verify);10888 ret = wc_HmacFinal(hmac, verify); 10180 10889 if (ret == 0) { 10181 10890 if (XMEMCMP(verify, msg + msgSz - digestSz, digestSz) != 0) … … 10183 10892 } 10184 10893 10185 wc_HmacFree( &hmac);10894 wc_HmacFree(hmac); 10186 10895 } 10896 #ifdef WOLFSSL_SMALL_STACK 10897 XFREE(hmac, NULL, DYNAMIC_TYPE_HMAC); 10898 #endif 10187 10899 break; 10188 10900 } … … 10199 10911 case ecAES_128_CBC: 10200 10912 { 10201 Aes aes; 10202 ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv, 10913 #ifdef WOLFSSL_SMALL_STACK 10914 Aes *aes = (Aes *)XMALLOC(sizeof *aes, NULL, 10915 DYNAMIC_TYPE_AES); 10916 if (aes == NULL) { 10917 ret = MEMORY_E; 10918 break; 10919 } 10920 #else 10921 Aes aes[1]; 10922 #endif 10923 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 10924 if (ret == 0) { 10925 ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, 10203 10926 AES_DECRYPTION); 10927 if (ret == 0) { 10928 ret = wc_AesCbcDecrypt(aes, out, msg, 10929 msgSz-digestSz); 10930 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) 10931 ret = wc_AsyncWait(ret, &aes->asyncDev, 10932 WC_ASYNC_FLAG_NONE); 10933 #endif 10934 } 10935 wc_AesFree(aes); 10936 } 10937 #ifdef WOLFSSL_SMALL_STACK 10938 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 10939 #endif 10204 10940 if (ret != 0) 10205 break; 10206 ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); 10207 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) 10208 ret = wc_AsyncWait(ret, &aes.asyncDev, WC_ASYNC_FLAG_NONE); 10209 #endif 10941 break; 10210 10942 } 10211 10943 break; … … 10233 10965 10234 10966 #ifdef HAVE_COMP_KEY 10235 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) 10967 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ 10968 !defined(WOLFSSL_CRYPTOCELL) 10236 10969 10237 10970 #ifndef WOLFSSL_SP_MATH 10238 int do_mp_jacobi(mp_int* a, mp_int* n, int* c);10239 10240 int do_mp_jacobi(mp_int* a, mp_int* n, int* c)10241 {10242 int k, s, res;10243 int r = 0; /* initialize to help static analysis out */10244 mp_digit residue;10245 10246 /* if a < 0 return MP_VAL */10247 if (mp_isneg(a) == MP_YES) {10248 return MP_VAL;10249 }10250 10251 /* if n <= 0 return MP_VAL */10252 if (mp_cmp_d(n, 0) != MP_GT) {10253 return MP_VAL;10254 }10255 10256 /* step 1. handle case of a == 0 */10257 if (mp_iszero (a) == MP_YES) {10258 /* special case of a == 0 and n == 1 */10259 if (mp_cmp_d (n, 1) == MP_EQ) {10260 *c = 1;10261 } else {10262 *c = 0;10263 }10264 return MP_OKAY;10265 }10266 10267 /* step 2. if a == 1, return 1 */10268 if (mp_cmp_d (a, 1) == MP_EQ) {10269 *c = 1;10270 return MP_OKAY;10271 }10272 10273 /* default */10274 s = 0;10275 10276 /* divide out larger power of two */10277 k = mp_cnt_lsb(a);10278 res = mp_div_2d(a, k, a, NULL);10279 10280 if (res == MP_OKAY) {10281 /* step 4. if e is even set s=1 */10282 if ((k & 1) == 0) {10283 s = 1;10284 } else {10285 /* else set s=1 if p = 1/7 (mod 8) or s=-1 if p = 3/5 (mod 8) */10286 residue = n->dp[0] & 7;10287 10288 if (residue == 1 || residue == 7) {10289 s = 1;10290 } else if (residue == 3 || residue == 5) {10291 s = -1;10292 }10293 }10294 10295 /* step 5. if p == 3 (mod 4) *and* a == 3 (mod 4) then s = -s */10296 if ( ((n->dp[0] & 3) == 3) && ((a->dp[0] & 3) == 3)) {10297 s = -s;10298 }10299 }10300 10301 if (res == MP_OKAY) {10302 /* if a == 1 we're done */10303 if (mp_cmp_d(a, 1) == MP_EQ) {10304 *c = s;10305 } else {10306 /* n1 = n mod a */10307 res = mp_mod (n, a, n);10308 if (res == MP_OKAY)10309 res = do_mp_jacobi(n, a, &r);10310 10311 if (res == MP_OKAY)10312 *c = s * r;10313 }10314 }10315 10316 return res;10317 }10318 10319 10320 10971 /* computes the jacobi c = (a | n) (or Legendre if n is prime) 10321 * HAC pp. 73 Algorithm 2.14910322 * HAC is wrong here, as the special case of (0 | 1) is not10323 * handled correctly.10324 10972 */ 10325 10973 int mp_jacobi(mp_int* a, mp_int* n, int* c) … … 10327 10975 mp_int a1, n1; 10328 10976 int res; 10329 10330 /* step 3. write a = a1 * 2**k */ 10977 int s = 1; 10978 int k; 10979 mp_int* t[2]; 10980 mp_int* ts; 10981 mp_digit residue; 10982 10983 if (mp_isneg(a) == MP_YES) { 10984 return MP_VAL; 10985 } 10986 if (mp_isneg(n) == MP_YES) { 10987 return MP_VAL; 10988 } 10989 if (mp_iseven(n) == MP_YES) { 10990 return MP_VAL; 10991 } 10992 10331 10993 if ((res = mp_init_multi(&a1, &n1, NULL, NULL, NULL, NULL)) != MP_OKAY) { 10332 10994 return res; 10333 10995 } 10334 10996 10335 if ((res = mp_ copy(a, &a1)) != MP_OKAY) {10997 if ((res = mp_mod(a, n, &a1)) != MP_OKAY) { 10336 10998 goto done; 10337 10999 } … … 10341 11003 } 10342 11004 10343 res = do_mp_jacobi(&a1, &n1, c); 11005 t[0] = &a1; 11006 t[1] = &n1; 11007 11008 /* Keep reducing until first number is 0. */ 11009 while (!mp_iszero(t[0])) { 11010 /* Divide by 2 until odd. */ 11011 k = mp_cnt_lsb(t[0]); 11012 if (k > 0) { 11013 mp_rshb(t[0], k); 11014 11015 /* Negate s each time we divide by 2 if t[1] mod 8 == 3 or 5. 11016 * Odd number of divides results in a negate. 11017 */ 11018 residue = t[1]->dp[0] & 7; 11019 if ((k & 1) && ((residue == 3) || (residue == 5))) { 11020 s = -s; 11021 } 11022 } 11023 11024 /* Swap t[0] and t[1]. */ 11025 ts = t[0]; 11026 t[0] = t[1]; 11027 t[1] = ts; 11028 11029 /* Negate s if both numbers == 3 mod 4. */ 11030 if (((t[0]->dp[0] & 3) == 3) && ((t[1]->dp[0] & 3) == 3)) { 11031 s = -s; 11032 } 11033 11034 /* Reduce first number modulo second. */ 11035 if ((k == 0) && (mp_count_bits(t[0]) == mp_count_bits(t[1]))) { 11036 res = mp_sub(t[0], t[1], t[0]); 11037 } 11038 else { 11039 res = mp_mod(t[0], t[1], t[0]); 11040 } 11041 if (res != MP_OKAY) { 11042 goto done; 11043 } 11044 } 11045 11046 /* When the two numbers have divisors in common. */ 11047 if (!mp_isone(t[1])) { 11048 s = 0; 11049 } 11050 *c = s; 10344 11051 10345 11052 done: … … 10377 11084 #else 10378 11085 int res, legendre, done = 0; 10379 mp_int t1, C, Q, S, Z, M, T, R, two;10380 11086 mp_digit i; 11087 #ifdef WOLFSSL_SMALL_STACK 11088 mp_int *t1 = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11089 mp_int *C = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11090 mp_int *Q = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11091 mp_int *S = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11092 mp_int *Z = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11093 mp_int *M = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11094 mp_int *T = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11095 mp_int *R = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11096 mp_int *two = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER); 11097 #else 11098 mp_int t1[1], C[1], Q[1], S[1], Z[1], M[1], T[1], R[1], two[1]; 11099 #endif 11100 11101 if ((mp_init_multi(t1, C, Q, S, Z, M) != MP_OKAY) || 11102 (mp_init_multi(T, R, two, NULL, NULL, NULL) != MP_OKAY)) { 11103 res = MP_INIT_E; 11104 goto out; 11105 } 11106 11107 #ifdef WOLFSSL_SMALL_STACK 11108 if ((t1 == NULL) || 11109 (C == NULL) || 11110 (Q == NULL) || 11111 (S == NULL) || 11112 (Z == NULL) || 11113 (M == NULL) || 11114 (T == NULL) || 11115 (R == NULL) || 11116 (two == NULL)) { 11117 res = MP_MEM; 11118 goto out; 11119 } 11120 #endif 10381 11121 10382 11122 /* first handle the simple cases n = 0 or n = 1 */ 10383 11123 if (mp_cmp_d(n, 0) == MP_EQ) { 10384 11124 mp_zero(ret); 10385 return MP_OKAY; 11125 res = MP_OKAY; 11126 goto out; 10386 11127 } 10387 11128 if (mp_cmp_d(n, 1) == MP_EQ) { 10388 return mp_set(ret, 1); 11129 res = mp_set(ret, 1); 11130 goto out; 10389 11131 } 10390 11132 10391 11133 /* prime must be odd */ 10392 11134 if (mp_cmp_d(prime, 2) == MP_EQ) { 10393 return MP_VAL; 11135 res = MP_VAL; 11136 goto out; 10394 11137 } 10395 11138 10396 11139 /* is quadratic non-residue mod prime */ 10397 11140 if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) { 10398 return res;11141 goto out; 10399 11142 } 10400 11143 if (legendre == -1) { 10401 return MP_VAL; 10402 } 10403 10404 if ((res = mp_init_multi(&t1, &C, &Q, &S, &Z, &M)) != MP_OKAY) 10405 return res; 10406 10407 if ((res = mp_init_multi(&T, &R, &two, NULL, NULL, NULL)) 10408 != MP_OKAY) { 10409 mp_clear(&t1); mp_clear(&C); mp_clear(&Q); mp_clear(&S); mp_clear(&Z); 10410 mp_clear(&M); 10411 return res; 11144 res = MP_VAL; 11145 goto out; 10412 11146 } 10413 11147 … … 10418 11152 res = mp_mod_d(prime, 4, &i); 10419 11153 if (res == MP_OKAY && i == 3) { 10420 res = mp_add_d(prime, 1, &t1);11154 res = mp_add_d(prime, 1, t1); 10421 11155 10422 11156 if (res == MP_OKAY) 10423 res = mp_div_2( &t1, &t1);11157 res = mp_div_2(t1, t1); 10424 11158 if (res == MP_OKAY) 10425 res = mp_div_2( &t1, &t1);11159 res = mp_div_2(t1, t1); 10426 11160 if (res == MP_OKAY) 10427 res = mp_exptmod(n, &t1, prime, ret);11161 res = mp_exptmod(n, t1, prime, ret); 10428 11162 10429 11163 done = 1; … … 10436 11170 * as: prime-1 = Q*2^S */ 10437 11171 /* Q = prime - 1 */ 10438 res = mp_copy(prime, &Q);11172 res = mp_copy(prime, Q); 10439 11173 if (res == MP_OKAY) 10440 res = mp_sub_d( &Q, 1, &Q);11174 res = mp_sub_d(Q, 1, Q); 10441 11175 10442 11176 /* S = 0 */ 10443 11177 if (res == MP_OKAY) 10444 mp_zero( &S);10445 10446 while (res == MP_OKAY && mp_iseven( &Q) == MP_YES) {11178 mp_zero(S); 11179 11180 while (res == MP_OKAY && mp_iseven(Q) == MP_YES) { 10447 11181 /* Q = Q / 2 */ 10448 res = mp_div_2( &Q, &Q);11182 res = mp_div_2(Q, Q); 10449 11183 10450 11184 /* S = S + 1 */ 10451 11185 if (res == MP_OKAY) 10452 res = mp_add_d( &S, 1, &S);11186 res = mp_add_d(S, 1, S); 10453 11187 } 10454 11188 … … 10456 11190 /* Z = 2 */ 10457 11191 if (res == MP_OKAY) 10458 res = mp_set_int( &Z, 2);11192 res = mp_set_int(Z, 2); 10459 11193 10460 11194 while (res == MP_OKAY) { 10461 res = mp_jacobi( &Z, prime, &legendre);11195 res = mp_jacobi(Z, prime, &legendre); 10462 11196 if (res == MP_OKAY && legendre == -1) 10463 11197 break; … … 10465 11199 /* Z = Z + 1 */ 10466 11200 if (res == MP_OKAY) 10467 res = mp_add_d( &Z, 1, &Z);11201 res = mp_add_d(Z, 1, Z); 10468 11202 } 10469 11203 10470 11204 /* C = Z ^ Q mod prime */ 10471 11205 if (res == MP_OKAY) 10472 res = mp_exptmod( &Z, &Q, prime, &C);11206 res = mp_exptmod(Z, Q, prime, C); 10473 11207 10474 11208 /* t1 = (Q + 1) / 2 */ 10475 11209 if (res == MP_OKAY) 10476 res = mp_add_d( &Q, 1, &t1);11210 res = mp_add_d(Q, 1, t1); 10477 11211 if (res == MP_OKAY) 10478 res = mp_div_2( &t1, &t1);11212 res = mp_div_2(t1, t1); 10479 11213 10480 11214 /* R = n ^ ((Q + 1) / 2) mod prime */ 10481 11215 if (res == MP_OKAY) 10482 res = mp_exptmod(n, &t1, prime, &R);11216 res = mp_exptmod(n, t1, prime, R); 10483 11217 10484 11218 /* T = n ^ Q mod prime */ 10485 11219 if (res == MP_OKAY) 10486 res = mp_exptmod(n, &Q, prime, &T);11220 res = mp_exptmod(n, Q, prime, T); 10487 11221 10488 11222 /* M = S */ 10489 11223 if (res == MP_OKAY) 10490 res = mp_copy( &S, &M);11224 res = mp_copy(S, M); 10491 11225 10492 11226 if (res == MP_OKAY) 10493 res = mp_set_int( &two, 2);11227 res = mp_set_int(two, 2); 10494 11228 10495 11229 while (res == MP_OKAY && done == 0) { 10496 res = mp_copy( &T, &t1);11230 res = mp_copy(T, t1); 10497 11231 10498 11232 /* reduce to 1 and count */ 10499 11233 i = 0; 10500 11234 while (res == MP_OKAY) { 10501 if (mp_cmp_d( &t1, 1) == MP_EQ)11235 if (mp_cmp_d(t1, 1) == MP_EQ) 10502 11236 break; 10503 res = mp_exptmod( &t1, &two, prime, &t1);11237 res = mp_exptmod(t1, two, prime, t1); 10504 11238 if (res == MP_OKAY) 10505 11239 i++; 10506 11240 } 10507 11241 if (res == MP_OKAY && i == 0) { 10508 res = mp_copy( &R, ret);11242 res = mp_copy(R, ret); 10509 11243 done = 1; 10510 11244 } … … 10513 11247 /* t1 = 2 ^ (M - i - 1) */ 10514 11248 if (res == MP_OKAY) 10515 res = mp_sub_d( &M, i, &t1);11249 res = mp_sub_d(M, i, t1); 10516 11250 if (res == MP_OKAY) 10517 res = mp_sub_d( &t1, 1, &t1);11251 res = mp_sub_d(t1, 1, t1); 10518 11252 if (res == MP_OKAY) 10519 res = mp_exptmod( &two, &t1, prime, &t1);11253 res = mp_exptmod(two, t1, prime, t1); 10520 11254 10521 11255 /* t1 = C ^ (2 ^ (M - i - 1)) mod prime */ 10522 11256 if (res == MP_OKAY) 10523 res = mp_exptmod( &C, &t1, prime, &t1);11257 res = mp_exptmod(C, t1, prime, t1); 10524 11258 10525 11259 /* C = (t1 * t1) mod prime */ 10526 11260 if (res == MP_OKAY) 10527 res = mp_sqrmod( &t1, prime, &C);11261 res = mp_sqrmod(t1, prime, C); 10528 11262 10529 11263 /* R = (R * t1) mod prime */ 10530 11264 if (res == MP_OKAY) 10531 res = mp_mulmod( &R, &t1, prime, &R);11265 res = mp_mulmod(R, t1, prime, R); 10532 11266 10533 11267 /* T = (T * C) mod prime */ 10534 11268 if (res == MP_OKAY) 10535 res = mp_mulmod( &T, &C, prime, &T);11269 res = mp_mulmod(T, C, prime, T); 10536 11270 10537 11271 /* M = i */ 10538 11272 if (res == MP_OKAY) 10539 res = mp_set( &M, i);11273 res = mp_set(M, i); 10540 11274 } 10541 11275 } 10542 11276 } 10543 11277 10544 /* done */ 10545 mp_clear(&t1); 10546 mp_clear(&C); 10547 mp_clear(&Q); 10548 mp_clear(&S); 10549 mp_clear(&Z); 10550 mp_clear(&M); 10551 mp_clear(&T); 10552 mp_clear(&R); 10553 mp_clear(&two); 11278 out: 11279 11280 #ifdef WOLFSSL_SMALL_STACK 11281 if (t1) { 11282 if (res != MP_INIT_E) 11283 mp_clear(t1); 11284 XFREE(t1, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11285 } 11286 if (C) { 11287 if (res != MP_INIT_E) 11288 mp_clear(C); 11289 XFREE(C, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11290 } 11291 if (Q) { 11292 if (res != MP_INIT_E) 11293 mp_clear(Q); 11294 XFREE(Q, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11295 } 11296 if (S) { 11297 if (res != MP_INIT_E) 11298 mp_clear(S); 11299 XFREE(S, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11300 } 11301 if (Z) { 11302 if (res != MP_INIT_E) 11303 mp_clear(Z); 11304 XFREE(Z, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11305 } 11306 if (M) { 11307 if (res != MP_INIT_E) 11308 mp_clear(M); 11309 XFREE(M, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11310 } 11311 if (T) { 11312 if (res != MP_INIT_E) 11313 mp_clear(T); 11314 XFREE(T, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11315 } 11316 if (R) { 11317 if (res != MP_INIT_E) 11318 mp_clear(R); 11319 XFREE(R, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11320 } 11321 if (two) { 11322 if (res != MP_INIT_E) 11323 mp_clear(two); 11324 XFREE(two, NULL, DYNAMIC_TYPE_ECC_BUFFER); 11325 } 11326 #else 11327 if (res != MP_INIT_E) { 11328 mp_clear(t1); 11329 mp_clear(C); 11330 mp_clear(Q); 11331 mp_clear(S); 11332 mp_clear(Z); 11333 mp_clear(M); 11334 mp_clear(T); 11335 mp_clear(R); 11336 mp_clear(two); 11337 } 11338 #endif 10554 11339 10555 11340 return res; … … 10569 11354 return BAD_FUNC_ARG; 10570 11355 10571 if (wc_ecc_is_valid_idx(key->idx) == 0) { 10572 return ECC_BAD_ARG_E; 10573 } 11356 if (key->type == ECC_PRIVATEKEY_ONLY) 11357 return ECC_PRIVATEONLY_E; 11358 11359 if (key->type == 0 || 11360 wc_ecc_is_valid_idx(key->idx) == 0 || 11361 key->dp == NULL) { 11362 return ECC_BAD_ARG_E; 11363 } 11364 10574 11365 numlen = key->dp->size; 10575 11366 … … 10759 11550 #endif /* HAVE_X963_KDF */ 10760 11551 11552 #ifdef WC_ECC_NONBLOCK 11553 /* Enable ECC support for non-blocking operations */ 11554 int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx) 11555 { 11556 if (key) { 11557 if (ctx) { 11558 XMEMSET(ctx, 0, sizeof(ecc_nb_ctx_t)); 11559 } 11560 key->nb_ctx = ctx; 11561 } 11562 return 0; 11563 } 11564 #endif /* WC_ECC_NONBLOCK */ 11565 10761 11566 #endif /* HAVE_ECC */ -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/error.c
r457 r464 513 513 return "PSS - Salt length unable to be recovered"; 514 514 515 case CHACHA_POLY_OVERFLOW: 516 return "wolfcrypt - ChaCha20_Poly1305 limit overflow 4GB"; 517 515 518 case ASN_SELF_SIGNED_E: 516 519 return "ASN self-signed certificate error"; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/evp.c
r457 r464 20 20 */ 21 21 22 23 #ifdef HAVE_CONFIG_H 24 #include <config.h> 25 #endif 26 27 #include <wolfssl/wolfcrypt/settings.h> 28 22 29 #if !defined(WOLFSSL_EVP_INCLUDED) 23 30 #ifndef WOLFSSL_IGNORE_FILE_WARN … … 27 34 #else 28 35 29 #ifdef HAVE_CONFIG_H 30 #include <config.h> 31 #endif 32 33 #include <wolfssl/wolfcrypt/settings.h> 36 #if defined(OPENSSL_EXTRA) 37 38 #if !defined(HAVE_PKCS7) && \ 39 ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ 40 (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) 41 #include <wolfssl/wolfcrypt/aes.h> 42 #endif 43 34 44 35 45 #include <wolfssl/openssl/ecdsa.h> 36 46 #include <wolfssl/openssl/evp.h> 37 38 #if defined(OPENSSL_EXTRA)39 47 40 48 #ifndef NO_AES 41 49 #ifdef HAVE_AES_CBC 42 50 #ifdef WOLFSSL_AES_128 43 static c har *EVP_AES_128_CBC = NULL;51 static const char EVP_AES_128_CBC[] = "AES-128-CBC"; 44 52 #endif 45 53 #ifdef WOLFSSL_AES_192 46 static c har *EVP_AES_192_CBC = NULL;54 static const char EVP_AES_192_CBC[] = "AES-192-CBC"; 47 55 #endif 48 56 #ifdef WOLFSSL_AES_256 49 static c har *EVP_AES_256_CBC = NULL;57 static const char EVP_AES_256_CBC[] = "AES-256-CBC"; 50 58 #endif 51 59 #endif /* HAVE_AES_CBC */ … … 53 61 #ifdef WOLFSSL_AES_OFB 54 62 #ifdef WOLFSSL_AES_128 55 static c har *EVP_AES_128_OFB = NULL;63 static const char EVP_AES_128_OFB[] = "AES-128-OFB"; 56 64 #endif 57 65 #ifdef WOLFSSL_AES_192 58 static c har *EVP_AES_192_OFB = NULL;66 static const char EVP_AES_192_OFB[] = "AES-192-OFB"; 59 67 #endif 60 68 #ifdef WOLFSSL_AES_256 61 static c har *EVP_AES_256_OFB = NULL;69 static const char EVP_AES_256_OFB[] = "AES-256-OFB"; 62 70 #endif 63 71 #endif /* WOLFSSL_AES_OFB */ … … 65 73 #ifdef WOLFSSL_AES_XTS 66 74 #ifdef WOLFSSL_AES_128 67 static c har *EVP_AES_128_XTS = NULL;75 static const char EVP_AES_128_XTS[] = "AES-128-XTS"; 68 76 #endif 69 77 #ifdef WOLFSSL_AES_256 70 static c har *EVP_AES_256_XTS = NULL;78 static const char EVP_AES_256_XTS[] = "AES-256-XTS"; 71 79 #endif 72 80 #endif /* WOLFSSL_AES_XTS */ … … 74 82 #ifdef WOLFSSL_AES_CFB 75 83 #ifdef WOLFSSL_AES_128 76 static c har *EVP_AES_128_CFB1 = NULL;84 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; 77 85 #endif 78 86 #ifdef WOLFSSL_AES_192 79 static c har *EVP_AES_192_CFB1 = NULL;87 static const char EVP_AES_192_CFB1[] = "AES-192-CFB1"; 80 88 #endif 81 89 #ifdef WOLFSSL_AES_256 82 static c har *EVP_AES_256_CFB1 = NULL;90 static const char EVP_AES_256_CFB1[] = "AES-256-CFB1"; 83 91 #endif 84 92 85 93 #ifdef WOLFSSL_AES_128 86 static c har *EVP_AES_128_CFB8 = NULL;94 static const char EVP_AES_128_CFB8[] = "AES-128-CFB8"; 87 95 #endif 88 96 #ifdef WOLFSSL_AES_192 89 static c har *EVP_AES_192_CFB8 = NULL;97 static const char EVP_AES_192_CFB8[] = "AES-192-CFB8"; 90 98 #endif 91 99 #ifdef WOLFSSL_AES_256 92 static c har *EVP_AES_256_CFB8 = NULL;100 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; 93 101 #endif 94 102 95 103 #ifdef WOLFSSL_AES_128 96 static c har *EVP_AES_128_CFB128 = NULL;104 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; 97 105 #endif 98 106 #ifdef WOLFSSL_AES_192 99 static c har *EVP_AES_192_CFB128 = NULL;107 static const char EVP_AES_192_CFB128[] = "AES-192-CFB128"; 100 108 #endif 101 109 #ifdef WOLFSSL_AES_256 102 static c har *EVP_AES_256_CFB128 = NULL;110 static const char EVP_AES_256_CFB128[] = "AES-256-CFB128"; 103 111 #endif 104 112 #endif /* WOLFSSL_AES_CFB */ … … 106 114 #ifdef HAVE_AESGCM 107 115 #ifdef WOLFSSL_AES_128 108 static c har *EVP_AES_128_GCM = NULL;116 static const char EVP_AES_128_GCM[] = "AES-128-GCM"; 109 117 #endif 110 118 #ifdef WOLFSSL_AES_192 111 static c har *EVP_AES_192_GCM = NULL;119 static const char EVP_AES_192_GCM[] = "AES-192-GCM"; 112 120 #endif 113 121 #ifdef WOLFSSL_AES_256 114 static c har *EVP_AES_256_GCM = NULL;122 static const char EVP_AES_256_GCM[] = "AES-256-GCM"; 115 123 #endif 116 124 #endif /* HAVE_AESGCM */ 125 126 #ifdef WOLFSSL_AES_COUNTER 117 127 #ifdef WOLFSSL_AES_128 118 static c har *EVP_AES_128_CTR = NULL;128 static const char EVP_AES_128_CTR[] = "AES-128-CTR"; 119 129 #endif 120 130 #ifdef WOLFSSL_AES_192 121 static c har *EVP_AES_192_CTR = NULL;131 static const char EVP_AES_192_CTR[] = "AES-192-CTR"; 122 132 #endif 123 133 #ifdef WOLFSSL_AES_256 124 static char *EVP_AES_256_CTR = NULL; 125 #endif 126 134 static const char EVP_AES_256_CTR[] = "AES-256-CTR"; 135 #endif 136 #endif 137 138 #ifdef HAVE_AES_ECB 127 139 #ifdef WOLFSSL_AES_128 128 static c har *EVP_AES_128_ECB = NULL;140 static const char EVP_AES_128_ECB[] = "AES-128-ECB"; 129 141 #endif 130 142 #ifdef WOLFSSL_AES_192 131 static c har *EVP_AES_192_ECB = NULL;143 static const char EVP_AES_192_ECB[] = "AES-192-ECB"; 132 144 #endif 133 145 #ifdef WOLFSSL_AES_256 134 static char *EVP_AES_256_ECB = NULL; 146 static const char EVP_AES_256_ECB[] = "AES-256-ECB"; 147 #endif 135 148 #endif 136 149 #define EVP_AES_SIZE 11 … … 141 154 142 155 #ifndef NO_DES3 143 static c har *EVP_DES_CBC = NULL;144 static c har *EVP_DES_ECB = NULL;145 146 static c har *EVP_DES_EDE3_CBC = NULL;147 static c har *EVP_DES_EDE3_ECB = NULL;156 static const char EVP_DES_CBC[] = "DES-CBC"; 157 static const char EVP_DES_ECB[] = "DES-ECB"; 158 159 static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC"; 160 static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB"; 148 161 149 162 #define EVP_DES_SIZE 7 … … 152 165 153 166 #ifdef HAVE_IDEA 154 static c har *EVP_IDEA_CBC;167 static const char EVP_IDEA_CBC[] = "IDEA-CBC"; 155 168 #define EVP_IDEA_SIZE 8 156 169 #endif 170 171 #ifndef NO_RC4 172 static const char EVP_ARC4[] = "ARC4"; 173 #define EVP_ARC4_SIZE 4 174 #endif 175 176 static const char EVP_NULL[] = "NULL"; 177 #define EVP_NULL_SIZE 4 178 157 179 158 180 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); … … 200 222 #endif 201 223 #if defined(WOLFSSL_AES_XTS) 202 case AES_128_XTS_TYPE: return 16; 203 case AES_256_XTS_TYPE: return 32; 224 /* Two keys for XTS. */ 225 case AES_128_XTS_TYPE: return 16 * 2; 226 case AES_256_XTS_TYPE: return 32 * 2; 204 227 #endif 205 228 #if defined(HAVE_AESGCM) … … 418 441 break; 419 442 #endif 420 #if defined(HAVE_AESGCM)421 case AES_128_GCM_TYPE:422 case AES_192_GCM_TYPE:423 case AES_256_GCM_TYPE:424 if (ctx->enc) {425 if (out){426 /* encrypt confidential data*/427 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, in, inl,428 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,429 NULL, 0);430 }431 else {432 /* authenticated, non-confidential data */433 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0,434 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,435 in, inl);436 /* Reset partial authTag error for AAD*/437 if (ret == AES_GCM_AUTH_E)438 ret = 0;439 }440 }441 else {442 if (out){443 /* decrypt confidential data*/444 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, in, inl,445 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,446 NULL, 0);447 }448 else {449 /* authenticated, non-confidential data*/450 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0,451 ctx->iv, ctx->ivSz,452 ctx->authTag, ctx->authTagSz,453 in, inl);454 /* Reset partial authTag error for AAD*/455 if (ret == AES_GCM_AUTH_E)456 ret = 0;457 }458 }459 break;460 #endif461 443 #if defined(WOLFSSL_AES_COUNTER) 462 444 case AES_128_CTR_TYPE: … … 572 554 573 555 #if defined(HAVE_AESGCM) 556 static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, 557 const unsigned char *in, int inl) { 558 if (in && inl > 0) { 559 byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, 560 ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); 561 if (tmp) { 562 ctx->gcmAuthIn = tmp; 563 XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); 564 ctx->gcmAuthInSz += inl; 565 } 566 else { 567 WOLFSSL_MSG("realloc error"); 568 return MEMORY_E; 569 } 570 } 571 return 0; 572 } 573 574 574 static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, 575 575 unsigned char *out, int *outl, 576 576 const unsigned char *in, int inl) 577 577 { 578 /* process blocks */ 579 if (evpCipherBlock(ctx, out, in, inl) == 0) 578 int ret = 0; 579 580 *outl = inl; 581 if (out) { 582 /* Buffer input for one-shot API */ 583 if (inl > 0) { 584 byte* tmp; 585 tmp = (byte*)XREALLOC(ctx->gcmBuffer, 586 ctx->gcmBufferLen + inl, NULL, 587 DYNAMIC_TYPE_OPENSSL); 588 if (tmp) { 589 XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); 590 ctx->gcmBufferLen += inl; 591 ctx->gcmBuffer = tmp; 592 *outl = 0; 593 } 594 else { 595 ret = MEMORY_E; 596 } 597 } 598 } 599 else { 600 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, in, inl); 601 } 602 603 if (ret != 0) { 604 *outl = 0; 580 605 return WOLFSSL_FAILURE; 581 *outl = inl; 606 } 607 582 608 return WOLFSSL_SUCCESS; 583 609 } … … 599 625 600 626 *outl = 0; 601 if (inl == 0) {602 return WOLFSSL_SUCCESS;603 }604 627 605 628 #if !defined(NO_AES) && defined(HAVE_AESGCM) … … 620 643 } 621 644 622 645 /* if(inl == 0)wolfSSL_EVP_CipherUpdate_GCM to get tag */ 646 if (inl == 0) { 647 return WOLFSSL_SUCCESS; 648 } 623 649 if (ctx->bufUsed > 0) { /* concatenate them if there is anything */ 624 650 fill = fillBuff(ctx, in, inl); … … 740 766 741 767 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); 742 768 switch (ctx->cipherType) { 743 769 #if !defined(NO_AES) && defined(HAVE_AESGCM) 744 switch (ctx->cipherType) { 745 case AES_128_GCM_TYPE: 746 case AES_192_GCM_TYPE: 747 case AES_256_GCM_TYPE: 770 case AES_128_GCM_TYPE: 771 case AES_192_GCM_TYPE: 772 case AES_256_GCM_TYPE: 773 if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) 774 || (ctx->gcmBufferLen == 0)) { 775 if (ctx->enc) 776 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, 777 ctx->gcmBuffer, ctx->gcmBufferLen, 778 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 779 ctx->gcmAuthIn, ctx->gcmAuthInSz); 780 else 781 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, 782 ctx->gcmBuffer, ctx->gcmBufferLen, 783 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 784 ctx->gcmAuthIn, ctx->gcmAuthInSz); 785 786 if (ret == 0) { 787 ret = WOLFSSL_SUCCESS; 788 *outl = ctx->gcmBufferLen; 789 } 790 else { 791 ret = WOLFSSL_FAILURE; 792 *outl = 0; 793 } 794 795 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); 796 ctx->gcmBuffer = NULL; 797 ctx->gcmBufferLen = 0; 798 } 799 else { 748 800 *outl = 0; 749 /* Clear IV, since IV reuse is not recommended for AES GCM. */ 750 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); 751 return WOLFSSL_SUCCESS; 752 default: 753 /* fall-through */ 754 break; 755 } 801 } 802 /* Clear IV, since IV reuse is not recommended for AES GCM. */ 803 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); 804 break; 756 805 #endif /* !NO_AES && HAVE_AESGCM */ 757 758 if (!out) 759 return WOLFSSL_FAILURE; 760 761 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { 762 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; 763 *outl = 0; 764 } 765 else if (ctx->enc) { 766 if (ctx->block_size == 1) { 767 *outl = 0; 768 } 769 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { 770 padBlock(ctx); 771 PRINT_BUF(ctx->buf, ctx->block_size); 772 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) { 773 WOLFSSL_MSG("Final Cipher Block failed"); 774 ret = WOLFSSL_FAILURE; 806 default: 807 if (!out) 808 return WOLFSSL_FAILURE; 809 810 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { 811 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; 812 *outl = 0; 813 } 814 else if (ctx->enc) { 815 if (ctx->block_size == 1) { 816 *outl = 0; 817 } 818 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { 819 padBlock(ctx); 820 PRINT_BUF(ctx->buf, ctx->block_size); 821 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) { 822 WOLFSSL_MSG("Final Cipher Block failed"); 823 ret = WOLFSSL_FAILURE; 824 } 825 else { 826 PRINT_BUF(out, ctx->block_size); 827 *outl = ctx->block_size; 828 } 829 } 775 830 } 776 831 else { 777 PRINT_BUF(out, ctx->block_size); 778 *outl = ctx->block_size; 779 } 780 } 781 } 782 else { 783 if (ctx->block_size == 1) { 784 *outl = 0; 785 } 786 else if ((ctx->bufUsed % ctx->block_size) != 0) { 787 *outl = 0; 788 /* not enough padding for decrypt */ 789 WOLFSSL_MSG("Final Cipher Block not enough padding"); 790 ret = WOLFSSL_FAILURE; 791 } 792 else if (ctx->lastUsed) { 793 PRINT_BUF(ctx->lastBlock, ctx->block_size); 794 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { 795 XMEMCPY(out, ctx->lastBlock, fl); 796 *outl = fl; 797 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 798 /* return error in cases where the block length is incorrect */ 799 WOLFSSL_MSG("Final Cipher Block bad length"); 832 if (ctx->block_size == 1) { 833 *outl = 0; 834 } 835 else if ((ctx->bufUsed % ctx->block_size) != 0) { 836 *outl = 0; 837 /* not enough padding for decrypt */ 838 WOLFSSL_MSG("Final Cipher Block not enough padding"); 800 839 ret = WOLFSSL_FAILURE; 801 840 } 802 } 803 else { 804 ret = WOLFSSL_FAILURE; 805 } 806 } 807 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 808 /* return error in cases where the block length is incorrect */ 809 ret = WOLFSSL_FAILURE; 810 } 811 } 841 else if (ctx->lastUsed) { 842 PRINT_BUF(ctx->lastBlock, ctx->block_size); 843 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { 844 XMEMCPY(out, ctx->lastBlock, fl); 845 *outl = fl; 846 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 847 /* return error in cases where the block length is 848 * incorrect */ 849 WOLFSSL_MSG("Final Cipher Block bad length"); 850 ret = WOLFSSL_FAILURE; 851 } 852 } 853 else { 854 ret = WOLFSSL_FAILURE; 855 } 856 } 857 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 858 /* return error in cases where the block length is 859 * incorrect */ 860 ret = WOLFSSL_FAILURE; 861 } 862 } 863 break; 864 } 865 812 866 if (ret == WOLFSSL_SUCCESS) { 813 867 /* reset cipher state after final */ 814 wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);868 ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1); 815 869 } 816 870 return ret; … … 867 921 #endif 868 922 869 870 923 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) 871 924 { … … 931 984 if (cipher == NULL) return 0; /* dummy for #ifdef */ 932 985 #ifndef NO_DES3 933 else if ( EVP_DES_CBC &&XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0)986 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) 934 987 return DES_CBC_TYPE; 935 else if ( EVP_DES_EDE3_CBC &&XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)988 else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) 936 989 return DES_EDE3_CBC_TYPE; 937 990 #if !defined(NO_DES3) 938 else if ( EVP_DES_ECB &&XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0)991 else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) 939 992 return DES_ECB_TYPE; 940 else if ( EVP_DES_EDE3_ECB &&XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)993 else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) 941 994 return DES_EDE3_ECB_TYPE; 942 995 #endif /* NO_DES3 && HAVE_AES_ECB */ … … 945 998 #if defined(HAVE_AES_CBC) 946 999 #ifdef WOLFSSL_AES_128 947 else if ( EVP_AES_128_CBC &&XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)1000 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) 948 1001 return AES_128_CBC_TYPE; 949 1002 #endif 950 1003 #ifdef WOLFSSL_AES_192 951 else if ( EVP_AES_192_CBC &&XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)1004 else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) 952 1005 return AES_192_CBC_TYPE; 953 1006 #endif 954 1007 #ifdef WOLFSSL_AES_256 955 else if ( EVP_AES_256_CBC &&XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)1008 else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) 956 1009 return AES_256_CBC_TYPE; 957 1010 #endif … … 959 1012 #if defined(HAVE_AESGCM) 960 1013 #ifdef WOLFSSL_AES_128 961 else if ( EVP_AES_128_GCM &&XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)1014 else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) 962 1015 return AES_128_GCM_TYPE; 963 1016 #endif 964 1017 #ifdef WOLFSSL_AES_192 965 else if ( EVP_AES_192_GCM &&XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)1018 else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) 966 1019 return AES_192_GCM_TYPE; 967 1020 #endif 968 1021 #ifdef WOLFSSL_AES_256 969 else if ( EVP_AES_256_GCM &&XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)1022 else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) 970 1023 return AES_256_GCM_TYPE; 971 1024 #endif … … 973 1026 #if defined(WOLFSSL_AES_COUNTER) 974 1027 #ifdef WOLFSSL_AES_128 975 else if ( EVP_AES_128_CTR &&XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)1028 else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) 976 1029 return AES_128_CTR_TYPE; 977 1030 #endif 978 1031 #ifdef WOLFSSL_AES_192 979 else if ( EVP_AES_192_CTR &&XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)1032 else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) 980 1033 return AES_192_CTR_TYPE; 981 1034 #endif 982 1035 #ifdef WOLFSSL_AES_256 983 else if ( EVP_AES_256_CTR &&XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)1036 else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) 984 1037 return AES_256_CTR_TYPE; 985 1038 #endif … … 987 1040 #if defined(HAVE_AES_ECB) 988 1041 #ifdef WOLFSSL_AES_128 989 else if ( EVP_AES_128_ECB &&XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)1042 else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) 990 1043 return AES_128_ECB_TYPE; 991 1044 #endif 992 1045 #ifdef WOLFSSL_AES_192 993 else if ( EVP_AES_192_ECB &&XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)1046 else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) 994 1047 return AES_192_ECB_TYPE; 995 1048 #endif 996 1049 #ifdef WOLFSSL_AES_256 997 else if ( EVP_AES_256_ECB &&XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)1050 else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) 998 1051 return AES_256_ECB_TYPE; 999 1052 #endif … … 1001 1054 #if defined(WOLFSSL_AES_XTS) 1002 1055 #ifdef WOLFSSL_AES_128 1003 else if ( EVP_AES_128_XTS &&XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)1056 else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) 1004 1057 return AES_128_XTS_TYPE; 1005 1058 #endif 1006 1059 #ifdef WOLFSSL_AES_256 1007 else if ( EVP_AES_256_XTS &&XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)1060 else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) 1008 1061 return AES_256_XTS_TYPE; 1009 1062 #endif … … 1011 1064 #if defined(WOLFSSL_AES_CFB) 1012 1065 #ifdef WOLFSSL_AES_128 1013 else if ( EVP_AES_128_CFB1 &&XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)1066 else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) 1014 1067 return AES_128_CFB1_TYPE; 1015 1068 #endif 1016 1069 #ifdef WOLFSSL_AES_192 1017 else if ( EVP_AES_192_CFB1 &&XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)1070 else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) 1018 1071 return AES_192_CFB1_TYPE; 1019 1072 #endif 1020 1073 #ifdef WOLFSSL_AES_256 1021 else if ( EVP_AES_256_CFB1 &&XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)1074 else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) 1022 1075 return AES_256_CFB1_TYPE; 1023 1076 #endif 1024 1077 #ifdef WOLFSSL_AES_128 1025 else if ( EVP_AES_128_CFB8 &&XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)1078 else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) 1026 1079 return AES_128_CFB8_TYPE; 1027 1080 #endif 1028 1081 #ifdef WOLFSSL_AES_192 1029 else if ( EVP_AES_192_CFB8 &&XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)1082 else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) 1030 1083 return AES_192_CFB8_TYPE; 1031 1084 #endif 1032 1085 #ifdef WOLFSSL_AES_256 1033 else if ( EVP_AES_256_CFB8 &&XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)1086 else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) 1034 1087 return AES_256_CFB8_TYPE; 1035 1088 #endif 1036 1089 #ifdef WOLFSSL_AES_128 1037 else if ( EVP_AES_128_CFB128 &&XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)1090 else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) 1038 1091 return AES_128_CFB128_TYPE; 1039 1092 #endif 1040 1093 #ifdef WOLFSSL_AES_192 1041 else if ( EVP_AES_192_CFB128 &&XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)1094 else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) 1042 1095 return AES_192_CFB128_TYPE; 1043 1096 #endif 1044 1097 #ifdef WOLFSSL_AES_256 1045 else if ( EVP_AES_256_CFB128 &&XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)1098 else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) 1046 1099 return AES_256_CFB128_TYPE; 1047 1100 #endif 1048 1101 #endif /*HAVE_AES_CBC */ 1102 #if defined(WOLFSSL_AES_OFB) 1103 #ifdef WOLFSSL_AES_128 1104 else if (XSTRNCMP(cipher, EVP_AES_128_OFB, EVP_AES_SIZE) == 0) 1105 return AES_128_OFB_TYPE; 1106 #endif 1107 #ifdef WOLFSSL_AES_192 1108 else if (XSTRNCMP(cipher, EVP_AES_192_OFB, EVP_AES_SIZE) == 0) 1109 return AES_192_OFB_TYPE; 1110 #endif 1111 #ifdef WOLFSSL_AES_256 1112 else if (XSTRNCMP(cipher, EVP_AES_256_OFB, EVP_AES_SIZE) == 0) 1113 return AES_256_OFB_TYPE; 1114 #endif 1115 #endif 1049 1116 #endif /* !NO_AES */ 1117 1118 #ifndef NO_RC4 1119 else if (XSTRNCMP(cipher, EVP_ARC4, EVP_ARC4_SIZE) == 0) 1120 return ARC4_TYPE; 1121 #endif 1050 1122 else return 0; 1051 1123 } … … 1066 1138 case AES_192_GCM_TYPE: 1067 1139 case AES_256_GCM_TYPE: 1068 return AES_BLOCK_SIZE;1140 return 1; 1069 1141 #endif 1070 1142 #if defined(WOLFSSL_AES_COUNTER) … … 1072 1144 case AES_192_CTR_TYPE: 1073 1145 case AES_256_CTR_TYPE: 1074 return AES_BLOCK_SIZE;1146 return 1; 1075 1147 #endif 1076 1148 #if defined(HAVE_AES_ECB) … … 1080 1152 return AES_BLOCK_SIZE; 1081 1153 #endif 1154 #if defined(WOLFSSL_AES_CFB) 1155 case AES_128_CFB1_TYPE: 1156 case AES_192_CFB1_TYPE: 1157 case AES_256_CFB1_TYPE: 1158 case AES_128_CFB8_TYPE: 1159 case AES_192_CFB8_TYPE: 1160 case AES_256_CFB8_TYPE: 1161 case AES_128_CFB128_TYPE: 1162 case AES_192_CFB128_TYPE: 1163 case AES_256_CFB128_TYPE: 1164 return 1; 1165 #endif 1166 #if defined(WOLFSSL_AES_OFB) 1167 case AES_128_OFB_TYPE: 1168 case AES_192_OFB_TYPE: 1169 case AES_256_OFB_TYPE: 1170 return 1; 1171 #endif 1172 #if defined(WOLFSSL_AES_XTS) 1173 case AES_128_XTS_TYPE: 1174 case AES_256_XTS_TYPE: 1175 return 1; 1176 #endif 1082 1177 #endif /* NO_AES */ 1083 #ifndef NO_DES3 1178 1179 #ifndef NO_RC4 1180 case ARC4_TYPE: 1181 return 1; 1182 #endif 1183 1184 #ifndef NO_DES3 1084 1185 case DES_CBC_TYPE: return 8; 1085 1186 case DES_EDE3_CBC_TYPE: return 8; 1086 1187 case DES_ECB_TYPE: return 8; 1087 1188 case DES_EDE3_ECB_TYPE: return 8; 1088 1189 #endif 1089 1190 default: 1090 1191 return 0; … … 1106 1207 case AES_192_GCM_TYPE: 1107 1208 case AES_256_GCM_TYPE: 1108 return WOLFSSL_EVP_CIPH_GCM_MODE; 1209 return WOLFSSL_EVP_CIPH_GCM_MODE & 1210 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 1109 1211 #endif 1110 1212 #if defined(WOLFSSL_AES_COUNTER) … … 1114 1216 return WOLFSSL_EVP_CIPH_CTR_MODE; 1115 1217 #endif 1218 #if defined(WOLFSSL_AES_CFB) 1219 case AES_128_CFB1_TYPE: 1220 case AES_192_CFB1_TYPE: 1221 case AES_256_CFB1_TYPE: 1222 case AES_128_CFB8_TYPE: 1223 case AES_192_CFB8_TYPE: 1224 case AES_256_CFB8_TYPE: 1225 case AES_128_CFB128_TYPE: 1226 case AES_192_CFB128_TYPE: 1227 case AES_256_CFB128_TYPE: 1228 return WOLFSSL_EVP_CIPH_CFB_MODE; 1229 #endif 1230 #if defined(WOLFSSL_AES_OFB) 1231 case AES_128_OFB_TYPE: 1232 case AES_192_OFB_TYPE: 1233 case AES_256_OFB_TYPE: 1234 return WOLFSSL_EVP_CIPH_OFB_MODE; 1235 #endif 1236 #if defined(WOLFSSL_AES_XTS) 1237 case AES_128_XTS_TYPE: 1238 case AES_256_XTS_TYPE: 1239 return WOLFSSL_EVP_CIPH_XTS_MODE; 1240 #endif 1116 1241 case AES_128_ECB_TYPE: 1117 1242 case AES_192_ECB_TYPE: 1118 1243 case AES_256_ECB_TYPE: 1119 1244 return WOLFSSL_EVP_CIPH_ECB_MODE; 1120 #endif /* NO_A SE*/1245 #endif /* NO_AES */ 1121 1246 #ifndef NO_DES3 1122 1247 case DES_CBC_TYPE: … … 1209 1334 { 1210 1335 WOLFSSL_EVP_PKEY_CTX* ctx; 1211 int type = NID_undef;1212 1336 1213 1337 if (pkey == NULL) return 0; … … 1223 1347 ctx->padding = RSA_PKCS1_PADDING; 1224 1348 #endif 1225 type = wolfSSL_EVP_PKEY_type(pkey->type); 1226 1227 if (type != NID_undef) { 1228 if (wc_LockMutex(&pkey->refMutex) != 0) { 1229 WOLFSSL_MSG("Couldn't lock pkey mutex"); 1230 } 1231 pkey->references++; 1232 1233 wc_UnLockMutex(&pkey->refMutex); 1349 if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) { 1350 WOLFSSL_MSG("Couldn't increase key reference count"); 1234 1351 } 1235 1352 return ctx; … … 1264 1381 pkey->type = id; 1265 1382 ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 1266 if (ctx == NULL) { 1267 wolfSSL_EVP_PKEY_free(pkey); 1268 } 1383 /* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need 1384 * to always call wolfSSL_EVP_PKEY_free (either to free it if an 1385 * error occured in the previous function or to decrease the reference 1386 * count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free 1387 * is called) */ 1388 wolfSSL_EVP_PKEY_free(pkey); 1269 1389 } 1270 1390 return ctx; … … 1311 1431 } 1312 1432 1433 #ifndef NO_WOLFSSL_STUB 1434 int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx, 1435 const char *name, const char *value) 1436 { 1437 WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str"); 1438 (void)ctx; 1439 (void)name; 1440 (void)value; 1441 return WOLFSSL_FAILURE; 1442 } 1443 #endif /* NO_WOLFSSL_STUB */ 1444 1313 1445 #if !defined(NO_DH) && defined(HAVE_ECC) 1446 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2)) 1314 1447 int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) 1315 1448 { … … 1336 1469 return WOLFSSL_FAILURE; 1337 1470 } 1471 /* computed DH agreement can be less than DH size if leading zeros */ 1338 1472 if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key, 1339 ctx->pkey->dh) != len) {1473 ctx->pkey->dh) <= 0) { 1340 1474 return WOLFSSL_FAILURE; 1341 1475 } … … 1368 1502 if (key) { 1369 1503 word32 len32 = (word32)len; 1504 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1505 && (!defined(HAVE_FIPS) || \ 1506 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1507 1508 WC_RNG rng; 1509 if (wc_InitRng(&rng) != MP_OKAY) { 1510 WOLFSSL_MSG("Init RNG failed"); 1511 return WOLFSSL_FAILURE; 1512 } 1513 ((ecc_key*)ctx->pkey->ecc->internal)->rng = &rng; 1514 #endif 1370 1515 if (*keylen < len32) { 1371 1516 WOLFSSL_MSG("buffer too short"); 1517 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1518 && (!defined(HAVE_FIPS) || \ 1519 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1520 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1521 wc_FreeRng(&rng); 1522 #endif 1372 1523 return WOLFSSL_FAILURE; 1373 1524 } … … 1376 1527 key, &len32) != MP_OKAY) { 1377 1528 WOLFSSL_MSG("wc_ecc_shared_secret failed"); 1529 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1530 && (!defined(HAVE_FIPS) || \ 1531 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1532 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1533 wc_FreeRng(&rng); 1534 #endif 1378 1535 return WOLFSSL_FAILURE; 1379 1536 } 1537 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1538 && (!defined(HAVE_FIPS) || \ 1539 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1540 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1541 wc_FreeRng(&rng); 1542 #endif 1380 1543 len = (int)len32; 1381 1544 } … … 1389 1552 return WOLFSSL_SUCCESS; 1390 1553 } 1391 #endif 1554 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 1555 #endif /* !NO_DH || HAVE_ECC */ 1392 1556 1393 1557 /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. … … 1720 1884 } 1721 1885 1886 1887 int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, 1888 const WOLFSSL_EVP_PKEY *from) 1889 { 1890 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters"); 1891 1892 if (!to || !from) { 1893 WOLFSSL_MSG("Bad parameter"); 1894 return WOLFSSL_FAILURE; 1895 } 1896 1897 if (to->type == EVP_PKEY_NONE) { 1898 to->type = from->type; 1899 } 1900 else if (to->type != from->type) { 1901 WOLFSSL_MSG("Different key types"); 1902 return WOLFSSL_FAILURE; 1903 } 1904 1905 switch(from->type) { 1906 #ifdef HAVE_ECC 1907 case EVP_PKEY_EC: 1908 if (from->ecc) { 1909 if (!to->ecc && !(to->ecc = wolfSSL_EC_KEY_new())) { 1910 WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); 1911 return WOLFSSL_FAILURE; 1912 } 1913 to->ownEcc = 1; 1914 to->ecc->group->curve_idx = from->ecc->group->curve_idx; 1915 to->ecc->group->curve_nid = from->ecc->group->curve_nid; 1916 to->ecc->group->curve_oid = from->ecc->group->curve_oid; 1917 } 1918 else { 1919 WOLFSSL_MSG("Missing ECC struct"); 1920 return WOLFSSL_FAILURE; 1921 } 1922 break; 1923 #endif 1924 #ifndef NO_DSA 1925 case EVP_PKEY_DSA: 1926 if (from->dsa) { 1927 WOLFSSL_BIGNUM* cpy; 1928 if (!to->dsa && !(to->dsa = wolfSSL_DSA_new())) { 1929 WOLFSSL_MSG("wolfSSL_DSA_new error"); 1930 return WOLFSSL_FAILURE; 1931 } 1932 if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) { 1933 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1934 return WOLFSSL_FAILURE; 1935 } 1936 to->dsa->p = cpy; 1937 if (!(cpy = wolfSSL_BN_dup(from->dsa->q))) { 1938 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1939 return WOLFSSL_FAILURE; 1940 } 1941 to->dsa->q = cpy; 1942 if (!(cpy = wolfSSL_BN_dup(from->dsa->g))) { 1943 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1944 return WOLFSSL_FAILURE; 1945 } 1946 to->dsa->g = cpy; 1947 } 1948 else { 1949 WOLFSSL_MSG("Missing DSA struct"); 1950 return WOLFSSL_FAILURE; 1951 } 1952 break; 1953 #endif 1954 #ifndef NO_RSA 1955 case EVP_PKEY_RSA: 1956 #endif 1957 #ifndef NO_DH 1958 case EVP_PKEY_DH: 1959 #endif 1960 default: 1961 WOLFSSL_MSG("Copy parameters not available for this key type"); 1962 return WOLFSSL_FAILURE; 1963 } 1964 #if defined(HAVE_ECC) || !defined(NO_DSA) 1965 return WOLFSSL_SUCCESS; 1966 #endif 1967 } 1968 1722 1969 #ifndef NO_WOLFSSL_STUB 1723 1970 WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) … … 1760 2007 #endif /* HAVE_ECC */ 1761 2008 default: 1762 break;2009 return ret; 1763 2010 } /* switch (a->type) */ 1764 2011 … … 1824 2071 1825 2072 static const struct s_ent { 1826 const intmacType;2073 const enum wc_HashType macType; 1827 2074 const int nid; 1828 2075 const char *name; … … 1837 2084 1838 2085 #ifndef NO_SHA 1839 {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, 2086 {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"}, 2087 {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */ 1840 2088 #endif /* NO_SHA */ 1841 2089 … … 1859 2107 {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, 1860 2108 #endif 2109 #ifndef WOLFSSL_NOSHA3_384 1861 2110 {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, 2111 #endif 1862 2112 #ifndef WOLFSSL_NOSHA3_512 1863 2113 {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, 1864 2114 #endif 1865 { 0, 0, NULL}2115 {WC_HASH_TYPE_NONE, 0, NULL} 1866 2116 }; 1867 2117 1868 static intwolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md)2118 static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) 1869 2119 { 1870 2120 const struct s_ent *ent ; … … 2047 2297 } 2048 2298 2049 2050 2299 /* Initialize an EVP_DigestSign/Verify operation. 2051 2300 * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key. … … 2057 2306 WOLFSSL_EVP_PKEY *pkey) 2058 2307 { 2308 if (!type) { 2309 int default_digest; 2310 if (wolfSSL_EVP_PKEY_get_default_digest_nid(pkey, &default_digest) 2311 != WOLFSSL_SUCCESS) { 2312 WOLFSSL_MSG("Could not get default digest"); 2313 return WOLFSSL_FAILURE; 2314 } 2315 type = wolfSSL_EVP_get_digestbynid(default_digest); 2316 if (!type) { 2317 return BAD_FUNC_ARG; 2318 } 2319 } 2320 2059 2321 if (pkey->type == EVP_PKEY_HMAC) { 2060 2322 int hashType; 2061 2323 const unsigned char* key; 2062 size_t keySz;2063 2324 2064 2325 if (XSTRNCMP(type, "SHA256", 6) == 0) { … … 2080 2341 } 2081 2342 #endif 2343 #ifdef WOLFSSL_SHA3 2344 #ifndef WOLFSSL_NOSHA3_224 2345 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { 2346 hashType = WC_SHA3_224; 2347 } 2348 #endif 2349 #ifndef WOLFSSL_NOSHA3_256 2350 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { 2351 hashType = WC_SHA3_256; 2352 } 2353 #endif 2354 else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { 2355 hashType = WC_SHA3_384; 2356 } 2357 #ifndef WOLFSSL_NOSHA3_512 2358 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { 2359 hashType = WC_SHA3_512; 2360 } 2361 #endif 2362 #endif 2082 2363 #ifndef NO_MD5 2083 2364 else if (XSTRNCMP(type, "MD5", 3) == 0) { … … 2088 2369 /* has to be last since would pick or 224, 256, 384, or 512 too */ 2089 2370 else if (XSTRNCMP(type, "SHA", 3) == 0) { 2090 2371 hashType = WC_SHA; 2091 2372 } 2092 2373 #endif /* NO_SHA */ … … 2094 2375 return BAD_FUNC_ARG; 2095 2376 2096 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); 2097 2098 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) 2377 { 2378 size_t keySz = 0; 2379 2380 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); 2381 2382 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) 2383 return WOLFSSL_FAILURE; 2384 2385 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) 2386 return WOLFSSL_FAILURE; 2387 } 2388 2389 ctx->isHMAC = 1; 2390 } 2391 else if (wolfSSL_EVP_DigestInit(ctx, type) != 1) 2099 2392 return WOLFSSL_FAILURE; 2100 2393 2101 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) 2394 if (ctx->pctx == NULL) { 2395 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 2396 if (ctx->pctx == NULL) 2102 2397 return WOLFSSL_FAILURE; 2103 2104 ctx->macType = NID_hmac; 2105 } 2106 else { 2107 int ret; 2108 2109 if (ctx->pctx == NULL) { 2110 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 2111 if (ctx->pctx == NULL) 2112 return WOLFSSL_FAILURE; 2113 } 2114 2115 ret = wolfSSL_EVP_DigestInit(ctx, type); 2116 if (ret == WOLFSSL_SUCCESS && pctx != NULL) 2117 *pctx = ctx->pctx; 2118 return ret; 2119 } 2120 2398 } 2399 if (pctx != NULL) 2400 *pctx = ctx->pctx; 2121 2401 return WOLFSSL_SUCCESS; 2122 2402 } … … 2128 2408 const void *d, unsigned int cnt) 2129 2409 { 2130 if (ctx->pctx == NULL) { 2131 if (ctx->macType != NID_hmac) 2132 return WOLFSSL_FAILURE; 2133 2410 if (ctx->isHMAC) { 2134 2411 if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) 2135 2412 return WOLFSSL_FAILURE; … … 2150 2427 int ret; 2151 2428 2152 if (ctx-> pctx == NULL) {2429 if (ctx->isHMAC) { 2153 2430 Hmac hmacCopy; 2154 2155 if (ctx->macType != NID_hmac)2156 return WOLFSSL_FAILURE;2157 2431 2158 2432 if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) … … 2221 2495 #endif /* HAVE_BLAKE2 */ 2222 2496 2497 #ifdef WOLFSSL_SHA3 2498 #ifndef WOLFSSL_NOSHA3_224 2499 case WC_SHA3_224: 2500 hashLen = WC_SHA3_224_DIGEST_SIZE; 2501 break; 2502 #endif 2503 #ifndef WOLFSSL_NOSHA3_256 2504 case WC_SHA3_256: 2505 hashLen = WC_SHA3_256_DIGEST_SIZE; 2506 break; 2507 #endif 2508 #ifndef WOLFSSL_NOSHA3_384 2509 case WC_SHA3_384: 2510 hashLen = WC_SHA3_384_DIGEST_SIZE; 2511 break; 2512 #endif 2513 #ifndef WOLFSSL_NOSHA3_512 2514 case WC_SHA3_512: 2515 hashLen = WC_SHA3_512_DIGEST_SIZE; 2516 break; 2517 #endif 2518 #endif 2519 2223 2520 default: 2224 2521 hashLen = 0; … … 2236 2533 WOLFSSL_ENTER("EVP_DigestSignInit"); 2237 2534 2238 if (ctx == NULL || type == NULL ||pkey == NULL)2535 if (ctx == NULL || pkey == NULL) 2239 2536 return BAD_FUNC_ARG; 2240 2537 … … 2267 2564 2268 2565 /* Return the maximum size of the signaure when sig is NULL. */ 2269 if (ctx->pctx == NULL) { 2270 if (ctx->macType != NID_hmac) 2271 return WOLFSSL_FAILURE; 2272 2566 if (ctx->isHMAC) { 2273 2567 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); 2274 2568 … … 2300 2594 return WOLFSSL_FAILURE; 2301 2595 2302 if (ctx-> pctx == NULL) {2596 if (ctx->isHMAC) { 2303 2597 /* Copy the HMAC result as signature. */ 2304 2598 if ((unsigned int)(*siglen) > hashLen) … … 2318 2612 if (nid < 0) 2319 2613 break; 2320 ret = wolfSSL_RSA_sign (nid, digest, hashLen, sig, &sigSz,2321 ctx->pctx->pkey->rsa);2614 ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, 2615 sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); 2322 2616 if (ret >= 0) 2323 2617 *siglen = sigSz; … … 2385 2679 return WOLFSSL_FAILURE; 2386 2680 2387 if (ctx->pctx == NULL) { 2388 if (ctx->macType != NID_hmac) 2389 return WOLFSSL_FAILURE; 2681 if (ctx->isHMAC) { 2390 2682 2391 2683 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); … … 2399 2691 return WOLFSSL_FAILURE; 2400 2692 2401 if (ctx-> pctx == NULL) {2693 if (ctx->isHMAC) { 2402 2694 /* Check HMAC result matches the signature. */ 2403 2695 if (XMEMCMP(sig, digest, siglen) == 0) … … 2413 2705 if (nid < 0) 2414 2706 return WOLFSSL_FAILURE; 2415 return wolfSSL_RSA_verify (nid, digest, hashLen, sig,2707 return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, 2416 2708 (unsigned int)siglen, 2417 ctx->pctx->pkey->rsa );2709 ctx->pctx->pkey->rsa, ctx->pctx->padding); 2418 2710 } 2419 2711 #endif /* NO_RSA */ … … 2574 2866 2575 2867 #ifndef NO_AES 2868 #ifdef HAVE_AES_CBC 2576 2869 #ifdef WOLFSSL_AES_128 2577 {AES_128_CBC_TYPE, "AES-128-CBC", NID_aes_128_cbc},2870 {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, 2578 2871 #endif 2579 2872 #ifdef WOLFSSL_AES_192 2580 {AES_192_CBC_TYPE, "AES-192-CBC", NID_aes_192_cbc},2873 {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc}, 2581 2874 #endif 2582 2875 #ifdef WOLFSSL_AES_256 2583 {AES_256_CBC_TYPE, "AES-256-CBC", NID_aes_256_cbc}, 2584 #endif 2585 2876 {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc}, 2877 #endif 2878 #endif 2879 2880 #ifdef WOLFSSL_AES_CFB 2586 2881 #ifdef WOLFSSL_AES_128 2587 {AES_128_CFB1_TYPE, "AES-128-CFB1", NID_aes_128_cfb1},2882 {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1}, 2588 2883 #endif 2589 2884 #ifdef WOLFSSL_AES_192 2590 {AES_192_CFB1_TYPE, "AES-192-CFB1", NID_aes_192_cfb1},2885 {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1}, 2591 2886 #endif 2592 2887 #ifdef WOLFSSL_AES_256 2593 {AES_256_CFB1_TYPE, "AES-256-CFB1", NID_aes_256_cfb1},2888 {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1}, 2594 2889 #endif 2595 2890 2596 2891 #ifdef WOLFSSL_AES_128 2597 {AES_128_CFB8_TYPE, "AES-128-CFB8", NID_aes_128_cfb8},2892 {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8}, 2598 2893 #endif 2599 2894 #ifdef WOLFSSL_AES_192 2600 {AES_192_CFB8_TYPE, "AES-192-CFB8", NID_aes_192_cfb8},2895 {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8}, 2601 2896 #endif 2602 2897 #ifdef WOLFSSL_AES_256 2603 {AES_256_CFB8_TYPE, "AES-256-CFB8", NID_aes_256_cfb8},2898 {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8}, 2604 2899 #endif 2605 2900 2606 2901 #ifdef WOLFSSL_AES_128 2607 {AES_128_CFB128_TYPE, "AES-128-CFB128", NID_aes_128_cfb128},2902 {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128}, 2608 2903 #endif 2609 2904 #ifdef WOLFSSL_AES_192 2610 {AES_192_CFB128_TYPE, "AES-192-CFB128", NID_aes_192_cfb128},2905 {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128}, 2611 2906 #endif 2612 2907 #ifdef WOLFSSL_AES_256 2613 {AES_256_CFB128_TYPE, "AES-256-CFB128", NID_aes_256_cfb128}, 2614 #endif 2615 2908 {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128}, 2909 #endif 2910 #endif 2911 2912 #ifdef HAVE_AES_OFB 2616 2913 #ifdef WOLFSSL_AES_128 2617 {AES_128_OFB_TYPE, "AES-128-OFB", NID_aes_128_ofb},2914 {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb}, 2618 2915 #endif 2619 2916 #ifdef WOLFSSL_AES_192 2620 {AES_192_OFB_TYPE, "AES-192-OFB", NID_aes_192_ofb},2917 {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb}, 2621 2918 #endif 2622 2919 #ifdef WOLFSSL_AES_256 2623 {AES_256_OFB_TYPE, "AES-256-OFB", NID_aes_256_ofb}, 2624 #endif 2625 2920 {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb}, 2921 #endif 2922 #endif 2923 2924 #ifdef HAVE_AES_XTS 2626 2925 #ifdef WOLFSSL_AES_128 2627 {AES_128_XTS_TYPE, "AES-128-XTS", NID_aes_128_xts},2926 {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts}, 2628 2927 #endif 2629 2928 #ifdef WOLFSSL_AES_256 2630 {AES_256_XTS_TYPE, "AES-256-XTS", NID_aes_256_xts}, 2631 #endif 2632 2929 {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts}, 2930 #endif 2931 #endif 2932 2933 #ifdef HAVE_AESGCM 2633 2934 #ifdef WOLFSSL_AES_128 2634 {AES_128_GCM_TYPE, "AES-128-GCM", NID_aes_128_gcm},2935 {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm}, 2635 2936 #endif 2636 2937 #ifdef WOLFSSL_AES_192 2637 {AES_192_GCM_TYPE, "AES-192-GCM", NID_aes_192_gcm},2938 {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm}, 2638 2939 #endif 2639 2940 #ifdef WOLFSSL_AES_256 2640 {AES_256_GCM_TYPE, "AES-256-GCM", NID_aes_256_gcm}, 2641 #endif 2941 {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm}, 2942 #endif 2943 #endif 2944 2945 #ifdef WOLFSSL_AES_COUNTER 2642 2946 #ifdef WOLFSSL_AES_128 2643 {AES_128_CTR_TYPE, "AES-128-CTR", NID_aes_128_ctr},2947 {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr}, 2644 2948 #endif 2645 2949 #ifdef WOLFSSL_AES_192 2646 {AES_192_CTR_TYPE, "AES-192-CTR", NID_aes_192_ctr},2950 {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr}, 2647 2951 #endif 2648 2952 #ifdef WOLFSSL_AES_256 2649 {AES_256_CTR_TYPE, "AES-256-CTR", NID_aes_256_ctr}, 2650 #endif 2651 2953 {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr}, 2954 #endif 2955 #endif 2956 2957 #ifdef HAVE_AES_ECB 2652 2958 #ifdef WOLFSSL_AES_128 2653 {AES_128_ECB_TYPE, "AES-128-ECB", NID_aes_128_ecb},2959 {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb}, 2654 2960 #endif 2655 2961 #ifdef WOLFSSL_AES_192 2656 {AES_192_ECB_TYPE, "AES-192-ECB", NID_aes_192_ecb},2962 {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb}, 2657 2963 #endif 2658 2964 #ifdef WOLFSSL_AES_256 2659 {AES_256_ECB_TYPE, "AES-256-ECB", NID_aes_256_ecb},2660 #endif 2661 2965 {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb}, 2966 #endif 2967 #endif 2662 2968 #endif 2663 2969 2664 2970 #ifndef NO_DES3 2665 {DES_CBC_TYPE, "DES-CBC", NID_des_cbc},2666 {DES_ECB_TYPE, "DES-ECB", NID_des_ecb},2667 2668 {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC", NID_des_ede3_cbc},2669 {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB", NID_des_ede3_ecb},2971 {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc}, 2972 {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb}, 2973 2974 {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc}, 2975 {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb}, 2670 2976 #endif 2671 2977 2672 2978 #ifndef NO_RC4 2673 {ARC4_TYPE, "ARC4", NID_undef},2979 {ARC4_TYPE, EVP_ARC4, NID_undef}, 2674 2980 #endif 2675 2981 2676 2982 #ifdef HAVE_IDEA 2677 {IDEA_CBC_TYPE, "IDEA-CBC", NID_idea_cbc},2983 {IDEA_CBC_TYPE, EVP_IDEA_CBC, NID_idea_cbc}, 2678 2984 #endif 2679 2985 { 0, NULL, 0} … … 2719 3025 { 2720 3026 2721 staticconst struct alias {3027 const struct alias { 2722 3028 const char *name; 2723 3029 const char *alias; … … 2725 3031 { 2726 3032 #ifndef NO_DES3 2727 { "DES-CBC", "DES"},2728 { "DES-CBC", "des"},2729 { "DES-ECB", "DES-ECB"},2730 { "DES-ECB", "des-ecb"},2731 { "DES-EDE3-CBC", "DES3"},2732 { "DES-EDE3-CBC", "des3"},2733 { "DES-EDE3-ECB", "DES-EDE3"},2734 { "DES-EDE3-ECB", "des-ede3"},2735 { "DES-EDE3-ECB", "des-ede3-ecb"},3033 {EVP_DES_CBC, "DES"}, 3034 {EVP_DES_CBC, "des"}, 3035 {EVP_DES_ECB, "DES-ECB"}, 3036 {EVP_DES_ECB, "des-ecb"}, 3037 {EVP_DES_EDE3_CBC, "DES3"}, 3038 {EVP_DES_EDE3_CBC, "des3"}, 3039 {EVP_DES_EDE3_ECB, "DES-EDE3"}, 3040 {EVP_DES_EDE3_ECB, "des-ede3"}, 3041 {EVP_DES_EDE3_ECB, "des-ede3-ecb"}, 2736 3042 #endif 2737 3043 #ifdef HAVE_IDEA 2738 { "IDEA-CBC", "IDEA"},2739 { "IDEA-CBC", "idea"},3044 {EVP_IDEA_CBC, "IDEA"}, 3045 {EVP_IDEA_CBC, "idea"}, 2740 3046 #endif 2741 3047 #ifndef NO_AES 2742 3048 #ifdef HAVE_AES_CBC 2743 3049 #ifdef WOLFSSL_AES_128 2744 {"AES-128-CBC", "AES128-CBC"},2745 {"AES-128-CBC", "aes128-cbc"},3050 {EVP_AES_128_CBC, "AES128-CBC"}, 3051 {EVP_AES_128_CBC, "aes128-cbc"}, 2746 3052 #endif 2747 3053 #ifdef WOLFSSL_AES_192 2748 {"AES-192-CBC", "AES192-CBC"},2749 {"AES-192-CBC", "aes192-cbc"},3054 {EVP_AES_192_CBC, "AES192-CBC"}, 3055 {EVP_AES_192_CBC, "aes192-cbc"}, 2750 3056 #endif 2751 3057 #ifdef WOLFSSL_AES_256 2752 {"AES-256-CBC", "AES256-CBC"},2753 {"AES-256-CBC", "aes256-cbc"},3058 {EVP_AES_256_CBC, "AES256-CBC"}, 3059 {EVP_AES_256_CBC, "aes256-cbc"}, 2754 3060 #endif 2755 3061 #endif 2756 #ifdef WOLFSSL_AES_128 2757 {"AES-128-ECB", "AES128-ECB"}, 2758 {"AES-128-ECB", "aes128-ecb"}, 2759 #endif 2760 #ifdef WOLFSSL_AES_192 2761 {"AES-192-ECB", "AES192-ECB"}, 2762 {"AES-192-ECB", "aes192-ecb"}, 2763 #endif 2764 #ifdef WOLFSSL_AES_256 2765 {"AES-256-ECB", "AES256-ECB"}, 3062 #ifdef HAVE_AES_ECB 3063 #ifdef WOLFSSL_AES_128 3064 {EVP_AES_128_ECB, "AES128-ECB"}, 3065 {EVP_AES_128_ECB, "aes128-ecb"}, 3066 #endif 3067 #ifdef WOLFSSL_AES_192 3068 {EVP_AES_192_ECB, "AES192-ECB"}, 3069 {EVP_AES_192_ECB, "aes192-ecb"}, 3070 #endif 3071 #ifdef WOLFSSL_AES_256 3072 {EVP_AES_256_ECB, "AES256-ECB"}, 3073 #endif 2766 3074 #endif 2767 3075 #ifdef HAVE_AESGCM 2768 3076 #ifdef WOLFSSL_AES_128 2769 {"AES-128-GCM", "aes-128-gcm"},2770 {"AES-128-GCM", "id-aes128-GCM"},3077 {EVP_AES_128_GCM, "aes-128-gcm"}, 3078 {EVP_AES_128_GCM, "id-aes128-GCM"}, 2771 3079 #endif 2772 3080 #ifdef WOLFSSL_AES_192 2773 {"AES-192-GCM", "aes-192-gcm"},2774 {"AES-192-GCM", "id-aes192-GCM"},3081 {EVP_AES_192_GCM, "aes-192-gcm"}, 3082 {EVP_AES_192_GCM, "id-aes192-GCM"}, 2775 3083 #endif 2776 3084 #ifdef WOLFSSL_AES_256 2777 {"AES-256-GCM", "aes-256-gcm"},2778 {"AES-256-GCM", "id-aes256-GCM"},3085 {EVP_AES_256_GCM, "aes-256-gcm"}, 3086 {EVP_AES_256_GCM, "id-aes256-GCM"}, 2779 3087 #endif 2780 3088 #endif 2781 3089 #endif 2782 3090 #ifndef NO_RC4 2783 { "ARC4", "RC4"},3091 {EVP_ARC4, "RC4"}, 2784 3092 #endif 2785 3093 { NULL, NULL} … … 2906 3214 void wolfSSL_EVP_init(void) 2907 3215 { 2908 #ifndef NO_AES 2909 #ifdef HAVE_AES_CBC 2910 #ifdef WOLFSSL_AES_128 2911 EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); 2912 #endif 2913 #ifdef WOLFSSL_AES_192 2914 EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); 2915 #endif 2916 #ifdef WOLFSSL_AES_256 2917 EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); 2918 #endif 2919 #endif /* HAVE_AES_CBC */ 2920 2921 #ifdef WOLFSSL_AES_CFB 2922 #ifdef WOLFSSL_AES_128 2923 EVP_AES_128_CFB1 = (char *)EVP_get_cipherbyname("AES-128-CFB1"); 2924 #endif 2925 2926 #ifdef WOLFSSL_AES_192 2927 EVP_AES_192_CFB1 = (char *)EVP_get_cipherbyname("AES-192-CFB1"); 2928 #endif 2929 2930 #ifdef WOLFSSL_AES_256 2931 EVP_AES_256_CFB1 = (char *)EVP_get_cipherbyname("AES-256-CFB1"); 2932 #endif 2933 2934 #ifdef WOLFSSL_AES_128 2935 EVP_AES_128_CFB8 = (char *)EVP_get_cipherbyname("AES-128-CFB8"); 2936 #endif 2937 2938 #ifdef WOLFSSL_AES_192 2939 EVP_AES_192_CFB8 = (char *)EVP_get_cipherbyname("AES-192-CFB8"); 2940 #endif 2941 2942 #ifdef WOLFSSL_AES_256 2943 EVP_AES_256_CFB8 = (char *)EVP_get_cipherbyname("AES-256-CFB8"); 2944 #endif 2945 2946 #ifdef WOLFSSL_AES_128 2947 EVP_AES_128_CFB128 = (char *)EVP_get_cipherbyname("AES-128-CFB128"); 2948 #endif 2949 2950 #ifdef WOLFSSL_AES_192 2951 EVP_AES_192_CFB128 = (char *)EVP_get_cipherbyname("AES-192-CFB128"); 2952 #endif 2953 2954 #ifdef WOLFSSL_AES_256 2955 EVP_AES_256_CFB128 = (char *)EVP_get_cipherbyname("AES-256-CFB128"); 2956 #endif 2957 #endif /* WOLFSSL_AES_CFB */ 2958 2959 #ifdef WOLFSSL_AES_OFB 2960 #ifdef WOLFSSL_AES_128 2961 EVP_AES_128_OFB = (char *)EVP_get_cipherbyname("AES-128-OFB"); 2962 #endif 2963 2964 #ifdef WOLFSSL_AES_192 2965 EVP_AES_192_OFB = (char *)EVP_get_cipherbyname("AES-192-OFB"); 2966 #endif 2967 2968 #ifdef WOLFSSL_AES_256 2969 EVP_AES_256_OFB = (char *)EVP_get_cipherbyname("AES-256-OFB"); 2970 #endif 2971 #endif /* WOLFSSL_AES_OFB */ 2972 2973 #ifdef WOLFSSL_AES_XTS 2974 #ifdef WOLFSSL_AES_128 2975 EVP_AES_128_XTS = (char *)EVP_get_cipherbyname("AES-128-XTS"); 2976 #endif 2977 2978 #ifdef WOLFSSL_AES_256 2979 EVP_AES_256_XTS = (char *)EVP_get_cipherbyname("AES-256-XTS"); 2980 #endif 2981 #endif /* WOLFSSL_AES_XTS */ 2982 2983 #ifdef HAVE_AESGCM 2984 #ifdef WOLFSSL_AES_128 2985 EVP_AES_128_GCM = (char *)EVP_get_cipherbyname("AES-128-GCM"); 2986 #endif 2987 #ifdef WOLFSSL_AES_192 2988 EVP_AES_192_GCM = (char *)EVP_get_cipherbyname("AES-192-GCM"); 2989 #endif 2990 #ifdef WOLFSSL_AES_256 2991 EVP_AES_256_GCM = (char *)EVP_get_cipherbyname("AES-256-GCM"); 2992 #endif 2993 #endif /* HAVE_AESGCM*/ 2994 #ifdef WOLFSSL_AES_128 2995 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); 2996 #endif 2997 #ifdef WOLFSSL_AES_192 2998 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); 2999 #endif 3000 #ifdef WOLFSSL_AES_256 3001 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); 3002 #endif 3003 3004 #ifdef WOLFSSL_AES_128 3005 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); 3006 #endif 3007 #ifdef WOLFSSL_AES_192 3008 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); 3009 #endif 3010 #ifdef WOLFSSL_AES_256 3011 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); 3012 #endif 3013 #endif /* ifndef NO_AES*/ 3014 3015 #ifndef NO_DES3 3016 EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC"); 3017 EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB"); 3018 3019 EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC"); 3020 EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB"); 3021 #endif 3022 3023 #ifdef HAVE_IDEA 3024 EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC"); 3025 #endif 3216 /* Does nothing. */ 3026 3217 } 3027 3218 3028 3219 #if !defined(NO_PWDBASED) 3029 int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,3030 int* pHash, int* pHashSz)3031 {3032 enum wc_HashType hash = WC_HASH_TYPE_NONE;3033 int hashSz;3034 3035 if (XSTRLEN(evp) < 3) {3036 /* do not try comparing strings if size is too small */3037 return WOLFSSL_FAILURE;3038 }3039 3040 if (XSTRNCMP("SHA", evp, 3) == 0) {3041 if (XSTRLEN(evp) > 3) {3042 #ifndef NO_SHA2563043 if (XSTRNCMP("SHA256", evp, 6) == 0) {3044 hash = WC_HASH_TYPE_SHA256;3045 }3046 else3047 #endif3048 #ifdef WOLFSSL_SHA3843049 if (XSTRNCMP("SHA384", evp, 6) == 0) {3050 hash = WC_HASH_TYPE_SHA384;3051 }3052 else3053 #endif3054 #ifdef WOLFSSL_SHA5123055 if (XSTRNCMP("SHA512", evp, 6) == 0) {3056 hash = WC_HASH_TYPE_SHA512;3057 }3058 else3059 #endif3060 {3061 WOLFSSL_MSG("Unknown SHA hash");3062 }3063 }3064 else {3065 hash = WC_HASH_TYPE_SHA;3066 }3067 }3068 #ifdef WOLFSSL_MD23069 else if (XSTRNCMP("MD2", evp, 3) == 0) {3070 hash = WC_HASH_TYPE_MD2;3071 }3072 #endif3073 #ifndef NO_MD43074 else if (XSTRNCMP("MD4", evp, 3) == 0) {3075 hash = WC_HASH_TYPE_MD4;3076 }3077 #endif3078 #ifndef NO_MD53079 else if (XSTRNCMP("MD5", evp, 3) == 0) {3080 hash = WC_HASH_TYPE_MD5;3081 }3082 #endif3083 3084 if (pHash)3085 *pHash = hash;3086 3087 hashSz = wc_HashGetDigestSize(hash);3088 if (pHashSz)3089 *pHashSz = hashSz;3090 3091 if (hashSz < 0) {3092 return WOLFSSL_FAILURE;3093 }3094 3095 return WOLFSSL_SUCCESS;3096 }3097 3098 3220 /* this function makes the assumption that out buffer is big enough for digest*/ 3099 3221 int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, … … 3136 3258 {"MD4", "ssl3-md4"}, 3137 3259 {"MD5", "ssl3-md5"}, 3138 {"SHA ", "ssl3-sha1"},3139 {"SHA ", "SHA1"},3260 {"SHA1", "ssl3-sha1"}, 3261 {"SHA1", "SHA"}, 3140 3262 { NULL, NULL} 3141 3263 }; 3264 char nameUpper[15]; /* 15 bytes should be enough for any name */ 3265 size_t i; 3142 3266 3143 3267 const struct alias *al; 3144 3268 const struct s_ent *ent; 3145 3269 3146 3270 for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { 3271 nameUpper[i] = (char)XTOUPPER(name[i]); 3272 } 3273 if (i < sizeof(nameUpper)) 3274 nameUpper[i] = '\0'; 3275 else 3276 return NULL; 3277 3278 name = nameUpper; 3147 3279 for (al = alias_tbl; al->name != NULL; al++) 3148 3280 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { … … 3205 3337 { 3206 3338 WOLFSSL_ENTER("EVP_sha1"); 3207 return EVP_get_digestbyname("SHA ");3339 return EVP_get_digestbyname("SHA1"); 3208 3340 } 3209 3341 #endif /* NO_SHA */ … … 3295 3427 if (ctx) { 3296 3428 WOLFSSL_ENTER("EVP_MD_CTX_free"); 3297 3298 3299 3429 wolfSSL_EVP_MD_CTX_cleanup(ctx); 3430 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); 3431 } 3300 3432 } 3301 3433 3302 3434 /* returns the NID of message digest used by the ctx */ 3303 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { 3435 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) 3436 { 3304 3437 const struct s_ent *ent; 3305 3438 … … 3307 3440 3308 3441 if (ctx) { 3442 if (ctx->isHMAC) { 3443 return NID_hmac; 3444 } 3445 3309 3446 for(ent = md_tbl; ent->name != NULL; ent++) { 3310 3447 if (ctx->macType == ent->macType) { … … 3339 3476 const WOLFSSL_EVP_MD_CTX* src) 3340 3477 { 3341 if (src->macType == NID_hmac) { 3342 wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); 3478 int ret; 3479 if (src->isHMAC) { 3480 ret = wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); 3343 3481 } 3344 3482 else { 3345 3483 switch (src->macType) { 3484 case WC_HASH_TYPE_MD5: 3346 3485 #ifndef NO_MD5 3347 case WC_HASH_TYPE_MD5: 3348 wc_Md5Copy((wc_Md5*)&src->hash.digest, 3486 ret = wc_Md5Copy((wc_Md5*)&src->hash.digest, 3349 3487 (wc_Md5*)&des->hash.digest); 3488 #else 3489 ret = NOT_COMPILED_IN; 3490 #endif /* !NO_MD5 */ 3350 3491 break; 3351 #endif /* !NO_MD5 */ 3352 3492 case WC_HASH_TYPE_SHA: 3353 3493 #ifndef NO_SHA 3354 case WC_HASH_TYPE_SHA: 3355 wc_ShaCopy((wc_Sha*)&src->hash.digest, 3494 ret = wc_ShaCopy((wc_Sha*)&src->hash.digest, 3356 3495 (wc_Sha*)&des->hash.digest); 3496 #else 3497 ret = NOT_COMPILED_IN; 3498 #endif /* !NO_SHA */ 3357 3499 break; 3358 #endif /* !NO_SHA */ 3359 3500 case WC_HASH_TYPE_SHA224: 3360 3501 #ifdef WOLFSSL_SHA224 3361 case WC_HASH_TYPE_SHA224: 3362 wc_Sha224Copy((wc_Sha224*)&src->hash.digest, 3502 ret = wc_Sha224Copy((wc_Sha224*)&src->hash.digest, 3363 3503 (wc_Sha224*)&des->hash.digest); 3504 #else 3505 ret = NOT_COMPILED_IN; 3506 #endif /* WOLFSSL_SHA224 */ 3364 3507 break; 3365 #endif /* WOLFSSL_SHA224 */ 3366 3508 case WC_HASH_TYPE_SHA256: 3367 3509 #ifndef NO_SHA256 3368 case WC_HASH_TYPE_SHA256: 3369 wc_Sha256Copy((wc_Sha256*)&src->hash.digest, 3510 ret = wc_Sha256Copy((wc_Sha256*)&src->hash.digest, 3370 3511 (wc_Sha256*)&des->hash.digest); 3512 #else 3513 ret = NOT_COMPILED_IN; 3514 #endif /* !NO_SHA256 */ 3371 3515 break; 3372 #endif /* !NO_SHA256 */ 3373 3516 case WC_HASH_TYPE_SHA384: 3374 3517 #ifdef WOLFSSL_SHA384 3375 case WC_HASH_TYPE_SHA384: 3376 wc_Sha384Copy((wc_Sha384*)&src->hash.digest, 3518 ret = wc_Sha384Copy((wc_Sha384*)&src->hash.digest, 3377 3519 (wc_Sha384*)&des->hash.digest); 3520 #else 3521 ret = NOT_COMPILED_IN; 3522 #endif /* WOLFSSL_SHA384 */ 3378 3523 break; 3379 #endif /* WOLFSSL_SHA384 */3524 case WC_HASH_TYPE_SHA512: 3380 3525 #ifdef WOLFSSL_SHA512 3381 case WC_HASH_TYPE_SHA512: 3382 wc_Sha512Copy((wc_Sha512*)&src->hash.digest, 3526 ret = wc_Sha512Copy((wc_Sha512*)&src->hash.digest, 3383 3527 (wc_Sha512*)&des->hash.digest); 3528 #else 3529 ret = NOT_COMPILED_IN; 3530 #endif /* WOLFSSL_SHA512 */ 3384 3531 break; 3385 #endif /* WOLFSSL_SHA512 */3386 #ifdef WOLFSSL_SHA33387 #ifndef WOLFSSL_NOSHA3_2243388 3532 case WC_HASH_TYPE_SHA3_224: 3389 wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, 3533 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 3534 ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, 3390 3535 (wc_Sha3*)&des->hash.digest); 3536 #else 3537 ret = NOT_COMPILED_IN; 3538 #endif 3391 3539 break; 3540 case WC_HASH_TYPE_SHA3_256: 3541 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 3542 ret = wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, 3543 (wc_Sha3*)&des->hash.digest); 3544 #else 3545 ret = NOT_COMPILED_IN; 3392 3546 #endif 3393 3394 #ifndef WOLFSSL_NOSHA3_2563395 case WC_HASH_TYPE_SHA3_256:3396 wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest,3547 break; 3548 case WC_HASH_TYPE_SHA3_384: 3549 #if defined(WOLFSSL_SHA3) 3550 ret = wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, 3397 3551 (wc_Sha3*)&des->hash.digest); 3552 #else 3553 ret = NOT_COMPILED_IN; 3554 #endif 3398 3555 break; 3556 case WC_HASH_TYPE_SHA3_512: 3557 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 3558 ret = wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, 3559 (wc_Sha3*)&des->hash.digest); 3560 #else 3561 ret = NOT_COMPILED_IN; 3399 3562 #endif 3400 3401 case WC_HASH_TYPE_SHA3_384:3402 wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest,3403 (wc_Sha3*)&des->hash.digest);3404 3563 break; 3405 3406 #ifndef WOLFSSL_NOSHA3_512 3407 case WC_HASH_TYPE_SHA3_512: 3408 wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, 3409 (wc_Sha3*)&des->hash.digest); 3564 case WC_HASH_TYPE_NONE: 3565 case WC_HASH_TYPE_MD2: 3566 case WC_HASH_TYPE_MD4: 3567 case WC_HASH_TYPE_MD5_SHA: 3568 case WC_HASH_TYPE_BLAKE2B: 3569 case WC_HASH_TYPE_BLAKE2S: 3570 default: 3571 ret = BAD_FUNC_ARG; 3410 3572 break; 3411 #endif 3412 #endif 3413 default: 3414 return WOLFSSL_FAILURE; 3415 } 3416 } 3417 return WOLFSSL_SUCCESS; 3573 } 3574 } 3575 return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; 3418 3576 } 3419 3577 … … 3446 3604 return NULL; 3447 3605 WOLFSSL_ENTER("EVP_MD_CTX_md"); 3606 if (ctx->isHMAC) { 3607 return "HMAC"; 3608 } 3448 3609 for(ent = md_tbl; ent->name != NULL; ent++) { 3449 3610 if(ctx->macType == ent->macType) { … … 3461 3622 { 3462 3623 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); 3463 if (EVP_AES_128_CBC == NULL)3464 wolfSSL_EVP_init();3465 3624 return EVP_AES_128_CBC; 3466 3625 } … … 3472 3631 { 3473 3632 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); 3474 if (EVP_AES_192_CBC == NULL)3475 wolfSSL_EVP_init();3476 3633 return EVP_AES_192_CBC; 3477 3634 } … … 3483 3640 { 3484 3641 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); 3485 if (EVP_AES_256_CBC == NULL)3486 wolfSSL_EVP_init();3487 3642 return EVP_AES_256_CBC; 3488 3643 } … … 3496 3651 { 3497 3652 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); 3498 if (EVP_AES_128_CFB1 == NULL)3499 wolfSSL_EVP_init();3500 3653 return EVP_AES_128_CFB1; 3501 3654 } … … 3506 3659 { 3507 3660 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); 3508 if (EVP_AES_192_CFB1 == NULL)3509 wolfSSL_EVP_init();3510 3661 return EVP_AES_192_CFB1; 3511 3662 } … … 3516 3667 { 3517 3668 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); 3518 if (EVP_AES_256_CFB1 == NULL)3519 wolfSSL_EVP_init();3520 3669 return EVP_AES_256_CFB1; 3521 3670 } … … 3526 3675 { 3527 3676 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); 3528 if (EVP_AES_128_CFB8 == NULL)3529 wolfSSL_EVP_init();3530 3677 return EVP_AES_128_CFB8; 3531 3678 } … … 3536 3683 { 3537 3684 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); 3538 if (EVP_AES_192_CFB8 == NULL)3539 wolfSSL_EVP_init();3540 3685 return EVP_AES_192_CFB8; 3541 3686 } … … 3546 3691 { 3547 3692 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); 3548 if (EVP_AES_256_CFB8 == NULL)3549 wolfSSL_EVP_init();3550 3693 return EVP_AES_256_CFB8; 3551 3694 } … … 3557 3700 { 3558 3701 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); 3559 if (EVP_AES_128_CFB128 == NULL)3560 wolfSSL_EVP_init();3561 3702 return EVP_AES_128_CFB128; 3562 3703 } … … 3567 3708 { 3568 3709 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); 3569 if (EVP_AES_192_CFB128 == NULL)3570 wolfSSL_EVP_init();3571 3710 return EVP_AES_192_CFB128; 3572 3711 } … … 3577 3716 { 3578 3717 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); 3579 if (EVP_AES_256_CFB128 == NULL)3580 wolfSSL_EVP_init();3581 3718 return EVP_AES_256_CFB128; 3582 3719 } … … 3589 3726 { 3590 3727 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); 3591 if (EVP_AES_128_OFB == NULL)3592 wolfSSL_EVP_init();3593 3728 return EVP_AES_128_OFB; 3594 3729 } … … 3599 3734 { 3600 3735 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); 3601 if (EVP_AES_192_OFB == NULL)3602 wolfSSL_EVP_init();3603 3736 return EVP_AES_192_OFB; 3604 3737 } … … 3609 3742 { 3610 3743 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); 3611 if (EVP_AES_256_OFB == NULL)3612 wolfSSL_EVP_init();3613 3744 return EVP_AES_256_OFB; 3614 3745 } … … 3621 3752 { 3622 3753 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); 3623 if (EVP_AES_128_XTS == NULL)3624 wolfSSL_EVP_init();3625 3754 return EVP_AES_128_XTS; 3626 3755 } … … 3631 3760 { 3632 3761 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); 3633 if (EVP_AES_256_XTS == NULL)3634 wolfSSL_EVP_init();3635 3762 return EVP_AES_256_XTS; 3636 3763 } … … 3643 3770 { 3644 3771 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); 3645 if (EVP_AES_128_GCM == NULL)3646 wolfSSL_EVP_init();3647 3772 return EVP_AES_128_GCM; 3648 3773 } … … 3653 3778 { 3654 3779 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); 3655 if (EVP_AES_192_GCM == NULL)3656 wolfSSL_EVP_init();3657 3780 return EVP_AES_192_GCM; 3658 3781 } … … 3663 3786 { 3664 3787 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); 3665 if (EVP_AES_256_GCM == NULL)3666 wolfSSL_EVP_init();3667 3788 return EVP_AES_256_GCM; 3668 3789 } … … 3670 3791 #endif /* HAVE_AESGCM */ 3671 3792 3793 #ifdef WOLFSSL_AES_COUNTER 3672 3794 #ifdef WOLFSSL_AES_128 3673 3795 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) 3674 3796 { 3675 3797 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); 3676 if (EVP_AES_128_CTR == NULL)3677 wolfSSL_EVP_init();3678 3798 return EVP_AES_128_CTR; 3679 3799 } … … 3685 3805 { 3686 3806 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); 3687 if (EVP_AES_192_CTR == NULL)3688 wolfSSL_EVP_init();3689 3807 return EVP_AES_192_CTR; 3690 3808 } … … 3696 3814 { 3697 3815 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); 3698 if (EVP_AES_256_CTR == NULL)3699 wolfSSL_EVP_init();3700 3816 return EVP_AES_256_CTR; 3701 3817 } 3702 3818 #endif /* WOLFSSL_AES_256 */ 3703 3819 #endif /* WOLFSSL_AES_COUNTER */ 3820 3821 #ifdef HAVE_AES_ECB 3704 3822 #ifdef WOLFSSL_AES_128 3705 3823 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) 3706 3824 { 3707 3825 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); 3708 if (EVP_AES_128_ECB == NULL)3709 wolfSSL_EVP_init();3710 3826 return EVP_AES_128_ECB; 3711 3827 } … … 3717 3833 { 3718 3834 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); 3719 if (EVP_AES_192_ECB == NULL)3720 wolfSSL_EVP_init();3721 3835 return EVP_AES_192_ECB; 3722 3836 } … … 3728 3842 { 3729 3843 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); 3730 if (EVP_AES_256_ECB == NULL)3731 wolfSSL_EVP_init();3732 3844 return EVP_AES_256_ECB; 3733 3845 } 3734 3846 #endif /* WOLFSSL_AES_256 */ 3847 #endif /* HAVE_AES_ECB */ 3735 3848 #endif /* NO_AES */ 3736 3849 … … 3739 3852 { 3740 3853 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); 3741 if (EVP_DES_CBC == NULL)3742 wolfSSL_EVP_init();3743 3854 return EVP_DES_CBC; 3744 3855 } … … 3747 3858 { 3748 3859 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); 3749 if (EVP_DES_ECB == NULL)3750 wolfSSL_EVP_init();3751 3860 return EVP_DES_ECB; 3752 3861 } … … 3755 3864 { 3756 3865 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); 3757 if (EVP_DES_EDE3_CBC == NULL)3758 wolfSSL_EVP_init();3759 3866 return EVP_DES_EDE3_CBC; 3760 3867 } … … 3763 3870 { 3764 3871 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); 3765 if (EVP_DES_EDE3_ECB == NULL)3766 wolfSSL_EVP_init();3767 3872 return EVP_DES_EDE3_ECB; 3768 3873 } … … 3773 3878 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) 3774 3879 { 3775 static const char* type = "ARC4";3776 3880 WOLFSSL_ENTER("wolfSSL_EVP_rc4"); 3777 return type;3881 return EVP_ARC4; 3778 3882 } 3779 3883 #endif … … 3783 3887 { 3784 3888 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); 3785 if (EVP_IDEA_CBC == NULL)3786 wolfSSL_EVP_init();3787 3889 return EVP_IDEA_CBC; 3788 3890 } … … 3790 3892 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) 3791 3893 { 3792 static const char* type = "NULL";3793 3894 WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); 3794 return type;3895 return EVP_NULL; 3795 3896 } 3796 3897 3797 3898 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) 3798 3899 { 3900 int ret = WOLFSSL_SUCCESS; 3799 3901 WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); 3800 3902 if (ctx->pctx != NULL) 3801 3903 wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); 3802 3904 3803 if (ctx-> macType == NID_hmac) {3905 if (ctx->isHMAC) { 3804 3906 wc_HmacFree(&ctx->hash.hmac); 3805 3907 } 3806 3908 else { 3807 3909 switch (ctx->macType) { 3910 case WC_HASH_TYPE_MD5: 3808 3911 #ifndef NO_MD5 3809 case WC_HASH_TYPE_MD5:3810 3912 wc_Md5Free((wc_Md5*)&ctx->hash.digest); 3913 #endif /* !NO_MD5 */ 3811 3914 break; 3812 #endif /* !NO_MD5 */ 3813 3915 case WC_HASH_TYPE_SHA: 3814 3916 #ifndef NO_SHA 3815 case WC_HASH_TYPE_SHA:3816 3917 wc_ShaFree((wc_Sha*)&ctx->hash.digest); 3918 #endif /* !NO_SHA */ 3817 3919 break; 3818 #endif /* !NO_SHA */ 3819 3920 case WC_HASH_TYPE_SHA224: 3820 3921 #ifdef WOLFSSL_SHA224 3821 case WC_HASH_TYPE_SHA224:3822 3922 wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); 3923 #endif /* WOLFSSL_SHA224 */ 3823 3924 break; 3824 #endif /* WOLFSSL_SHA224 */ 3825 3925 case WC_HASH_TYPE_SHA256: 3826 3926 #ifndef NO_SHA256 3827 case WC_HASH_TYPE_SHA256:3828 3927 wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); 3928 #endif /* !NO_SHA256 */ 3829 3929 break; 3830 #endif /* !NO_SHA256 */ 3831 3930 case WC_HASH_TYPE_SHA384: 3832 3931 #ifdef WOLFSSL_SHA384 3833 case WC_HASH_TYPE_SHA384:3834 3932 wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); 3933 #endif /* WOLFSSL_SHA384 */ 3835 3934 break; 3836 #endif /* WOLFSSL_SHA384 */3935 case WC_HASH_TYPE_SHA512: 3837 3936 #ifdef WOLFSSL_SHA512 3838 case WC_HASH_TYPE_SHA512:3839 3937 wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); 3938 #endif /* WOLFSSL_SHA512 */ 3840 3939 break; 3841 #endif /* WOLFSSL_SHA512 */3842 #ifdef WOLFSSL_SHA33843 #ifndef WOLFSSL_NOSHA3_2243844 3940 case WC_HASH_TYPE_SHA3_224: 3941 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 3845 3942 wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); 3943 #endif 3846 3944 break; 3945 case WC_HASH_TYPE_SHA3_256: 3946 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 3947 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); 3847 3948 #endif 3848 3849 #ifndef WOLFSSL_NOSHA3_2563850 case WC_HASH_TYPE_SHA3_256:3851 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest);3852 3949 break; 3950 case WC_HASH_TYPE_SHA3_384: 3951 #if defined(WOLFSSL_SHA3) 3952 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); 3853 3953 #endif 3854 3855 case WC_HASH_TYPE_SHA3_384:3856 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest);3857 3954 break; 3858 3859 #ifndef WOLFSSL_NOSHA3_5123860 3955 case WC_HASH_TYPE_SHA3_512: 3956 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 3861 3957 wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); 3958 #endif 3862 3959 break; 3863 #endif 3864 #endif 3960 case WC_HASH_TYPE_NONE: 3961 case WC_HASH_TYPE_MD2: 3962 case WC_HASH_TYPE_MD4: 3963 case WC_HASH_TYPE_MD5_SHA: 3964 case WC_HASH_TYPE_BLAKE2B: 3965 case WC_HASH_TYPE_BLAKE2S: 3865 3966 default: 3866 return WOLFSSL_FAILURE; 3967 ret = WOLFSSL_FAILURE; 3968 break; 3867 3969 } 3868 3970 } 3869 3971 ForceZero(ctx, sizeof(*ctx)); 3870 3972 ctx->macType = WC_HASH_TYPE_NONE; 3871 return 1;3973 return ret; 3872 3974 } 3873 3975 … … 4011 4113 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ 4012 4114 ctx->keyLen = 0; 4115 #ifdef HAVE_AESGCM 4116 if (ctx->gcmBuffer) { 4117 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); 4118 ctx->gcmBuffer = NULL; 4119 } 4120 ctx->gcmBufferLen = 0; 4121 if (ctx->gcmAuthIn) { 4122 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); 4123 ctx->gcmAuthIn = NULL; 4124 } 4125 ctx->gcmAuthInSz = 0; 4126 #endif 4013 4127 } 4014 4128 … … 4081 4195 #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ 4082 4196 4197 4083 4198 #ifndef NO_AES 4199 #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ 4200 defined(WOLFSSL_AES_256) 4201 #define AES_SIZE_ANY 4202 #endif 4203 4204 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ 4205 defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \ 4206 defined(WOLFSSSL_AES_OFB) 4207 #define AES_SET_KEY 4208 #endif 4209 4210 #if defined(AES_SIZE_ANY) && defined(AES_SET_KEY) 4084 4211 static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, 4085 4212 const byte* iv, int dir, int direct) … … 4104 4231 return ret; 4105 4232 } 4106 #endif 4233 #endif /* AES_ANY_SIZE && AES_SET_KEY */ 4234 #endif /* NO_AES */ 4107 4235 4108 4236 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ … … 4139 4267 iv = ctx->iv; 4140 4268 } 4269 #endif 4270 #ifdef HAVE_AESGCM 4271 if (ctx->gcmAuthIn) { 4272 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); 4273 ctx->gcmAuthIn = NULL; 4274 } 4275 ctx->gcmAuthInSz = 0; 4141 4276 #endif 4142 4277 … … 4223 4358 #endif /* WOLFSSL_AES_256 */ 4224 4359 #endif /* HAVE_AES_CBC */ 4225 #if !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 4360 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 4361 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4226 4362 #ifdef HAVE_AESGCM 4227 4363 #ifdef WOLFSSL_AES_128 … … 4231 4367 ctx->cipherType = AES_128_GCM_TYPE; 4232 4368 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4233 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4369 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4370 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4234 4371 ctx->keyLen = 16; 4235 4372 ctx->block_size = AES_BLOCK_SIZE; … … 4237 4374 ctx->ivSz = GCM_NONCE_MID_SZ; 4238 4375 4239 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4240 4376 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4241 4377 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4256 4392 ctx->cipherType = AES_192_GCM_TYPE; 4257 4393 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4258 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4394 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4395 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4259 4396 ctx->keyLen = 24; 4260 4397 ctx->block_size = AES_BLOCK_SIZE; … … 4262 4399 ctx->ivSz = GCM_NONCE_MID_SZ; 4263 4400 4264 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4265 4401 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4266 4402 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4281 4417 ctx->cipherType = AES_256_GCM_TYPE; 4282 4418 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4283 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4419 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4420 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4284 4421 ctx->keyLen = 32; 4285 4422 ctx->block_size = AES_BLOCK_SIZE; … … 4287 4424 ctx->ivSz = GCM_NONCE_MID_SZ; 4288 4425 4289 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4290 4426 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4291 4427 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4301 4437 #endif /* WOLFSSL_AES_256 */ 4302 4438 #endif /* HAVE_AESGCM */ 4303 #endif /* !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)*/4439 #endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/ 4304 4440 #ifdef WOLFSSL_AES_COUNTER 4305 4441 #ifdef WOLFSSL_AES_128 … … 4388 4524 #endif /* WOLFSSL_AES_256 */ 4389 4525 #endif /* WOLFSSL_AES_COUNTER */ 4526 #ifdef HAVE_AES_ECB 4390 4527 #ifdef WOLFSSL_AES_128 4391 4528 if (ctx->cipherType == AES_128_ECB_TYPE || … … 4445 4582 } 4446 4583 #endif /* WOLFSSL_AES_256 */ 4584 #endif /* HAVE_AES_ECB */ 4447 4585 #ifdef WOLFSSL_AES_CFB 4448 4586 #ifdef WOLFSSL_AES_128 … … 4674 4812 } 4675 4813 #endif /* WOLFSSL_AES_256 */ 4676 #endif /* HAVE_AES_CFB */4814 #endif /* WOLFSSL_AES_CFB */ 4677 4815 #ifdef WOLFSSL_AES_OFB 4678 4816 #ifdef WOLFSSL_AES_128 … … 4904 5042 #endif /* NO_DES3 */ 4905 5043 #ifndef NO_RC4 4906 if (ctx->cipherType == ARC4_TYPE || (type &&4907 XSTRNCMP(type, "ARC4", 4) == 0)) {5044 if (ctx->cipherType == ARC4_TYPE || 5045 (type && XSTRNCMP(type, EVP_ARC4, 4) == 0)) { 4908 5046 WOLFSSL_MSG("ARC4"); 4909 5047 ctx->cipherType = ARC4_TYPE; … … 4941 5079 } 4942 5080 #endif /* HAVE_IDEA */ 4943 if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&4944 XSTRNCMP(type, "NULL", 4) == 0)) {5081 if (ctx->cipherType == NULL_CIPHER_TYPE || 5082 (type && XSTRNCMP(type, EVP_NULL, 4) == 0)) { 4945 5083 WOLFSSL_MSG("NULL cipher"); 4946 5084 ctx->cipherType = NULL_CIPHER_TYPE; … … 5017 5155 #endif 5018 5156 5019 /* WOLFSSL_SUCCESSon ok */5157 /* Return length on ok */ 5020 5158 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, 5021 5159 word32 len) … … 5030 5168 ctx->cipherType != AES_256_GCM_TYPE)) { 5031 5169 WOLFSSL_MSG("Bad function argument"); 5032 return 0; /* failure */5170 return WOLFSSL_FATAL_ERROR; 5033 5171 } 5034 5172 5035 5173 if (ctx->cipherType == 0xff) { 5036 5174 WOLFSSL_MSG("no init"); 5037 return 0; /* failure */5175 return WOLFSSL_FATAL_ERROR; 5038 5176 } 5039 5177 … … 5050 5188 else 5051 5189 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); 5190 if (ret == 0) 5191 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; 5052 5192 break; 5053 5193 #endif /* HAVE_AES_CBC */ … … 5063 5203 else 5064 5204 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); 5205 if (ret == 0) 5206 ret = len; 5065 5207 break; 5066 5208 case AES_128_CFB8_TYPE: … … 5072 5214 else 5073 5215 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); 5216 if (ret == 0) 5217 ret = len; 5074 5218 break; 5075 5219 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ … … 5082 5226 else 5083 5227 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); 5228 if (ret == 0) 5229 ret = len; 5084 5230 break; 5085 5231 #endif /* WOLFSSL_AES_CFB */ … … 5093 5239 else 5094 5240 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); 5241 if (ret == 0) 5242 ret = len; 5095 5243 break; 5096 5244 #endif /* WOLFSSL_AES_OFB */ … … 5105 5253 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, 5106 5254 ctx->iv, ctx->ivSz); 5255 if (ret == 0) 5256 ret = len; 5107 5257 break; 5108 5258 #endif /* WOLFSSL_AES_XTS */ … … 5113 5263 case AES_256_GCM_TYPE : 5114 5264 WOLFSSL_MSG("AES GCM"); 5115 if (ctx->enc) { 5116 if (dst){ 5117 /* encrypt confidential data*/ 5118 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, 5119 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5120 NULL, 0); 5121 } 5122 else { 5123 /* authenticated, non-confidential data */ 5124 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, 5125 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5126 src, len); 5127 /* Reset partial authTag error for AAD*/ 5128 if (ret == AES_GCM_AUTH_E) 5129 ret = 0; 5130 } 5265 if (!dst) { 5266 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); 5131 5267 } 5132 5268 else { 5133 if (dst){ 5134 /* decrypt confidential data*/ 5135 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, 5136 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5137 NULL, 0); 5138 } 5139 else { 5140 /* authenticated, non-confidential data*/ 5141 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, 5142 ctx->iv, ctx->ivSz, 5143 ctx->authTag, ctx->authTagSz, 5144 src, len); 5145 /* Reset partial authTag error for AAD*/ 5146 if (ret == AES_GCM_AUTH_E) 5147 ret = 0; 5148 } 5269 if (ctx->enc) 5270 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, 5271 len, ctx->iv, ctx->ivSz, ctx->authTag, 5272 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz); 5273 else 5274 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, 5275 len, ctx->iv, ctx->ivSz, ctx->authTag, 5276 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz); 5149 5277 } 5278 if (ret == 0) 5279 ret = len; 5150 5280 break; 5151 5281 #endif /* HAVE_AESGCM */ … … 5159 5289 else 5160 5290 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); 5291 if (ret == 0) 5292 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; 5161 5293 break; 5162 5294 #endif … … 5165 5297 case AES_192_CTR_TYPE : 5166 5298 case AES_256_CTR_TYPE : 5167 WOLFSSL_MSG("AES CTR"); 5168 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); 5299 WOLFSSL_MSG("AES CTR"); 5300 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); 5301 if (ret == 0) 5302 ret = len; 5169 5303 break; 5170 5304 #endif /* WOLFSSL_AES_COUNTER */ … … 5178 5312 else 5179 5313 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); 5314 if (ret == 0) 5315 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5180 5316 break; 5181 5317 case DES_EDE3_CBC_TYPE : … … 5185 5321 else 5186 5322 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); 5323 if (ret == 0) 5324 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5187 5325 break; 5188 5326 #ifdef WOLFSSL_DES_ECB … … 5190 5328 WOLFSSL_MSG("DES ECB"); 5191 5329 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); 5330 if (ret == 0) 5331 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5192 5332 break; 5193 5333 case DES_EDE3_ECB_TYPE : 5194 5334 WOLFSSL_MSG("DES3 ECB"); 5195 5335 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); 5336 if (ret == 0) 5337 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5196 5338 break; 5197 5339 #endif … … 5202 5344 WOLFSSL_MSG("ARC4"); 5203 5345 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); 5346 if (ret == 0) 5347 ret = len; 5204 5348 break; 5205 5349 #endif … … 5212 5356 else 5213 5357 wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); 5358 if (ret == 0) 5359 ret = (len / IDEA_BLOCK_SIZE) * IDEA_BLOCK_SIZE; 5214 5360 break; 5215 5361 #endif … … 5217 5363 WOLFSSL_MSG("NULL CIPHER"); 5218 5364 XMEMCPY(dst, src, len); 5365 ret = len; 5219 5366 break; 5220 5367 5221 5368 default: { 5222 5369 WOLFSSL_MSG("bad type"); 5223 return 0; /* failure */5224 } 5225 } 5226 5227 if (ret !=0) {5370 return WOLFSSL_FATAL_ERROR; 5371 } 5372 } 5373 5374 if (ret < 0) { 5228 5375 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); 5229 return 0; /* failure */5376 return WOLFSSL_FATAL_ERROR; 5230 5377 } 5231 5378 5232 5379 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { 5233 return WOLFSSL_FA ILURE;5380 return WOLFSSL_FATAL_ERROR; 5234 5381 } 5235 5382 5236 5383 WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); 5237 return WOLFSSL_SUCCESS; /* success */5384 return ret; 5238 5385 } 5239 5386 … … 5246 5393 WOLFSSL_ENTER("EVP_DigestInit"); 5247 5394 5248 if (ctx == NULL || md == NULL) {5395 if (ctx == NULL) { 5249 5396 return BAD_FUNC_ARG; 5250 5397 } … … 5260 5407 /* Set to 0 if no match */ 5261 5408 ctx->macType = wolfSSL_EVP_md2macType(md); 5262 if (XSTRNCMP(md, "SHA256", 6) == 0) { 5409 if (md == NULL) { 5410 XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); 5411 } 5412 else if (XSTRNCMP(md, "SHA256", 6) == 0) { 5263 5413 ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); 5264 5414 } … … 5326 5476 size_t sz) 5327 5477 { 5328 int macType; 5478 int ret = WOLFSSL_FAILURE; 5479 enum wc_HashType macType; 5329 5480 5330 5481 WOLFSSL_ENTER("EVP_DigestUpdate"); … … 5332 5483 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); 5333 5484 switch (macType) { 5334 #ifndef NO_MD45335 5485 case WC_HASH_TYPE_MD4: 5486 #ifndef NO_MD4 5336 5487 wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, 5337 5488 (unsigned long)sz); 5489 ret = WOLFSSL_SUCCESS; 5490 #endif 5338 5491 break; 5339 #endif5340 #ifndef NO_MD55341 5492 case WC_HASH_TYPE_MD5: 5342 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, 5493 #ifndef NO_MD5 5494 ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, 5343 5495 (unsigned long)sz); 5496 #endif 5344 5497 break; 5345 #endif5346 #ifndef NO_SHA5347 5498 case WC_HASH_TYPE_SHA: 5348 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, 5499 #ifndef NO_SHA 5500 ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, 5349 5501 (unsigned long)sz); 5502 #endif 5350 5503 break; 5351 #endif5352 #ifdef WOLFSSL_SHA2245353 5504 case WC_HASH_TYPE_SHA224: 5354 wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, 5505 #ifdef WOLFSSL_SHA224 5506 ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, 5355 5507 (unsigned long)sz); 5508 #endif 5356 5509 break; 5357 #endif5358 #ifndef NO_SHA2565359 5510 case WC_HASH_TYPE_SHA256: 5360 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, 5511 #ifndef NO_SHA256 5512 ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, 5361 5513 (unsigned long)sz); 5514 #endif /* !NO_SHA256 */ 5362 5515 break; 5363 #endif /* !NO_SHA256 */5364 #ifdef WOLFSSL_SHA3845365 5516 case WC_HASH_TYPE_SHA384: 5366 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, 5517 #ifdef WOLFSSL_SHA384 5518 ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, 5367 5519 (unsigned long)sz); 5520 #endif 5368 5521 break; 5369 #endif5370 #ifdef WOLFSSL_SHA5125371 5522 case WC_HASH_TYPE_SHA512: 5372 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, 5523 #ifdef WOLFSSL_SHA512 5524 ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, 5373 5525 (unsigned long)sz); 5526 #endif /* WOLFSSL_SHA512 */ 5374 5527 break; 5375 #endif /* WOLFSSL_SHA512 */5376 #ifdef WOLFSSL_SHA35377 #ifndef WOLFSSL_NOSHA3_2245378 5528 case WC_HASH_TYPE_SHA3_224: 5379 wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, 5529 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 5530 ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, 5380 5531 (unsigned long)sz); 5532 #endif 5381 5533 break; 5534 case WC_HASH_TYPE_SHA3_256: 5535 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 5536 ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, 5537 (unsigned long)sz); 5382 5538 #endif 5383 #ifndef WOLFSSL_NOSHA3_256 5384 case WC_HASH_TYPE_SHA3_256: 5385 wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, 5539 break; 5540 case WC_HASH_TYPE_SHA3_384: 5541 #if defined(WOLFSSL_SHA3) 5542 ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, 5386 5543 (unsigned long)sz); 5544 #endif 5387 5545 break; 5546 case WC_HASH_TYPE_SHA3_512: 5547 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 5548 ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, 5549 (unsigned long)sz); 5388 5550 #endif 5389 case WC_HASH_TYPE_SHA3_384:5390 wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,5391 (unsigned long)sz);5392 5551 break; 5393 #ifndef WOLFSSL_NOSHA3_512 5394 case WC_HASH_TYPE_SHA3_512: 5395 wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, 5396 (unsigned long)sz); 5397 break; 5398 #endif 5399 #endif 5552 case WC_HASH_TYPE_NONE: 5553 case WC_HASH_TYPE_MD2: 5554 case WC_HASH_TYPE_MD5_SHA: 5555 case WC_HASH_TYPE_BLAKE2B: 5556 case WC_HASH_TYPE_BLAKE2S: 5400 5557 default: 5401 5558 return WOLFSSL_FAILURE; 5402 5559 } 5403 5560 5404 return WOLFSSL_SUCCESS;5561 return ret; 5405 5562 } 5406 5563 … … 5409 5566 unsigned int* s) 5410 5567 { 5411 int macType; 5568 int ret = WOLFSSL_FAILURE; 5569 enum wc_HashType macType; 5412 5570 5413 5571 WOLFSSL_ENTER("EVP_DigestFinal"); 5414 5572 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); 5415 5573 switch (macType) { 5416 #ifndef NO_MD45417 5574 case WC_HASH_TYPE_MD4: 5575 #ifndef NO_MD4 5418 5576 wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); 5419 5577 if (s) *s = MD4_DIGEST_SIZE; 5578 ret = WOLFSSL_SUCCESS; 5579 #endif 5420 5580 break; 5421 #endif5422 #ifndef NO_MD55423 5581 case WC_HASH_TYPE_MD5: 5424 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); 5582 #ifndef NO_MD5 5583 ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); 5425 5584 if (s) *s = WC_MD5_DIGEST_SIZE; 5585 #endif 5426 5586 break; 5427 #endif5428 #ifndef NO_SHA5429 5587 case WC_HASH_TYPE_SHA: 5430 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); 5588 #ifndef NO_SHA 5589 ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); 5431 5590 if (s) *s = WC_SHA_DIGEST_SIZE; 5591 #endif 5432 5592 break; 5433 #endif5434 #ifdef WOLFSSL_SHA2245435 5593 case WC_HASH_TYPE_SHA224: 5436 wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); 5594 #ifdef WOLFSSL_SHA224 5595 ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); 5437 5596 if (s) *s = WC_SHA224_DIGEST_SIZE; 5597 #endif 5438 5598 break; 5439 #endif5440 #ifndef NO_SHA2565441 5599 case WC_HASH_TYPE_SHA256: 5442 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); 5600 #ifndef NO_SHA256 5601 ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); 5443 5602 if (s) *s = WC_SHA256_DIGEST_SIZE; 5603 #endif /* !NO_SHA256 */ 5444 5604 break; 5445 #endif /* !NO_SHA256 */5446 #ifdef WOLFSSL_SHA3845447 5605 case WC_HASH_TYPE_SHA384: 5448 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); 5606 #ifdef WOLFSSL_SHA384 5607 ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); 5449 5608 if (s) *s = WC_SHA384_DIGEST_SIZE; 5609 #endif 5450 5610 break; 5451 #endif5452 #ifdef WOLFSSL_SHA5125453 5611 case WC_HASH_TYPE_SHA512: 5454 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); 5612 #ifdef WOLFSSL_SHA512 5613 ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); 5455 5614 if (s) *s = WC_SHA512_DIGEST_SIZE; 5615 #endif /* WOLFSSL_SHA512 */ 5456 5616 break; 5457 #endif /* WOLFSSL_SHA512 */5458 #ifdef WOLFSSL_SHA35459 #ifndef WOLFSSL_NOSHA3_2245460 5617 case WC_HASH_TYPE_SHA3_224: 5461 wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); 5618 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 5619 ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); 5462 5620 if (s) *s = WC_SHA3_224_DIGEST_SIZE; 5621 #endif 5463 5622 break; 5623 case WC_HASH_TYPE_SHA3_256: 5624 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 5625 ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); 5626 if (s) *s = WC_SHA3_256_DIGEST_SIZE; 5464 5627 #endif 5465 #ifndef WOLFSSL_NOSHA3_2565466 case WC_HASH_TYPE_SHA3_256:5467 wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);5468 if (s) *s = WC_SHA3_256_DIGEST_SIZE;5469 5628 break; 5629 case WC_HASH_TYPE_SHA3_384: 5630 #if defined(WOLFSSL_SHA3) 5631 ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); 5632 if (s) *s = WC_SHA3_384_DIGEST_SIZE; 5470 5633 #endif 5471 case WC_HASH_TYPE_SHA3_384:5472 wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);5473 if (s) *s = WC_SHA3_384_DIGEST_SIZE;5474 5634 break; 5475 #ifndef WOLFSSL_NOSHA3_5125476 5635 case WC_HASH_TYPE_SHA3_512: 5477 wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); 5636 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 5637 ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); 5478 5638 if (s) *s = WC_SHA3_512_DIGEST_SIZE; 5639 #endif 5479 5640 break; 5480 #endif 5481 #endif 5641 case WC_HASH_TYPE_NONE: 5642 case WC_HASH_TYPE_MD2: 5643 case WC_HASH_TYPE_MD5_SHA: 5644 case WC_HASH_TYPE_BLAKE2B: 5645 case WC_HASH_TYPE_BLAKE2S: 5482 5646 default: 5483 5647 return WOLFSSL_FAILURE; 5484 5648 } 5485 5649 5486 return WOLFSSL_SUCCESS;5650 return ret; 5487 5651 } 5488 5652 … … 5512 5676 case NID_sha1: 5513 5677 return wolfSSL_EVP_sha1(); 5678 #endif 5679 #ifndef NO_SHA256 5680 case NID_sha256: 5681 return wolfSSL_EVP_sha256(); 5514 5682 #endif 5515 5683 default: … … 5581 5749 return WOLFSSL_FAILURE; 5582 5750 5751 if (wolfSSL_RSA_up_ref(key) != WOLFSSL_SUCCESS) { 5752 WOLFSSL_MSG("wolfSSL_RSA_up_ref failed"); 5753 return WOLFSSL_FAILURE; 5754 } 5583 5755 if (pkey->rsa != NULL && pkey->ownRsa == 1) { 5584 5756 wolfSSL_RSA_free(pkey->rsa); 5585 5757 } 5586 5758 pkey->rsa = key; 5587 pkey->ownRsa = 0; /* pkey does not own RSA*/5759 pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ 5588 5760 pkey->type = EVP_PKEY_RSA; 5589 5761 if (key->inSet == 0) { … … 5718 5890 5719 5891 return WOLFSSL_SUCCESS; 5892 } 5893 5894 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey) 5895 { 5896 if (!pkey) { 5897 return NULL; 5898 } 5899 return pkey->dsa; 5720 5900 } 5721 5901 … … 5814 5994 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 5815 5995 #if !defined(NO_DH) && !defined(NO_FILESYSTEM) 5996 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) 5816 5997 /* with set1 functions the pkey struct does not own the DH structure 5817 5998 * Build the following DH Key format from the passed in WOLFSSL_DH … … 5892 6073 return WOLFSSL_SUCCESS; 5893 6074 } 6075 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 5894 6076 5895 6077 WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key) … … 5901 6083 } 5902 6084 6085 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) 5903 6086 WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) 5904 6087 { … … 5934 6117 return local; 5935 6118 } 6119 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 5936 6120 #endif /* NO_DH && NO_FILESYSTEM */ 5937 6121 … … 5959 6143 break; 5960 6144 #endif 5961 #if def NO_DH6145 #ifndef NO_DH 5962 6146 case EVP_PKEY_DH: 5963 6147 ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); … … 5975 6159 #if defined(HAVE_ECC) 5976 6160 /* try and populate public pkey_sz and pkey.ptr */ 5977 static voidECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)5978 { 5979 int ret;6161 static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) 6162 { 6163 word32 derSz = 0; 5980 6164 if (!pkey || !ecc) 5981 return; 5982 if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { 5983 int derSz = ret; 5984 char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 6165 return WOLFSSL_FAILURE; 6166 if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) { 6167 byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); 5985 6168 if (derBuf) { 5986 ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); 5987 if (ret >= 0) { 6169 if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) >= 0) { 5988 6170 if (pkey->pkey.ptr) { 5989 6171 XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); 5990 6172 } 5991 pkey->pkey_sz = ret; 5992 pkey->pkey.ptr = derBuf; 5993 } 5994 else { /* failure - okay to ignore */ 5995 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 6173 pkey->pkey_sz = (int)derSz; 6174 pkey->pkey.ptr = (char*)derBuf; 6175 return WOLFSSL_SUCCESS; 6176 } 6177 else { 6178 XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); 5996 6179 derBuf = NULL; 5997 6180 } 5998 6181 } 5999 6182 } 6183 return WOLFSSL_FAILURE; 6000 6184 } 6001 6185 … … 6029 6213 pkey->ownEcc = 0; /* pkey does not own EC key */ 6030 6214 pkey->type = EVP_PKEY_EC; 6031 ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6032 return WOLFSSL_SUCCESS; 6215 return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6033 6216 #else 6034 6217 (void)pkey; … … 6066 6249 6067 6250 /* try and populate public pkey_sz and pkey.ptr */ 6068 ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6069 6070 return WOLFSSL_SUCCESS; 6251 return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6071 6252 } 6072 6253 #endif /* HAVE_ECC */ … … 6180 6361 return AES_BLOCK_SIZE; 6181 6362 #endif 6363 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 6364 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 6182 6365 #ifdef HAVE_AESGCM 6183 6366 case AES_128_GCM_TYPE : … … 6187 6370 return GCM_NONCE_MID_SZ; 6188 6371 #endif 6372 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ 6189 6373 #ifdef WOLFSSL_AES_COUNTER 6190 6374 case AES_128_CTR_TYPE : … … 6265 6449 #ifdef HAVE_AES_CBC 6266 6450 #ifdef WOLFSSL_AES_128 6267 if ( EVP_AES_128_CBC &&XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)6451 if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) 6268 6452 return AES_BLOCK_SIZE; 6269 6453 #endif 6270 6454 #ifdef WOLFSSL_AES_192 6271 if ( EVP_AES_192_CBC &&XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0)6455 if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) 6272 6456 return AES_BLOCK_SIZE; 6273 6457 #endif 6274 6458 #ifdef WOLFSSL_AES_256 6275 if ( EVP_AES_256_CBC &&XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)6459 if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) 6276 6460 return AES_BLOCK_SIZE; 6277 6461 #endif 6278 6462 #endif /* HAVE_AES_CBC */ 6463 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 6464 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 6279 6465 #ifdef HAVE_AESGCM 6280 6466 #ifdef WOLFSSL_AES_128 6281 if ( EVP_AES_128_GCM &&XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0)6467 if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) 6282 6468 return GCM_NONCE_MID_SZ; 6283 6469 #endif 6284 6470 #ifdef WOLFSSL_AES_192 6285 if ( EVP_AES_192_GCM &&XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0)6471 if (XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0) 6286 6472 return GCM_NONCE_MID_SZ; 6287 6473 #endif 6288 6474 #ifdef WOLFSSL_AES_256 6289 if ( EVP_AES_256_GCM &&XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0)6475 if (XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0) 6290 6476 return GCM_NONCE_MID_SZ; 6291 6477 #endif 6292 6478 #endif /* HAVE_AESGCM */ 6479 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ 6293 6480 #ifdef WOLFSSL_AES_COUNTER 6294 6481 #ifdef WOLFSSL_AES_128 6295 if ( EVP_AES_128_CTR &&XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0)6482 if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) 6296 6483 return AES_BLOCK_SIZE; 6297 6484 #endif 6298 6485 #ifdef WOLFSSL_AES_192 6299 if ( EVP_AES_192_CTR &&XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0)6486 if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) 6300 6487 return AES_BLOCK_SIZE; 6301 6488 #endif 6302 6489 #ifdef WOLFSSL_AES_256 6303 if ( EVP_AES_256_CTR &&XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)6490 if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) 6304 6491 return AES_BLOCK_SIZE; 6305 6492 #endif … … 6307 6494 #ifdef WOLFSSL_AES_XTS 6308 6495 #ifdef WOLFSSL_AES_128 6309 if ( EVP_AES_128_XTS &&XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0)6496 if (XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0) 6310 6497 return AES_BLOCK_SIZE; 6311 6498 #endif /* WOLFSSL_AES_128 */ 6312 6499 6313 6500 #ifdef WOLFSSL_AES_256 6314 if ( EVP_AES_256_XTS &&XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0)6501 if (XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0) 6315 6502 return AES_BLOCK_SIZE; 6316 6503 #endif /* WOLFSSL_AES_256 */ … … 6320 6507 6321 6508 #ifndef NO_DES3 6322 if (( EVP_DES_CBC &&XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) ||6323 ( EVP_DES_EDE3_CBC &&XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) {6509 if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) || 6510 (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { 6324 6511 return DES_BLOCK_SIZE; 6325 6512 } … … 6327 6514 6328 6515 #ifdef HAVE_IDEA 6329 if ( EVP_IDEA_CBC &&XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0)6516 if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0) 6330 6517 return IDEA_BLOCK_SIZE; 6331 6518 #endif … … 6382 6569 6383 6570 6384 int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey)6571 int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey) 6385 6572 { 6386 6573 if (pkey != NULL) … … 6390 6577 6391 6578 6392 int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey)6579 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey) 6393 6580 { 6394 6581 if (pkey == NULL) … … 6397 6584 } 6398 6585 6586 int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) 6587 { 6588 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get_default_digest_nid"); 6589 6590 if (!pkey || !pnid) { 6591 WOLFSSL_MSG("Bad parameter"); 6592 return WOLFSSL_FAILURE; 6593 } 6594 6595 switch (pkey->type) { 6596 case EVP_PKEY_HMAC: 6597 #ifndef NO_DSA 6598 case EVP_PKEY_DSA: 6599 #endif 6600 #ifndef NO_RSA 6601 case EVP_PKEY_RSA: 6602 #endif 6603 #ifdef HAVE_ECC 6604 case EVP_PKEY_EC: 6605 #endif 6606 *pnid = NID_sha256; 6607 return WOLFSSL_SUCCESS; 6608 default: 6609 return WOLFSSL_FAILURE; 6610 } 6611 } 6399 6612 6400 6613 /* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ … … 6408 6621 wc_UnLockMutex(&pkey->refMutex); 6409 6622 6410 return 1;6411 } 6412 6413 return 0;6623 return WOLFSSL_SUCCESS; 6624 } 6625 6626 return WOLFSSL_FAILURE; 6414 6627 } 6415 6628 … … 6479 6692 #endif /* OPENSSL_EXTRA */ 6480 6693 6481 #if defined(OPENSSL_EXTRA _X509_SMALL)6694 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 6482 6695 /* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the 6483 6696 * subset of X509 API */ … … 6503 6716 ret = wc_InitRng(&pkey->rng); 6504 6717 #endif 6718 pkey->references = 1; 6719 wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before 6720 * wolfSSL_EVP_PKEY_free */ 6505 6721 if (ret != 0){ 6506 6722 wolfSSL_EVP_PKEY_free(pkey); … … 6508 6724 return NULL; 6509 6725 } 6510 pkey->references = 1;6511 wc_InitMutex(&pkey->refMutex);6512 6726 } 6513 6727 else { … … 6591 6805 } 6592 6806 6593 #endif /* OPENSSL_EXTRA_X509_SMALL */ 6807 #if !defined(NO_PWDBASED) 6808 int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, 6809 int* pHash, int* pHashSz) 6810 { 6811 enum wc_HashType hash = WC_HASH_TYPE_NONE; 6812 int hashSz; 6813 6814 if (XSTRLEN(evp) < 3) { 6815 /* do not try comparing strings if size is too small */ 6816 return WOLFSSL_FAILURE; 6817 } 6818 6819 if (XSTRNCMP("SHA", evp, 3) == 0) { 6820 if (XSTRLEN(evp) > 3) { 6821 #ifndef NO_SHA256 6822 if (XSTRNCMP("SHA256", evp, 6) == 0) { 6823 hash = WC_HASH_TYPE_SHA256; 6824 } 6825 else 6826 #endif 6827 #ifdef WOLFSSL_SHA384 6828 if (XSTRNCMP("SHA384", evp, 6) == 0) { 6829 hash = WC_HASH_TYPE_SHA384; 6830 } 6831 else 6832 #endif 6833 #ifdef WOLFSSL_SHA512 6834 if (XSTRNCMP("SHA512", evp, 6) == 0) { 6835 hash = WC_HASH_TYPE_SHA512; 6836 } 6837 else 6838 #endif 6839 if (XSTRNCMP("SHA1", evp, 4) == 0) { 6840 hash = WC_HASH_TYPE_SHA; 6841 } 6842 else { 6843 WOLFSSL_MSG("Unknown SHA hash"); 6844 } 6845 } 6846 else { 6847 hash = WC_HASH_TYPE_SHA; 6848 } 6849 } 6850 #ifdef WOLFSSL_MD2 6851 else if (XSTRNCMP("MD2", evp, 3) == 0) { 6852 hash = WC_HASH_TYPE_MD2; 6853 } 6854 #endif 6855 #ifndef NO_MD4 6856 else if (XSTRNCMP("MD4", evp, 3) == 0) { 6857 hash = WC_HASH_TYPE_MD4; 6858 } 6859 #endif 6860 #ifndef NO_MD5 6861 else if (XSTRNCMP("MD5", evp, 3) == 0) { 6862 hash = WC_HASH_TYPE_MD5; 6863 } 6864 #endif 6865 6866 if (pHash) 6867 *pHash = hash; 6868 6869 hashSz = wc_HashGetDigestSize(hash); 6870 if (pHashSz) 6871 *pHashSz = hashSz; 6872 6873 if (hashSz < 0) { 6874 return WOLFSSL_FAILURE; 6875 } 6876 6877 return WOLFSSL_SUCCESS; 6878 } 6879 #endif /* !defined(NO_PWDBASED) */ 6880 6881 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 6594 6882 6595 6883 #endif /* WOLFSSL_EVP_INCLUDED */ -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/hash.c
r457 r464 34 34 #include <wolfssl/wolfcrypt/hash.h> 35 35 #include <wolfssl/wolfcrypt/hmac.h> 36 #include <wolfssl/wolfcrypt/cryptocb.h> 36 37 37 38 #ifdef NO_INLINE … … 625 626 int ret = HASH_TYPE_E; /* Default to hash type error */ 626 627 627 if (hash == NULL || data == NULL)628 if (hash == NULL || (data == NULL && dataSz > 0)) 628 629 return BAD_FUNC_ARG; 629 630 … … 1027 1028 wc_Sha sha[1]; 1028 1029 #endif 1030 int devId = INVALID_DEVID; 1029 1031 1030 1032 #ifdef WOLFSSL_SMALL_STACK … … 1034 1036 #endif 1035 1037 1036 if ((ret = wc_InitSha(sha)) != 0) { 1038 #ifdef WOLF_CRYPTO_CB 1039 /* only use devId if its not an empty hash */ 1040 if (data != NULL && len > 0) 1041 devId = wc_CryptoCb_GetDevIdAtIndex(0); 1042 #endif 1043 1044 if ((ret = wc_InitSha_ex(sha, NULL, devId)) != 0) { 1037 1045 WOLFSSL_MSG("InitSha failed"); 1038 1046 } … … 1102 1110 wc_Sha256 sha256[1]; 1103 1111 #endif 1112 int devId = INVALID_DEVID; 1104 1113 1105 1114 #ifdef WOLFSSL_SMALL_STACK … … 1110 1119 #endif 1111 1120 1112 if ((ret = wc_InitSha256(sha256)) != 0) { 1121 #ifdef WOLF_CRYPTO_CB 1122 /* only use devId if its not an empty hash */ 1123 if (data != NULL && len > 0) 1124 devId = wc_CryptoCb_GetDevIdAtIndex(0); 1125 #endif 1126 1127 if ((ret = wc_InitSha256_ex(sha256, NULL, devId)) != 0) { 1113 1128 WOLFSSL_MSG("InitSha256 failed"); 1114 1129 } -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/hmac.c
r457 r464 25 25 #endif 26 26 27 #include <wolfssl/wolfcrypt/ settings.h>27 #include <wolfssl/wolfcrypt/wc_port.h> 28 28 #include <wolfssl/wolfcrypt/error-crypt.h> 29 29 … … 1015 1015 1016 1016 if (ret == 0) 1017 ret 1017 ret = wc_HmacInit(hmac, heap, devId); 1018 1018 if (ret == 0) { 1019 1019 XMEMCPY(hmac->id, id, len); 1020 1020 hmac->idLen = len; 1021 } 1022 1023 return ret; 1024 } 1025 1026 int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, int devId) 1027 { 1028 int ret = 0; 1029 int labelLen = 0; 1030 1031 if (hmac == NULL || label == NULL) 1032 ret = BAD_FUNC_ARG; 1033 if (ret == 0) { 1034 labelLen = (int)XSTRLEN(label); 1035 if (labelLen == 0 || labelLen > HMAC_MAX_LABEL_LEN) 1036 ret = BUFFER_E; 1037 } 1038 1039 if (ret == 0) 1040 ret = wc_HmacInit(hmac, heap, devId); 1041 if (ret == 0) { 1042 XMEMCPY(hmac->label, label, labelLen); 1043 hmac->labelLen = labelLen; 1021 1044 } 1022 1045 … … 1217 1240 byte n = 0x1; 1218 1241 1242 /* RFC 5869 states that the length of output keying material in 1243 octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ 1244 1245 if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) 1246 return BAD_FUNC_ARG; 1247 1219 1248 ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); 1220 1249 if (ret != 0) 1221 1250 return ret; 1251 1222 1252 1223 1253 while (outIdx < outSz) { -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/integer.c
r457 r464 272 272 int mp_leading_bit (mp_int * a) 273 273 { 274 int bit = 0; 275 mp_int t; 276 277 if (mp_init_copy(&t, a) != MP_OKAY) 278 return 0; 279 280 while (mp_iszero(&t) == MP_NO) { 281 #ifndef MP_8BIT 282 bit = (t.dp[0] & 0x80) != 0; 283 #else 284 bit = ((t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80) != 0; 285 #endif 286 if (mp_div_2d (&t, 8, &t, NULL) != MP_OKAY) 287 break; 288 } 289 mp_clear(&t); 290 return bit; 274 int c = mp_count_bits(a); 275 276 if (c == 0) return 0; 277 return (c % 8) == 0; 291 278 } 292 279 … … 335 322 len = mp_unsigned_bin_size(a); 336 323 324 if (len > c) { 325 return MP_VAL; 326 } 327 337 328 /* pad front w/ zeros to match length */ 338 for (i = 0; i < c - len; i++) 339 b[i] = 0x00; 329 for (i = 0; i < c - len; i++) { 330 b[i] = 0x00; 331 } 340 332 return mp_to_unsigned_bin(a, b + i); 341 333 } … … 555 547 } 556 548 549 int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m) 550 { 551 (void)c; 552 if (m == 1) 553 mp_exch(a, b); 554 return MP_OKAY; 555 } 556 557 557 558 558 /* shift right a certain number of bits */ … … 563 563 mp_digit D = x; 564 564 565 /* shifting by a negative number not supported, and shifting by 566 * zero changes nothing. 567 */ 568 if (x <= 0) return; 569 570 /* shift digits first if needed */ 571 if (x >= DIGIT_BIT) { 572 mp_rshd(c, x / DIGIT_BIT); 573 /* recalculate number of bits to shift */ 574 D = x % DIGIT_BIT; 575 /* check if any more shifting needed */ 576 if (D == 0) return; 577 } 578 579 /* zero shifted is always zero */ 565 580 if (mp_iszero(c)) return; 566 581 … … 670 685 } 671 686 /* clear the digit that is not completely outside/inside the modulus */ 672 c->dp[b / DIGIT_BIT] &= (mp_digit) ((((mp_digit) 1) << 673 (((mp_digit) b) % DIGIT_BIT)) - ((mp_digit) 1)); 687 x = DIGIT_BIT - (b % DIGIT_BIT); 688 if (x != DIGIT_BIT) { 689 c->dp[b / DIGIT_BIT] &= ~((mp_digit)0) >> (x + ((sizeof(mp_digit)*8) - DIGIT_BIT)); 690 } 674 691 mp_clamp (c); 675 692 return MP_OKAY; … … 681 698 { 682 699 int res; 683 684 /* make sure there are at least two digits */ 685 if (a->alloc < 2) { 686 if ((res = mp_grow(a, 2)) != MP_OKAY) { 700 int digits_needed; 701 702 while (c > 0 && b[0] == 0) { 703 c--; 704 b++; 705 } 706 707 digits_needed = ((c * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT; 708 709 /* make sure there are enough digits available */ 710 if (a->alloc < digits_needed) { 711 if ((res = mp_grow(a, digits_needed)) != MP_OKAY) { 687 712 return res; 688 713 } … … 700 725 #ifndef MP_8BIT 701 726 a->dp[0] |= *b++; 702 a->used += 1; 727 if (a->used == 0) 728 a->used = 1; 703 729 #else 704 730 a->dp[0] = (*b & MP_MASK); 705 731 a->dp[1] |= ((*b++ >> 7U) & 1); 706 a->used += 2; 732 if (a->used == 0) 733 a->used = 2; 707 734 #endif 708 735 } … … 1578 1605 mp_clamp (b); 1579 1606 return MP_OKAY; 1607 } 1608 1609 /* c = a / 2 (mod b) - constant time (a < b and positive) */ 1610 int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c) 1611 { 1612 int res; 1613 1614 if (mp_isodd(a)) { 1615 res = mp_add(a, b, c); 1616 if (res == MP_OKAY) { 1617 res = mp_div_2(c, c); 1618 } 1619 } 1620 else { 1621 res = mp_div_2(a, c); 1622 } 1623 1624 return res; 1580 1625 } 1581 1626 … … 1991 2036 #ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C 1992 2037 if (((P->used * 2 + 1) < (int)MP_WARRAY) && 1993 P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {2038 P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 1994 2039 redux = fast_mp_montgomery_reduce; 1995 2040 } else … … 2237 2282 #ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C 2238 2283 if (((P->used * 2 + 1) < (int)MP_WARRAY) && 2239 P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {2284 P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 2240 2285 redux = fast_mp_montgomery_reduce; 2241 2286 } else 2242 2287 #endif 2288 #ifdef BN_MP_MONTGOMERY_REDUCE_C 2243 2289 { 2244 #ifdef BN_MP_MONTGOMERY_REDUCE_C2245 2290 /* use slower baseline Montgomery method */ 2246 2291 redux = mp_montgomery_reduce; 2247 #else 2248 return MP_VAL; 2249 #endif 2292 } 2293 #endif 2294 2295 if (redux == NULL) { 2296 return MP_VAL; 2250 2297 } 2251 2298 … … 2449 2496 #endif 2450 2497 2498 XMEMSET(W, 0, (n->used * 2 + 1) * sizeof(mp_word)); 2499 2451 2500 /* first we have to get the digits of the input into 2452 2501 * an array of double precision words W[...] … … 2465 2514 for (ix = 0; ix < x->used; ix++) { 2466 2515 *_W++ = *tmpx++; 2467 }2468 2469 /* zero the high words of W[a->used..m->used*2] */2470 for (; ix < n->used * 2 + 1; ix++) {2471 *_W++ = 0;2472 2516 } 2473 2517 } … … 2597 2641 if ((digs < (int)MP_WARRAY) && 2598 2642 n->used < 2599 (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {2643 (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 2600 2644 return fast_mp_montgomery_reduce (x, n, rho); 2601 2645 } … … 2997 3041 } 2998 3042 3043 /* d = a - b (mod c) - a < c and b < c and positive */ 3044 int mp_submod_ct(mp_int* a, mp_int* b, mp_int* c, mp_int* d) 3045 { 3046 int res; 3047 3048 res = mp_sub(a, b, d); 3049 if (res == MP_OKAY && mp_isneg(d)) { 3050 res = mp_add(d, c, d); 3051 } 3052 3053 return res; 3054 } 3055 3056 /* d = a + b (mod c) - a < c and b < c and positive */ 3057 int mp_addmod_ct(mp_int* a, mp_int* b, mp_int* c, mp_int* d) 3058 { 3059 int res; 3060 3061 res = mp_add(a, b, d); 3062 if (res == MP_OKAY && mp_cmp(d, c) != MP_LT) { 3063 res = mp_sub(d, c, d); 3064 } 3065 3066 return res; 3067 } 3068 2999 3069 /* computes b = a*a */ 3000 3070 int mp_sqr (mp_int * a, mp_int * b) … … 3044 3114 if ((digs < (int)MP_WARRAY) && 3045 3115 MIN(a->used, b->used) <= 3046 (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {3116 (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 3047 3117 res = fast_s_mp_mul_digs (a, b, c, digs); 3048 3118 } else … … 3507 3577 if ((digs < (int)MP_WARRAY) && 3508 3578 MIN (a->used, b->used) < 3509 (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {3579 (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 3510 3580 return fast_s_mp_mul_digs (a, b, c, digs); 3511 3581 } … … 4015 4085 if (((a->used + b->used + 1) < (int)MP_WARRAY) 4016 4086 && MIN (a->used, b->used) < 4017 (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {4087 (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { 4018 4088 return fast_s_mp_mul_high_digs (a, b, c, digs); 4019 4089 } … … 4325 4395 int res, ix, oldused; 4326 4396 4397 if (b > MP_MASK) return MP_VAL; 4398 4327 4399 /* grow c as required */ 4328 4400 if (c->alloc < a->used + 1) { … … 4512 4584 4513 4585 if (w >= b) { 4586 #ifdef WOLFSSL_LINUXKM 4587 t = (mp_digit)w; 4588 /* Linux kernel macro for in-place 64 bit integer division. */ 4589 do_div(t, b); 4590 #else 4514 4591 t = (mp_digit)(w / b); 4592 #endif 4515 4593 w -= ((mp_word)t) * ((mp_word)b); 4516 4594 } else { … … 4544 4622 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA) 4545 4623 4546 const mp_digit ltm_prime_tab[PRIME_SIZE] = {4624 const FLASH_QUALIFIER mp_digit ltm_prime_tab[PRIME_SIZE] = { 4547 4625 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, 4548 4626 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, … … 4635 4713 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) 4636 4714 #ifndef WOLFSSL_SP_NO_2048 4637 if (mp_count_bits(a) == 1024 )4715 if (mp_count_bits(a) == 1024 && mp_isodd(a)) 4638 4716 err = sp_ModExp_1024(b, &r, a, &y); 4639 else if (mp_count_bits(a) == 2048 )4717 else if (mp_count_bits(a) == 2048 && mp_isodd(a)) 4640 4718 err = sp_ModExp_2048(b, &r, a, &y); 4641 4719 else 4642 4720 #endif 4643 4721 #ifndef WOLFSSL_SP_NO_3072 4644 if (mp_count_bits(a) == 1536 )4722 if (mp_count_bits(a) == 1536 && mp_isodd(a)) 4645 4723 err = sp_ModExp_1536(b, &r, a, &y); 4646 else if (mp_count_bits(a) == 3072 )4724 else if (mp_count_bits(a) == 3072 && mp_isodd(a)) 4647 4725 err = sp_ModExp_3072(b, &r, a, &y); 4648 4726 else 4649 4727 #endif 4650 4728 #ifdef WOLFSSL_SP_4096 4651 if (mp_count_bits(a) == 4096 )4729 if (mp_count_bits(a) == 4096 && mp_isodd(a)) 4652 4730 err = sp_ModExp_4096(b, &r, a, &y); 4653 4731 else … … 5090 5168 5091 5169 /* chars used in radix conversions */ 5092 const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ \5093 5170 const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" 5171 "abcdefghijklmnopqrstuvwxyz+/"; 5094 5172 #endif 5095 5173 … … 5179 5257 /* special case for binary */ 5180 5258 if (radix == MP_RADIX_BIN) { 5181 *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1; 5259 *size = mp_count_bits(a); 5260 if (*size == 0) 5261 *size = 1; 5262 *size += (a->sign == MP_NEG ? 1 : 0) + 1; /* "-" sign + null term */ 5182 5263 return MP_OKAY; 5183 5264 } … … 5189 5270 5190 5271 if (mp_iszero(a) == MP_YES) { 5191 *size = 2; 5272 #ifndef WC_DISABLE_RADIX_ZERO_PAD 5273 if (radix == 16) 5274 *size = 3; 5275 else 5276 #endif 5277 *size = 2; 5192 5278 return MP_OKAY; 5193 5279 } … … 5195 5281 /* digs is the digit count */ 5196 5282 digs = 0; 5197 5198 /* if it's negative add one for the sign */5199 if (a->sign == MP_NEG) {5200 ++digs;5201 }5202 5283 5203 5284 /* init a copy of the input */ … … 5219 5300 mp_clear (&t); 5220 5301 5302 #ifndef WC_DISABLE_RADIX_ZERO_PAD 5303 /* For hexadecimal output, add zero padding when number of digits is odd */ 5304 if ((digs & 1) && (radix == 16)) { 5305 ++digs; 5306 } 5307 #endif 5308 5309 /* if it's negative add one for the sign */ 5310 if (a->sign == MP_NEG) { 5311 ++digs; 5312 } 5313 5221 5314 /* return digs + 1, the 1 is for the NULL byte that would be required. */ 5222 5315 *size = digs + 1; … … 5239 5332 /* quick out if its zero */ 5240 5333 if (mp_iszero(a) == MP_YES) { 5334 #ifndef WC_DISABLE_RADIX_ZERO_PAD 5335 if (radix == 16) { 5336 *str++ = '0'; 5337 } 5338 #endif 5241 5339 *str++ = '0'; 5242 5340 *str = '\0'; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/logging.c
r457 r464 112 112 #endif /* WOLFSSL_FUNC_TIME */ 113 113 114 #ifdef HAVE_WC_INTROSPECTION 115 116 const char *wolfSSL_configure_args(void) { 117 #ifdef LIBWOLFSSL_CONFIGURE_ARGS 118 /* the spaces on either side are to make matching simple and efficient. */ 119 return " " LIBWOLFSSL_CONFIGURE_ARGS " "; 120 #else 121 return NULL; 122 #endif 123 } 124 125 const char *wolfSSL_global_cflags(void) { 126 #ifdef LIBWOLFSSL_GLOBAL_CFLAGS 127 /* the spaces on either side are to make matching simple and efficient. */ 128 return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; 129 #else 130 return NULL; 131 #endif 132 } 133 134 #endif /* HAVE_WC_INTROSPECTION */ 135 136 #ifdef HAVE_STACK_SIZE_VERBOSE 137 138 THREAD_LS_T unsigned char *StackSizeCheck_myStack = NULL; 139 THREAD_LS_T size_t StackSizeCheck_stackSize = 0; 140 THREAD_LS_T size_t StackSizeCheck_stackSizeHWM = 0; 141 THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr = 0; 142 THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0; 143 144 #endif /* HAVE_STACK_SIZE_VERBOSE */ 145 114 146 #ifdef DEBUG_WOLFSSL 115 147 … … 231 263 #elif defined(WOLFSSL_ANDROID_DEBUG) 232 264 #include <android/log.h> 233 #else 234 #include <stdio.h> /* for default printf stuff */ 265 #elif defined(WOLFSSL_XILINX) 266 #include "xil_printf.h" 267 #elif defined(WOLFSSL_LINUXKM) 268 /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */ 269 #elif defined(FUSION_RTOS) 270 #include <fclstdio.h> 271 #include <wolfssl/wolfcrypt/wc_port.h> 272 #define fprintf FCL_FPRINTF 273 #else 274 #include <stdio.h> /* for default printf stuff */ 235 275 #endif 236 276 … … 264 304 #elif defined(MQX_USE_IO_OLD) 265 305 fprintf(_mqxio_stderr, "%s\n", logMessage); 266 267 306 #elif defined(WOLFSSL_APACHE_MYNEWT) 268 307 LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage); … … 275 314 #elif defined(WOLFSSL_ANDROID_DEBUG) 276 315 __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", logMessage); 316 #elif defined(WOLFSSL_XILINX) 317 xil_printf("%s\r\n", logMessage); 318 #elif defined(WOLFSSL_LINUXKM) 319 printk("%s\n", logMessage); 277 320 #else 278 321 fprintf(stderr, "%s\n", logMessage); … … 818 861 { 819 862 next = current->next; 820 cb(current->error, strlen(current->error), u);863 cb(current->error, XSTRLEN(current->error), u); 821 864 XFREE(current, current->heap, DYNAMIC_TYPE_LOG); 822 865 current = next; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/md5.c
r457 r464 128 128 cau_md5_hash_n((byte*)data, 1, (unsigned char*)md5->digest); 129 129 #else 130 MMCAU_MD5_HashN((byte*)data, 1, ( uint32_t*)md5->digest);130 MMCAU_MD5_HashN((byte*)data, 1, (word32*)md5->digest); 131 131 #endif 132 132 wolfSSL_CryptHwMutexUnLock(); … … 149 149 cau_md5_hash_n(local, 1, (unsigned char*)md5->digest); 150 150 #else 151 MMCAU_MD5_HashN(local, 1, ( uint32_t*)md5->digest);151 MMCAU_MD5_HashN(local, 1, (word32*)md5->digest); 152 152 #endif 153 153 data += WC_MD5_BLOCK_SIZE; … … 163 163 #else 164 164 MMCAU_MD5_HashN((byte*)data, len / WC_MD5_BLOCK_SIZE, 165 ( uint32_t*)md5->digest);165 (word32*)md5->digest); 166 166 #endif 167 167 } -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/memory.c
r457 r464 313 313 314 314 int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, 315 unsigned char* buf, unsigned int sz, int flag, int max )315 unsigned char* buf, unsigned int sz, int flag, int maxSz) 316 316 { 317 317 int ret; … … 363 363 /* determine what max applies too */ 364 364 if ((flag & WOLFMEM_IO_POOL) || (flag & WOLFMEM_IO_POOL_FIXED)) { 365 heap->maxIO = max ;365 heap->maxIO = maxSz; 366 366 } 367 367 else { /* general memory used in handshakes */ 368 heap->maxHa = max ;368 heap->maxHa = maxSz; 369 369 } 370 370 … … 372 372 *pHint = hint; 373 373 374 (void)max ;374 (void)maxSz; 375 375 376 376 return 0; -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/misc.c
r457 r464 19 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 20 */ 21 22 21 /* 22 23 DESCRIPTION 24 This module implements the arithmetic-shift right, left, byte swapping, XOR, 25 masking and clearing memory logic. 26 27 */ 23 28 #ifdef HAVE_CONFIG_H 24 29 #include <config.h> … … 78 83 79 84 #else /* generic */ 85 /* This routine performs a left circular arithmetic shift of <x> by <y> value. */ 80 86 81 87 WC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y) … … 84 90 } 85 91 86 92 /* This routine performs a right circular arithmetic shift of <x> by <y> value. */ 87 93 WC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y) 88 94 { … … 92 98 #endif 93 99 94 100 #ifdef WC_RC2 101 102 /* This routine performs a left circular arithmetic shift of <x> by <y> value */ 103 WC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y) 104 { 105 return (x << y) | (x >> (sizeof(y) * 8 - y)); 106 } 107 108 109 /* This routine performs a right circular arithmetic shift of <x> by <y> value */ 110 WC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y) 111 { 112 return (x >> y) | (x << (sizeof(y) * 8 - y)); 113 } 114 115 #endif /* WC_RC2 */ 116 117 /* This routine performs a byte swap of 32-bit word value. */ 95 118 WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value) 96 119 { … … 105 128 defined(__GNUC_PREREQ) && __GNUC_PREREQ(4, 3) 106 129 return (word32)__builtin_bswap32(value); 130 #elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \ 131 defined(__aarch64__) 132 __asm__ volatile ( 133 "REV32 %0, %0 \n" 134 : "+r" (value) 135 : 136 ); 137 return value; 138 #elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \ 139 (defined(__thumb__) || defined(__arm__)) 140 __asm__ volatile ( 141 "REV %0, %0 \n" 142 : "+r" (value) 143 : 144 ); 145 return value; 107 146 #elif defined(FAST_ROTATE) 108 147 /* 5 instructions with rotate instruction, 9 without */ … … 115 154 #endif 116 155 } 117 118 156 /* This routine performs a byte swap of words array of a given count. */ 119 157 WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, 120 158 word32 byteCount) … … 126 164 127 165 } 128 129 166 130 167 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) … … 173 210 174 211 #ifndef WOLFSSL_NO_XOR_OPS 212 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number 213 of wolfssl_words, placing the result in <*r>. */ 214 WC_STATIC WC_INLINE void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, 215 const wolfssl_word* b, word32 n) 216 { 217 word32 i; 218 219 for (i = 0; i < n; i++) r[i] = a[i] ^ b[i]; 220 } 221 222 /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n 223 counts, placing the result in <*buf>. */ 224 225 WC_STATIC WC_INLINE void xorbufout(void*out, const void* buf, const void* mask, 226 word32 count) 227 { 228 if (((wolfssl_word)out | (wolfssl_word)buf | (wolfssl_word)mask | count) % \ 229 WOLFSSL_WORD_SIZE == 0) 230 XorWordsOut( (wolfssl_word*)out, (wolfssl_word*)buf, 231 (const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE); 232 else { 233 word32 i; 234 byte* o = (byte*)out; 235 byte* b = (byte*)buf; 236 const byte* m = (const byte*)mask; 237 238 for (i = 0; i < count; i++) o[i] = b[i] ^ m[i]; 239 } 240 } 241 242 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number 243 of wolfssl_words, placing the result in <*r>. */ 175 244 WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n) 176 245 { … … 180 249 } 181 250 251 /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n 252 counts, placing the result in <*buf>. */ 182 253 183 254 WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count) … … 197 268 198 269 #ifndef WOLFSSL_NO_FORCE_ZERO 199 /* Make sure compiler doesn't skip */ 270 /* This routine fills the first len bytes of the memory area pointed by mem 271 with zeros. It ensures compiler optimizations doesn't skip it */ 200 272 WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len) 201 273 { 202 274 volatile byte* z = (volatile byte*)mem; 203 275 204 #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE) 276 #if (defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD)) \ 277 && defined(WORD64_AVAILABLE) 205 278 volatile word64* w; 206 279 #ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS … … 243 316 #define min min 244 317 #endif 318 /* returns the smaller of a and b */ 245 319 WC_STATIC WC_INLINE word32 min(word32 a, word32 b) 246 320 { … … 324 398 WC_STATIC WC_INLINE byte ctMaskGT(int a, int b) 325 399 { 326 return ( ((word32)a - b - 1) >> 31) - 1;400 return (byte)((((word32)a - b - 1) >> 31) - 1); 327 401 } 328 402 … … 330 404 WC_STATIC WC_INLINE byte ctMaskGTE(int a, int b) 331 405 { 332 return ( ((word32)a - b ) >> 31) - 1;406 return (byte)((((word32)a - b ) >> 31) - 1); 333 407 } 334 408 … … 336 410 WC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b) 337 411 { 338 return ( ((word32)a - b ) >> 31) - 1;412 return (int)((((word32)a - b ) >> 31) - 1); 339 413 } 340 414 … … 342 416 WC_STATIC WC_INLINE byte ctMaskLT(int a, int b) 343 417 { 344 return ( ((word32)b - a - 1) >> 31) - 1;418 return (byte)((((word32)b - a - 1) >> 31) - 1); 345 419 } 346 420 … … 348 422 WC_STATIC WC_INLINE byte ctMaskLTE(int a, int b) 349 423 { 350 return ( ((word32)b - a ) >> 31) - 1;424 return (byte)((((word32)b - a ) >> 31) - 1); 351 425 } 352 426 … … 354 428 WC_STATIC WC_INLINE byte ctMaskEq(int a, int b) 355 429 { 356 return (~ctMaskGT(a, b)) & (~ctMaskLT(a, b)); 357 } 358 430 return (byte)(~ctMaskGT(a, b)) & (byte)(~ctMaskLT(a, b)); 431 } 432 433 /* Constant time - sets 16 bit integer mask when a > b */ 359 434 WC_STATIC WC_INLINE word16 ctMask16GT(int a, int b) 360 435 { 361 return (((word32)a - b - 1) >> 31) - 1; 362 } 363 436 return (word16)((((word32)a - b - 1) >> 31) - 1); 437 } 438 439 /* Constant time - sets 16 bit integer mask when a >= b */ 440 WC_STATIC WC_INLINE word16 ctMask16GTE(int a, int b) 441 { 442 return (word16)((((word32)a - b ) >> 31) - 1); 443 } 444 445 /* Constant time - sets 16 bit integer mask when a < b. */ 364 446 WC_STATIC WC_INLINE word16 ctMask16LT(int a, int b) 365 447 { 366 return (((word32)a - b - 1) >> 31) - 1; 367 } 368 448 return (word16)((((word32)b - a - 1) >> 31) - 1); 449 } 450 451 /* Constant time - sets 16 bit integer mask when a <= b. */ 452 WC_STATIC WC_INLINE word16 ctMask16LTE(int a, int b) 453 { 454 return (word16)((((word32)b - a ) >> 31) - 1); 455 } 456 457 /* Constant time - sets 16 bit integer mask when a == b. */ 369 458 WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b) 370 459 { 371 return ( ~ctMask16GT(a, b)) &(~ctMask16LT(a, b));460 return (word16)(~ctMask16GT(a, b)) & (word16)(~ctMask16LT(a, b)); 372 461 } 373 462 … … 375 464 WC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b) 376 465 { 377 return ctMaskGT(a, b) |ctMaskLT(a, b);466 return (byte)ctMaskGT(a, b) | (byte)ctMaskLT(a, b); 378 467 } 379 468 … … 381 470 WC_STATIC WC_INLINE byte ctMaskSel(byte m, byte a, byte b) 382 471 { 383 return (b & ((byte)~(word32)m)) | (a & m);472 return (byte)((b & ((byte)~(word32)m)) | (a & m)); 384 473 } 385 474 … … 394 483 WC_STATIC WC_INLINE byte ctSetLTE(int a, int b) 395 484 { 396 return ( (word32)a - b - 1) >> 31;485 return (byte)(((word32)a - b - 1) >> 31); 397 486 } 398 487 #endif -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/pwdbased.c
r457 r464 502 502 } 503 503 504 if (ret < 0) { 505 mp_clear(&B1); 506 break; 507 } 508 504 509 currentLen = min(kLen, (int)u); 505 510 XMEMCPY(output, Ai, currentLen); … … 722 727 blocksSz = bSz * parallel; 723 728 blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 724 if (blocks == NULL) 729 if (blocks == NULL) { 730 ret = MEMORY_E; 725 731 goto end; 732 } 726 733 /* Temporary for scryptROMix. */ 727 734 v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 728 if (v == NULL) 735 if (v == NULL) { 736 ret = MEMORY_E; 729 737 goto end; 738 } 730 739 /* Temporary for scryptBlockMix. */ 731 740 y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER); 732 if (y == NULL) 741 if (y == NULL) { 742 ret = MEMORY_E; 733 743 goto end; 744 } 734 745 735 746 /* Step 1. */ -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/random.c
r457 r464 20 20 */ 21 21 22 22 /* 23 24 DESCRIPTION 25 This library contains implementation for the random number generator. 26 27 */ 23 28 #ifdef HAVE_CONFIG_H 24 29 #include <config.h> … … 165 170 #endif 166 171 172 #if defined(WOLFSSL_SILABS_SE_ACCEL) 173 #include <wolfssl/wolfcrypt/port/silabs/silabs_random.h> 174 #endif 175 167 176 168 177 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) … … 172 181 intel_flags = cpuid_get_flags(); 173 182 } 174 #if def HAVE_INTEL_RDSEED183 #if defined(HAVE_INTEL_RDSEED) && !defined(WOLFSSL_LINUXKM) 175 184 static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz); 176 185 #endif … … 180 189 181 190 #ifdef USE_WINDOWS_API 191 #define USE_INTEL_INTRINSICS 192 #elif !defined __GNUC__ || defined __clang__ || __GNUC__ > 4 193 #define USE_INTEL_INTRINSICS 194 #else 195 #undef USE_INTEL_INTRINSICS 196 #endif 197 198 #ifdef USE_INTEL_INTRINSICS 182 199 #include <immintrin.h> 200 /* Before clang 7 or GCC 9, immintrin.h did not define _rdseed64_step() */ 201 #ifndef HAVE_INTEL_RDSEED 202 #elif defined __clang__ && __clang_major__ > 6 203 #elif !defined __GNUC__ 204 #elif __GNUC__ > 8 205 #else 206 #ifndef __clang__ 207 #pragma GCC push_options 208 #pragma GCC target("rdseed") 209 #else 210 #define __RDSEED__ 211 #endif 212 #include <x86intrin.h> 213 #ifndef __clang__ 214 #pragma GCC pop_options 215 #endif 216 #endif 183 217 #endif /* USE_WINDOWS_API */ 184 218 #endif … … 280 314 }; 281 315 282 /* NOTE: if DRBG struct is changed please update random.h drbg_data size */ 283 typedef struct DRBG { 284 word32 reseedCtr; 285 word32 lastBlock; 286 byte V[DRBG_SEED_LEN]; 287 byte C[DRBG_SEED_LEN]; 288 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) 289 void* heap; 290 int devId; 291 #endif 292 byte matchCount; 293 #ifdef WOLFSSL_SMALL_STACK_CACHE 294 wc_Sha256 sha256; 295 #endif 296 } DRBG; 297 316 typedef struct DRBG_internal DRBG_internal; 298 317 299 318 static int wc_RNG_HealthTestLocal(int reseed); … … 301 320 /* Hash Derivation Function */ 302 321 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ 303 static int Hash_df(DRBG * drbg, byte* out, word32 outSz, byte type,322 static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, 304 323 const byte* inA, word32 inASz, 305 324 const byte* inB, word32 inBSz) … … 390 409 391 410 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ 392 static int Hash_DRBG_Reseed(DRBG * drbg, const byte* seed, word32 seedSz)411 static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz) 393 412 { 394 413 byte newV[DRBG_SEED_LEN]; … … 422 441 } 423 442 424 return Hash_DRBG_Reseed( rng->drbg, seed, seedSz);443 return Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, seed, seedSz); 425 444 } 426 445 … … 437 456 438 457 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ 439 static int Hash_gen(DRBG * drbg, byte* out, word32 outSz, const byte* V)458 static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V) 440 459 { 441 460 int ret = DRBG_FAILURE; … … 488 507 } 489 508 else { 490 if (i == len) {509 if (i == (len-1)) { 491 510 len++; 492 511 } … … 512 531 } 513 532 } 533 else { 534 /* wc_Sha256Update or wc_Sha256Final returned error */ 535 break; 536 } 514 537 } 515 538 ForceZero(data, sizeof(data)); … … 529 552 int sIdx, dIdx; 530 553 531 for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) 532 { 533 carry += d[dIdx] + s[sIdx]; 554 for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) { 555 carry += (word16)d[dIdx] + (word16)s[sIdx]; 534 556 d[dIdx] = (byte)carry; 535 557 carry >>= 8; … … 537 559 538 560 for (; carry != 0 && dIdx >= 0; dIdx--) { 539 carry += d[dIdx];561 carry += (word16)d[dIdx]; 540 562 d[dIdx] = (byte)carry; 541 563 carry >>= 8; … … 545 567 546 568 /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ 547 static int Hash_DRBG_Generate(DRBG * drbg, byte* out, word32 outSz)569 static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz) 548 570 { 549 571 int ret; … … 611 633 612 634 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ 613 static int Hash_DRBG_Instantiate(DRBG * drbg, const byte* seed, word32 seedSz,635 static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 seedSz, 614 636 const byte* nonce, word32 nonceSz, 615 637 void* heap, int devId) 616 638 { 617 int ret ;618 619 XMEMSET(drbg, 0, sizeof(DRBG ));639 int ret = DRBG_FAILURE; 640 641 XMEMSET(drbg, 0, sizeof(DRBG_internal)); 620 642 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) 621 643 drbg->heap = heap; … … 646 668 ret = DRBG_SUCCESS; 647 669 } 648 else {649 ret = DRBG_FAILURE;650 }651 670 652 671 return ret; … … 654 673 655 674 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ 656 static int Hash_DRBG_Uninstantiate(DRBG * drbg)675 static int Hash_DRBG_Uninstantiate(DRBG_internal* drbg) 657 676 { 658 677 word32 i; … … 664 683 #endif 665 684 666 ForceZero(drbg, sizeof(DRBG ));667 668 for (i = 0; i < sizeof(DRBG ); i++)685 ForceZero(drbg, sizeof(DRBG_internal)); 686 687 for (i = 0; i < sizeof(DRBG_internal); i++) 669 688 compareSum |= compareDrbg[i] ^ 0; 670 689 … … 675 694 int wc_RNG_TestSeed(const byte* seed, word32 seedSz) 676 695 { 677 int ret = DRBG_SUCCESS;696 int ret = 0; 678 697 679 698 /* Check the seed for duplicate words. */ … … 701 720 void* heap, int devId) 702 721 { 703 int ret = RNG_FAILURE_E;722 int ret = 0; 704 723 #ifdef HAVE_HASHDRBG 705 724 word32 seedSz = SEED_SZ + SEED_BLOCK_SZ; … … 772 791 #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) 773 792 rng->drbg = 774 (struct DRBG*)XMALLOC(sizeof(DRBG ), rng->heap,793 (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap, 775 794 DYNAMIC_TYPE_RNG); 776 #else777 /* compile-time validation of drbg_data size */778 typedef char drbg_data_test[sizeof(rng->drbg_data) >=779 sizeof(struct DRBG) ? 1 : -1];780 (void)sizeof(drbg_data_test);781 rng->drbg = (struct DRBG*)rng->drbg_data;782 #endif783 784 795 if (rng->drbg == NULL) { 785 796 ret = MEMORY_E; 786 } 787 else { 797 rng->status = DRBG_FAILED; 798 } 799 #else 800 rng->drbg = (struct DRBG*)&rng->drbg_data; 801 #endif 802 if (ret == 0) { 788 803 ret = wc_GenerateSeed(&rng->seed, seed, seedSz); 789 if (ret != 0) 804 if (ret == 0) 805 ret = wc_RNG_TestSeed(seed, seedSz); 806 else { 790 807 ret = DRBG_FAILURE; 791 else792 ret = wc_RNG_TestSeed(seed, seedSz);808 rng->status = DRBG_FAILED; 809 } 793 810 794 811 if (ret == DRBG_SUCCESS) 795 ret = Hash_DRBG_Instantiate(rng->drbg,812 ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg, 796 813 seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ, 797 814 nonce, nonceSz, rng->heap, devId); … … 901 918 return BAD_FUNC_ARG; 902 919 920 if (sz == 0) 921 return 0; 922 903 923 #ifdef WOLF_CRYPTO_CB 904 924 if (rng->devId != INVALID_DEVID) { … … 913 933 if (IS_INTEL_RDRAND(intel_flags)) 914 934 return wc_GenerateRand_IntelRD(NULL, output, sz); 935 #endif 936 937 #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_TRNG) 938 return silabs_GenerateRand(output, sz); 915 939 #endif 916 940 … … 940 964 return RNG_FAILURE_E; 941 965 942 ret = Hash_DRBG_Generate( rng->drbg, output, sz);966 ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); 943 967 if (ret == DRBG_NEED_RESEED) { 944 968 if (wc_RNG_HealthTestLocal(1) == 0) { … … 953 977 954 978 if (ret == DRBG_SUCCESS) 955 ret = Hash_DRBG_Reseed(rng->drbg, newSeed + SEED_BLOCK_SZ,979 ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, newSeed + SEED_BLOCK_SZ, 956 980 SEED_SZ); 957 981 if (ret == DRBG_SUCCESS) 958 ret = Hash_DRBG_Generate(rng->drbg, output, sz);982 ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); 959 983 960 984 ForceZero(newSeed, sizeof(newSeed)); … … 1006 1030 #ifdef HAVE_HASHDRBG 1007 1031 if (rng->drbg != NULL) { 1008 if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS)1032 if (Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg) != DRBG_SUCCESS) 1009 1033 ret = RNG_FAILURE_E; 1010 1034 … … 1040 1064 { 1041 1065 int ret = -1; 1042 DRBG * drbg;1066 DRBG_internal* drbg; 1043 1067 #ifndef WOLFSSL_SMALL_STACK 1044 DRBG drbg_var;1068 DRBG_internal drbg_var; 1045 1069 #endif 1046 1070 … … 1058 1082 1059 1083 #ifdef WOLFSSL_SMALL_STACK 1060 drbg = (DRBG *)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);1084 drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), NULL, DYNAMIC_TYPE_RNG); 1061 1085 if (drbg == NULL) { 1062 1086 return MEMORY_E; … … 1108 1132 1109 1133 1110 const byte seedA[] = {1134 const FLASH_QUALIFIER byte seedA_data[] = { 1111 1135 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, 1112 1136 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, … … 1115 1139 }; 1116 1140 1117 const byte reseedSeedA[] = {1141 const FLASH_QUALIFIER byte reseedSeedA_data[] = { 1118 1142 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, 1119 1143 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, … … 1121 1145 }; 1122 1146 1123 const byte outputA[] = {1147 const FLASH_QUALIFIER byte outputA_data[] = { 1124 1148 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, 1125 1149 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, … … 1135 1159 }; 1136 1160 1137 const byte seedB[] = {1161 const FLASH_QUALIFIER byte seedB_data[] = { 1138 1162 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, 1139 1163 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, … … 1143 1167 }; 1144 1168 1145 const byte outputB[] = {1169 const FLASH_QUALIFIER byte outputB_data[] = { 1146 1170 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, 1147 1171 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, … … 1176 1200 1177 1201 if (reseed) { 1178 ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA), 1179 reseedSeedA, sizeof(reseedSeedA), 1202 #ifdef WOLFSSL_USE_FLASHMEM 1203 byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL, 1204 DYNAMIC_TYPE_TMP_BUFFER); 1205 byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL, 1206 DYNAMIC_TYPE_TMP_BUFFER); 1207 byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL, 1208 DYNAMIC_TYPE_TMP_BUFFER); 1209 1210 if (!seedA || !reseedSeedA || !outputA) { 1211 XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1212 XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1213 XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1214 ret = MEMORY_E; 1215 } 1216 else { 1217 XMEMCPY_P(seedA, seedA_data, sizeof(seedA_data)); 1218 XMEMCPY_P(reseedSeedA, reseedSeedA_data, sizeof(reseedSeedA_data)); 1219 XMEMCPY_P(outputA, outputA_data, sizeof(outputA_data)); 1220 #else 1221 const byte* seedA = seedA_data; 1222 const byte* reseedSeedA = reseedSeedA_data; 1223 const byte* outputA = outputA_data; 1224 #endif 1225 ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data), 1226 reseedSeedA, sizeof(reseedSeedA_data), 1180 1227 check, RNG_HEALTH_TEST_CHECK_SIZE); 1181 1228 if (ret == 0) { … … 1184 1231 ret = -1; 1185 1232 } 1233 1234 #ifdef WOLFSSL_USE_FLASHMEM 1235 XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1236 XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1237 XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1238 } 1239 #endif 1186 1240 } 1187 1241 else { 1188 ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB), 1242 #ifdef WOLFSSL_USE_FLASHMEM 1243 byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL, 1244 DYNAMIC_TYPE_TMP_BUFFER); 1245 byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL, 1246 DYNAMIC_TYPE_TMP_BUFFER); 1247 1248 if (!seedB || !outputB) { 1249 XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1250 XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1251 ret = MEMORY_E; 1252 } 1253 else { 1254 XMEMCPY_P(seedB, seedB_data, sizeof(seedB_data)); 1255 XMEMCPY_P(outputB, outputB_data, sizeof(outputB_data)); 1256 #else 1257 const byte* seedB = seedB_data; 1258 const byte* outputB = outputB_data; 1259 #endif 1260 ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data), 1189 1261 NULL, 0, 1190 1262 check, RNG_HEALTH_TEST_CHECK_SIZE); … … 1201 1273 if (ret == 0) { 1202 1274 ret = wc_RNG_HealthTest_ex(0, 1203 seedB + 32, sizeof(seedB ) - 32,1275 seedB + 32, sizeof(seedB_data) - 32, 1204 1276 seedB, 32, 1205 1277 NULL, 0, … … 1207 1279 NULL, INVALID_DEVID); 1208 1280 if (ret == 0) { 1209 if (ConstantCompare(check, outputB, sizeof(outputB )) != 0)1281 if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0) 1210 1282 ret = -1; 1211 1283 } 1212 1284 } 1285 1286 #ifdef WOLFSSL_USE_FLASHMEM 1287 XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1288 XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER); 1289 } 1290 #endif 1213 1291 } 1214 1292 … … 1332 1410 #ifdef HAVE_INTEL_RDSEED 1333 1411 1334 #ifndef USE_ WINDOWS_API1412 #ifndef USE_INTEL_INTRINSICS 1335 1413 1336 1414 /* return 0 on success */ … … 1343 1421 } 1344 1422 1345 #else /* USE_ WINDOWS_API*/1423 #else /* USE_INTEL_INTRINSICS */ 1346 1424 /* The compiler Visual Studio uses does not allow inline assembly. 1347 1425 * It does allow for Intel intrinsic functions. */ 1348 1426 1349 1427 /* return 0 on success */ 1428 # ifdef __GNUC__ 1429 __attribute__((target("rdseed"))) 1430 # endif 1350 1431 static WC_INLINE int IntelRDseed64(word64* seed) 1351 1432 { 1352 1433 int ok; 1353 1434 1354 ok = _rdseed64_step( seed);1435 ok = _rdseed64_step((unsigned long long*) seed); 1355 1436 return (ok) ? 0 : -1; 1356 1437 } 1357 1438 1358 #endif /* USE_ WINDOWS_API*/1439 #endif /* USE_INTEL_INTRINSICS */ 1359 1440 1360 1441 /* return 0 on success */ … … 1369 1450 } 1370 1451 1452 #ifndef WOLFSSL_LINUXKM 1371 1453 /* return 0 on success */ 1372 1454 static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) … … 1399 1481 return 0; 1400 1482 } 1483 #endif 1401 1484 1402 1485 #endif /* HAVE_INTEL_RDSEED */ … … 1404 1487 #ifdef HAVE_INTEL_RDRAND 1405 1488 1406 #ifndef USE_ WINDOWS_API1489 #ifndef USE_INTEL_INTRINSICS 1407 1490 1408 1491 /* return 0 on success */ … … 1416 1499 } 1417 1500 1418 #else /* USE_ WINDOWS_API*/1501 #else /* USE_INTEL_INTRINSICS */ 1419 1502 /* The compiler Visual Studio uses does not allow inline assembly. 1420 1503 * It does allow for Intel intrinsic functions. */ 1421 1504 1422 1505 /* return 0 on success */ 1506 # ifdef __GNUC__ 1507 __attribute__((target("rdrnd"))) 1508 # endif 1423 1509 static WC_INLINE int IntelRDrand64(word64 *rnd) 1424 1510 { 1425 1511 int ok; 1426 1512 1427 ok = _rdrand64_step( rnd);1513 ok = _rdrand64_step((unsigned long long*) rnd); 1428 1514 1429 1515 return (ok) ? 0 : -1; 1430 1516 } 1431 1517 1432 #endif /* USE_ WINDOWS_API*/1518 #endif /* USE_INTEL_INTRINSICS */ 1433 1519 1434 1520 /* return 0 on success */ … … 1608 1694 } 1609 1695 1696 #elif (defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC_RNG)) && \ 1697 !defined(WOLFSSL_PIC32MZ_RNG) 1698 /* enable ATECC RNG unless using PIC32MZ one instead */ 1699 #include <wolfssl/wolfcrypt/port/atmel/atmel.h> 1700 1701 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) 1702 { 1703 int ret = 0; 1704 1705 (void)os; 1706 if (output == NULL) { 1707 return BUFFER_E; 1708 } 1709 1710 ret = atmel_get_random_number(sz, output); 1711 1712 return ret; 1713 } 1610 1714 1611 1715 #elif defined(MICROCHIP_PIC32) … … 1816 1920 #endif /* FREESCALE_K70_RNGA */ 1817 1921 1922 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 1923 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) 1924 { 1925 (void)os; 1926 return silabs_GenerateRand(output, sz); 1927 } 1928 1818 1929 #elif defined(STM32_RNG) 1819 1930 /* Generate a RNG seed using the hardware random number generator … … 1847 1958 ) { 1848 1959 /* Single byte at a time */ 1849 uint32_ttmpRng = 0;1960 word32 tmpRng = 0; 1850 1961 if (HAL_RNG_GenerateRandomNumber(&hrng, &tmpRng) != HAL_OK) { 1851 1962 wolfSSL_CryptHwMutexUnLock(); … … 1856 1967 else { 1857 1968 /* Use native 32 instruction */ 1858 if (HAL_RNG_GenerateRandomNumber(&hrng, ( uint32_t*)&output[i]) != HAL_OK) {1969 if (HAL_RNG_GenerateRandomNumber(&hrng, (word32*)&output[i]) != HAL_OK) { 1859 1970 wolfSSL_CryptHwMutexUnLock(); 1860 1971 return RAN_BLOCK_E; … … 2053 2164 } 2054 2165 2055 #elif defined(WOLFSSL_NRF51) 2166 #elif defined(WOLFSSL_NRF51) || defined(WOLFSSL_NRF5x) 2056 2167 #include "app_error.h" 2057 2168 #include "nrf_drv_rng.h" … … 2059 2170 { 2060 2171 int remaining = sz, length, pos = 0; 2061 uint8_t available; 2062 uint32_t err_code; 2172 word32 err_code; 2173 byte available; 2174 static byte initialized = 0; 2063 2175 2064 2176 (void)os; 2065 2177 2066 2178 /* Make sure RNG is running */ 2067 err_code = nrf_drv_rng_init(NULL); 2068 if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { 2069 return -1; 2179 if (!initialized) { 2180 err_code = nrf_drv_rng_init(NULL); 2181 if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE 2182 #ifdef NRF_ERROR_MODULE_ALREADY_INITIALIZED 2183 && err_code != NRF_ERROR_MODULE_ALREADY_INITIALIZED 2184 #endif 2185 ) { 2186 return -1; 2187 } 2188 initialized = 1; 2070 2189 } 2071 2190 2072 2191 while (remaining > 0) { 2073 err_code = nrf_drv_rng_bytes_available(&available);2074 if (err_code == NRF_SUCCESS) {2075 2076 2077 2078 remaining -= length;2079 pos += length;2192 available = 0; 2193 nrf_drv_rng_bytes_available(&available); /* void func */ 2194 length = (remaining < available) ? remaining : available; 2195 if (length > 0) { 2196 err_code = nrf_drv_rng_rand(&output[pos], length); 2197 if (err_code != NRF_SUCCESS) { 2198 break; 2080 2199 } 2081 } 2082 2083 if (err_code != NRF_SUCCESS) { 2084 break; 2200 remaining -= length; 2201 pos += length; 2085 2202 } 2086 2203 } … … 2115 2232 2116 2233 return 0; 2117 }2118 2119 #elif defined(WOLFSSL_ATMEL)2120 #include <wolfssl/wolfcrypt/port/atmel/atmel.h>2121 2122 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)2123 {2124 int ret = 0;2125 2126 (void)os;2127 if (output == NULL) {2128 return BUFFER_E;2129 }2130 2131 ret = atmel_get_random_number(sz, output);2132 2133 return ret;2134 2234 } 2135 2235 … … 2290 2390 #endif /* end WOLFSSL_ESPWROOM32 */ 2291 2391 2392 #elif defined(WOLFSSL_LINUXKM) 2393 #include <linux/random.h> 2394 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) 2395 { 2396 (void)os; 2397 2398 get_random_bytes(output, sz); 2399 2400 return 0; 2401 } 2402 2292 2403 #elif defined(WOLFSSL_RENESAS_TSIP) 2293 2404 #if defined(WOLFSSL_RENESA_TSIP_IAREWRX) 2294 2295 #endif 2296 2405 #include "r_bsp/mcu/all/r_rx_compiler.h" 2406 #endif 2407 #include "r_bsp/platform.h" 2297 2408 #include "r_tsip_rx_if.h" 2298 2409 2299 2410 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) 2300 2411 { 2301 2412 int ret; 2302 uint32_tbuffer[4];2413 word32 buffer[4]; 2303 2414 2304 2415 while (sz > 0) { 2305 uint32_tlen = sizeof(buffer);2306 2416 word32 len = sizeof(buffer); 2417 2307 2418 if (sz < len) { 2308 2419 len = sz; … … 2329 2440 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) 2330 2441 { 2331 uint32_tret;2332 uint32_tblocks;2333 word32 2442 word32 ret; 2443 word32 blocks; 2444 word32 len = sz; 2334 2445 2335 2446 ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->open(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, … … 2340 2451 } 2341 2452 2342 blocks = sz / sizeof( uint32_t);2453 blocks = sz / sizeof(word32); 2343 2454 if (blocks > 0) { 2344 2455 ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, 2345 (uint32_t*)output, blocks);2456 (word32*)output, blocks); 2346 2457 if (ret != SSP_SUCCESS) { 2347 2458 return -1; … … 2349 2460 } 2350 2461 2351 len = len - (blocks * sizeof( uint32_t));2462 len = len - (blocks * sizeof(word32)); 2352 2463 if (len > 0) { 2353 uint32_ttmp;2354 2355 if (len > sizeof( uint32_t)) {2464 word32 tmp; 2465 2466 if (len > sizeof(word32)) { 2356 2467 return -1; 2357 2468 } 2358 2469 ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, 2359 ( uint32_t*)tmp, 1);2470 (word32*)tmp, 1); 2360 2471 if (ret != SSP_SUCCESS) { 2361 2472 return -1; 2362 2473 } 2363 XMEMCPY(output + (blocks * sizeof( uint32_t)), (byte*)&tmp, len);2474 XMEMCPY(output + (blocks * sizeof(word32)), (byte*)&tmp, len); 2364 2475 } 2365 2476 -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/rsa.c
r457 r464 20 20 */ 21 21 22 22 /* 23 24 DESCRIPTION 25 This library provides the interface to the RSA. 26 RSA keys can be used to encrypt, decrypt, sign and verify data. 27 28 */ 23 29 #ifdef HAVE_CONFIG_H 24 30 #include <config.h> … … 336 342 } 337 343 338 #ifdef HAVE_PKCS11344 #ifdef WOLF_CRYPTO_CB 339 345 int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, 340 346 int devId) … … 349 355 if (ret == 0) 350 356 ret = wc_InitRsaKey_ex(key, heap, devId); 351 352 357 if (ret == 0 && id != NULL && len != 0) { 353 358 XMEMCPY(key->id, id, len); 354 359 key->idLen = len; 360 } 361 362 return ret; 363 } 364 365 int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId) 366 { 367 int ret = 0; 368 int labelLen = 0; 369 370 if (key == NULL || label == NULL) 371 ret = BAD_FUNC_ARG; 372 if (ret == 0) { 373 labelLen = (int)XSTRLEN(label); 374 if (labelLen == 0 || labelLen > RSA_MAX_LABEL_LEN) 375 ret = BUFFER_E; 376 } 377 378 if (ret == 0) 379 ret = wc_InitRsaKey_ex(key, heap, devId); 380 if (ret == 0) { 381 XMEMCPY(key->label, label, labelLen); 382 key->labelLen = labelLen; 355 383 } 356 384 … … 381 409 mSz = mp_unsigned_bin_size(&(key->n)); 382 410 m = (unsigned char*)XMALLOC(mSz, key->heap, DYNAMIC_TYPE_KEY); 383 if (m == 0) {411 if (m == NULL) { 384 412 return MEMORY_E; 385 413 } … … 478 506 CRYS_RSAKGFipsContext_t FipsCtx; 479 507 byte ex[3]; 480 uint16_teSz = sizeof(ex);508 word16 eSz = sizeof(ex); 481 509 byte n[256]; 482 uint16_tnSz = sizeof(n);510 word16 nSz = sizeof(n); 483 511 484 512 ret = CRYS_RSA_KG_GenerateKeyPair(&wc_rndState, 485 513 wc_rndGenVectFunc, 486 514 (byte*)&e, 487 3*sizeof( uint8_t),515 3*sizeof(byte), 488 516 size, 489 517 &key->ctx.privKey, … … 606 634 ret = MP_READ_E; 607 635 } 608 609 636 #ifdef WOLFSSL_HAVE_SP_RSA 610 #ifndef WOLFSSL_SP_NO_2048 611 if (mp_count_bits(&key->n) == 2048) { 612 ret = sp_ModExp_2048(k, &key->e, &key->n, tmp); 613 if (ret != 0) 637 if (ret == 0) { 638 switch (mp_count_bits(&key->n)) { 639 #ifndef WOLFSSL_SP_NO_2048 640 case 2048: 641 ret = sp_ModExp_2048(k, &key->e, &key->n, tmp); 642 if (ret != 0) 643 ret = MP_EXPTMOD_E; 644 if (ret == 0) { 645 ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp); 646 if (ret != 0) 647 ret = MP_EXPTMOD_E; 648 } 649 break; 650 #endif /* WOLFSSL_SP_NO_2048 */ 651 #ifndef WOLFSSL_SP_NO_3072 652 case 3072: 653 ret = sp_ModExp_3072(k, &key->e, &key->n, tmp); 654 if (ret != 0) 655 ret = MP_EXPTMOD_E; 656 if (ret == 0) { 657 ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp); 658 if (ret != 0) 659 ret = MP_EXPTMOD_E; 660 } 661 break; 662 #endif /* WOLFSSL_SP_NO_3072 */ 663 #ifdef WOLFSSL_SP_4096 664 case 4096: 665 ret = sp_ModExp_4096(k, &key->e, &key->n, tmp); 666 if (ret != 0) 667 ret = MP_EXPTMOD_E; 668 if (ret == 0) { 669 ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp); 670 if (ret != 0) 671 ret = MP_EXPTMOD_E; 672 } 673 break; 674 #endif /* WOLFSSL_SP_4096 */ 675 default: 676 /* If using only single precsision math then issue key size 677 * error, otherwise fall-back to multi-precision math 678 * calculation */ 679 #if defined(WOLFSSL_SP_MATH) 680 ret = WC_KEY_SIZE_E; 681 #else 682 if (mp_exptmod_nct(k, &key->e, &key->n, tmp) != MP_OKAY) 683 ret = MP_EXPTMOD_E; 684 if (ret == 0) { 685 if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) 686 ret = MP_EXPTMOD_E; 687 } 688 #endif 689 break; 690 } 691 } 692 #else 693 if (ret == 0) { 694 if (mp_exptmod_nct(k, &key->e, &key->n, tmp) != MP_OKAY) 614 695 ret = MP_EXPTMOD_E; 615 ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp); 616 if (ret != 0) 696 } 697 698 if (ret == 0) { 699 if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) 617 700 ret = MP_EXPTMOD_E; 618 701 } 619 else 620 #endif 621 #ifndef WOLFSSL_SP_NO_3072 622 if (mp_count_bits(&key->n) == 3072) { 623 ret = sp_ModExp_3072(k, &key->e, &key->n, tmp); 624 if (ret != 0) 625 ret = MP_EXPTMOD_E; 626 ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp); 627 if (ret != 0) 628 ret = MP_EXPTMOD_E; 629 } 630 else 631 #endif 632 #ifdef WOLFSSL_SP_4096 633 if (mp_count_bits(&key->n) == 4096) { 634 ret = sp_ModExp_4096(k, &key->e, &key->n, tmp); 635 if (ret != 0) 636 ret = MP_EXPTMOD_E; 637 ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp); 638 if (ret != 0) 639 ret = MP_EXPTMOD_E; 640 } 641 else 642 #endif 643 #endif 644 #ifdef WOLFSSL_SP_MATH 645 { 646 ret = WC_KEY_SIZE_E; 647 } 648 #else 649 { 650 if (ret == 0) { 651 if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY) 652 ret = MP_EXPTMOD_E; 653 } 654 655 if (ret == 0) { 656 if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) 657 ret = MP_EXPTMOD_E; 658 } 659 } 660 #endif 702 #endif /* WOLFSSL_HAVE_SP_RSA */ 661 703 662 704 if (ret == 0) { … … 757 799 return ret; 758 800 } 759 #endif 760 #endif 801 #endif /* WOLFSSL_KEY_GEN && !WOLFSSL_NO_RSA_KEY_CHECK */ 802 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ 761 803 762 804 … … 816 858 817 859 /* counter to byte array appended to tmp */ 818 tmp[seedSz] = ( counter >> 24) & 0xFF;819 tmp[seedSz + 1] = ( counter >> 16) & 0xFF;820 tmp[seedSz + 2] = ( counter >> 8) & 0xFF;821 tmp[seedSz + 3] = ( counter) & 0xFF;860 tmp[seedSz] = (byte)((counter >> 24) & 0xFF); 861 tmp[seedSz + 1] = (byte)((counter >> 16) & 0xFF); 862 tmp[seedSz + 2] = (byte)((counter >> 8) & 0xFF); 863 tmp[seedSz + 3] = (byte)((counter) & 0xFF); 822 864 823 865 /* hash and append to existing output */ … … 1103 1145 byte* m; 1104 1146 byte* s; 1147 #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) 1148 byte msg[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ]; 1149 #else 1150 byte* msg = NULL; 1151 #endif 1105 1152 #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) 1106 #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) 1107 byte salt[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ]; 1108 #else 1109 byte* salt = NULL; 1110 #endif 1153 byte* salt; 1111 1154 #else 1112 1155 byte salt[WC_MAX_DIGEST_SIZE]; … … 1122 1165 if (hLen < 0) 1123 1166 return hLen; 1167 if ((int)inputLen != hLen) { 1168 return BAD_FUNC_ARG; 1169 } 1124 1170 1125 1171 hiBits = (bits - 1) & 0x7; 1126 1172 if (hiBits == 0) { 1173 /* Per RFC8017, set the leftmost 8emLen - emBits bits of the 1174 leftmost octet in DB to zero. 1175 */ 1127 1176 *(pkcsBlock++) = 0; 1128 1177 pkcsBlockLen--; … … 1161 1210 return PSS_SALTLEN_E; 1162 1211 } 1163 1164 1212 maskLen = pkcsBlockLen - 1 - hLen; 1165 1213 1166 1214 #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) 1167 1215 #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) 1168 salt= (byte*)XMALLOC(RSA_PSS_PAD_SZ + inputLen + saltLen, heap,1216 msg = (byte*)XMALLOC(RSA_PSS_PAD_SZ + inputLen + saltLen, heap, 1169 1217 DYNAMIC_TYPE_RSA_BUFFER); 1170 if ( salt== NULL) {1218 if (msg == NULL) { 1171 1219 return MEMORY_E; 1172 1220 } 1173 1221 #endif 1174 s = m = salt;1222 salt = s = m = msg; 1175 1223 XMEMSET(m, 0, RSA_PSS_PAD_SZ); 1176 1224 m += RSA_PSS_PAD_SZ; … … 1185 1233 } 1186 1234 #else 1187 s = m = pkcsBlock; 1235 if (pkcsBlockLen < RSA_PSS_PAD_SZ + inputLen + saltLen) { 1236 #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) 1237 msg = (byte*)XMALLOC(RSA_PSS_PAD_SZ + inputLen + saltLen, heap, 1238 DYNAMIC_TYPE_RSA_BUFFER); 1239 if (msg == NULL) { 1240 return MEMORY_E; 1241 } 1242 #endif 1243 m = msg; 1244 } 1245 else { 1246 m = pkcsBlock; 1247 } 1248 s = m; 1188 1249 XMEMSET(m, 0, RSA_PSS_PAD_SZ); 1189 1250 m += RSA_PSS_PAD_SZ; … … 1204 1265 } 1205 1266 if (ret == 0) { 1267 /* Set the last eight bits or trailer field to the octet 0xbc */ 1206 1268 pkcsBlock[pkcsBlockLen - 1] = RSA_PSS_PAD_TERM; 1207 1269 … … 1209 1271 } 1210 1272 if (ret == 0) { 1211 pkcsBlock[0] &= (1 << hiBits) - 1; 1273 /* Clear the first high bit when "8emLen - emBits" is non-zero. 1274 where emBits = n modBits - 1 */ 1275 if (hiBits) 1276 pkcsBlock[0] &= (1 << hiBits) - 1; 1212 1277 1213 1278 m = pkcsBlock + maskLen - saltLen - 1; … … 1218 1283 } 1219 1284 1220 #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER)1221 1285 #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) 1222 if ( salt!= NULL) {1223 XFREE( salt, heap, DYNAMIC_TYPE_RSA_BUFFER);1286 if (msg != NULL) { 1287 XFREE(msg, heap, DYNAMIC_TYPE_RSA_BUFFER); 1224 1288 } 1225 1289 #endif 1226 #endif1227 1290 return ret; 1228 1291 } … … 1238 1301 } 1239 1302 1303 if (pkcsBlockLen - RSA_MIN_PAD_SZ < inputLen) { 1304 WOLFSSL_MSG("RsaPad error, invalid length"); 1305 return RSA_PAD_E; 1306 } 1240 1307 pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ 1241 1308 pkcsBlock++; pkcsBlockLen--; … … 1243 1310 1244 1311 if (padValue == RSA_BLOCK_TYPE_1) { 1245 if (pkcsBlockLen < inputLen + 2) {1246 WOLFSSL_MSG("RsaPad error, invalid length");1247 return RSA_PAD_E;1248 }1249 1312 1250 1313 /* pad with 0xff bytes */ … … 1256 1319 word32 padLen, i; 1257 1320 int ret; 1258 1259 if (pkcsBlockLen < inputLen + 1) {1260 WOLFSSL_MSG("RsaPad error, invalid length");1261 return RSA_PAD_E;1262 }1263 1264 1321 padLen = pkcsBlockLen - inputLen - 1; 1265 1322 ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); … … 1458 1515 * bits Length of key in bits. 1459 1516 * heap Used for dynamic memory allocation. 1460 * returns 0 on success, PSS_SALTLEN_E when the salt length is invalid, 1461 * BAD_PADDING_E when the padding is not valid, MEMORY_E when allocation fails 1462 * and other negative values on error. 1517 * returns the sum of salt length and SHA-256 digest size on success. 1518 * Otherwise, PSS_SALTLEN_E for an incorrect salt length, 1519 * WC_KEY_SIZE_E for an incorrect encoded message (EM) size 1520 and other negative values on error. 1463 1521 */ 1464 1522 static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, … … 1597 1655 #endif 1598 1656 1599 if (output == NULL || pkcsBlockLen == 0|| pkcsBlockLen > 0xFFFF) {1657 if (output == NULL || pkcsBlockLen < 2 || pkcsBlockLen > 0xFFFF) { 1600 1658 return BAD_FUNC_ARG; 1601 1659 } … … 1719 1777 } 1720 1778 1721 #if defined(WOLFSSL_XILINX_CRYPT) 1722 /* 1723 * Xilinx hardened crypto acceleration. 1724 * 1725 * Returns 0 on success and negative values on error. 1726 */ 1727 static int wc_RsaFunctionXil(const byte* in, word32 inLen, byte* out, 1728 word32* outLen, int type, RsaKey* key, WC_RNG* rng) 1729 { 1730 int ret = 0; 1731 word32 keyLen; 1732 (void)rng; 1733 1734 keyLen = wc_RsaEncryptSize(key); 1735 if (keyLen > *outLen) { 1736 WOLFSSL_MSG("Output buffer is not big enough"); 1737 return BAD_FUNC_ARG; 1738 } 1739 1740 if (inLen != keyLen) { 1741 WOLFSSL_MSG("Expected that inLen equals RSA key length"); 1742 return BAD_FUNC_ARG; 1743 } 1744 1745 switch(type) { 1746 case RSA_PRIVATE_DECRYPT: 1747 case RSA_PRIVATE_ENCRYPT: 1748 /* Currently public exponent is loaded by default. 1749 * In SDK 2017.1 RSA exponent values are expected to be of 4 bytes 1750 * leading to private key operations with Xsecure_RsaDecrypt not being 1751 * supported */ 1752 ret = RSA_WRONG_TYPE_E; 1779 int wc_hash2mgf(enum wc_HashType hType) 1780 { 1781 switch (hType) { 1782 case WC_HASH_TYPE_NONE: 1783 return WC_MGF1NONE; 1784 case WC_HASH_TYPE_SHA: 1785 #ifndef NO_SHA 1786 return WC_MGF1SHA1; 1787 #else 1753 1788 break; 1754 case RSA_PUBLIC_ENCRYPT: 1755 case RSA_PUBLIC_DECRYPT:1756 if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) { 1757 ret = BAD_STATE_E;1758 } 1789 #endif 1790 case WC_HASH_TYPE_SHA224: 1791 #ifdef WOLFSSL_SHA224 1792 return WC_MGF1SHA224; 1793 #else 1759 1794 break; 1795 #endif 1796 case WC_HASH_TYPE_SHA256: 1797 #ifndef NO_SHA256 1798 return WC_MGF1SHA256; 1799 #else 1800 break; 1801 #endif 1802 case WC_HASH_TYPE_SHA384: 1803 #ifdef WOLFSSL_SHA384 1804 return WC_MGF1SHA384; 1805 #else 1806 break; 1807 #endif 1808 case WC_HASH_TYPE_SHA512: 1809 #ifdef WOLFSSL_SHA512 1810 return WC_MGF1SHA512; 1811 #else 1812 break; 1813 #endif 1814 case WC_HASH_TYPE_MD2: 1815 case WC_HASH_TYPE_MD4: 1816 case WC_HASH_TYPE_MD5: 1817 case WC_HASH_TYPE_MD5_SHA: 1818 case WC_HASH_TYPE_SHA3_224: 1819 case WC_HASH_TYPE_SHA3_256: 1820 case WC_HASH_TYPE_SHA3_384: 1821 case WC_HASH_TYPE_SHA3_512: 1822 case WC_HASH_TYPE_BLAKE2B: 1823 case WC_HASH_TYPE_BLAKE2S: 1760 1824 default: 1761 ret = RSA_WRONG_TYPE_E; 1762 } 1763 1764 *outLen = keyLen; 1765 1766 return ret; 1767 } 1768 #endif /* WOLFSSL_XILINX_CRYPT */ 1825 break; 1826 } 1827 WOLFSSL_MSG("Unrecognized or unsupported hash function"); 1828 return WC_MGF1NONE; 1829 } 1769 1830 1770 1831 #ifdef WC_RSA_NONBLOCK … … 1846 1907 #endif /* WC_RSA_NONBLOCK */ 1847 1908 1848 #ifdef WOLFSSL_AFALG_XILINX_RSA 1909 #ifdef WOLFSSL_XILINX_CRYPT 1910 /* 1911 * Xilinx hardened crypto acceleration. 1912 * 1913 * Returns 0 on success and negative values on error. 1914 */ 1915 static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, 1916 word32* outLen, int type, RsaKey* key, WC_RNG* rng) 1917 { 1918 int ret = 0; 1919 word32 keyLen; 1920 (void)rng; 1921 1922 keyLen = wc_RsaEncryptSize(key); 1923 if (keyLen > *outLen) { 1924 WOLFSSL_MSG("Output buffer is not big enough"); 1925 return BAD_FUNC_ARG; 1926 } 1927 1928 if (inLen != keyLen) { 1929 WOLFSSL_MSG("Expected that inLen equals RSA key length"); 1930 return BAD_FUNC_ARG; 1931 } 1932 1933 switch(type) { 1934 case RSA_PRIVATE_DECRYPT: 1935 case RSA_PRIVATE_ENCRYPT: 1936 #ifdef WOLFSSL_XILINX_CRYPTO_OLD 1937 /* Currently public exponent is loaded by default. 1938 * In SDK 2017.1 RSA exponent values are expected to be of 4 bytes 1939 * leading to private key operations with Xsecure_RsaDecrypt not being 1940 * supported */ 1941 ret = RSA_WRONG_TYPE_E; 1942 #else 1943 { 1944 byte *d; 1945 int dSz; 1946 XSecure_Rsa rsa; 1947 1948 dSz = mp_unsigned_bin_size(&key->d); 1949 d = (byte*)XMALLOC(dSz, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); 1950 if (d == NULL) { 1951 ret = MEMORY_E; 1952 } 1953 else { 1954 ret = mp_to_unsigned_bin(&key->d, d); 1955 XSecure_RsaInitialize(&rsa, key->mod, NULL, d); 1956 } 1957 1958 if (ret == 0) { 1959 if (XSecure_RsaPrivateDecrypt(&rsa, (u8*)in, inLen, out) != 1960 XST_SUCCESS) { 1961 ret = BAD_STATE_E; 1962 } 1963 } 1964 1965 if (d != NULL) { 1966 XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); 1967 } 1968 } 1969 #endif 1970 break; 1971 case RSA_PUBLIC_ENCRYPT: 1972 case RSA_PUBLIC_DECRYPT: 1973 #ifdef WOLFSSL_XILINX_CRYPTO_OLD 1974 if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) { 1975 ret = BAD_STATE_E; 1976 } 1977 #else 1978 /* starting at Xilinx release 2019 the function XSecure_RsaDecrypt was removed */ 1979 if (XSecure_RsaPublicEncrypt(&(key->xRsa), (u8*)in, inLen, out) != XST_SUCCESS) { 1980 WOLFSSL_MSG("Error happened when calling hardware RSA public operation"); 1981 ret = BAD_STATE_E; 1982 } 1983 #endif 1984 break; 1985 default: 1986 ret = RSA_WRONG_TYPE_E; 1987 } 1988 1989 *outLen = keyLen; 1990 1991 return ret; 1992 } 1993 1994 #elif defined(WOLFSSL_AFALG_XILINX_RSA) 1849 1995 #ifndef ERROR_OUT 1850 1996 #define ERROR_OUT(x) ret = (x); goto done … … 2010 2156 word32* outLen, int type, RsaKey* key, WC_RNG* rng) 2011 2157 { 2012 #if ndef WOLFSSL_SP_MATH2158 #if !defined(WOLFSSL_SP_MATH) 2013 2159 #ifdef WOLFSSL_SMALL_STACK 2014 2160 mp_int* tmp; … … 2039 2185 #endif 2040 2186 #ifndef RSA_LOW_MEM 2041 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q, 2042 &key->dP, &key->dQ, &key->u, &key->n, 2043 out, outLen); 2187 if ((mp_count_bits(&key->p) == 1024) && 2188 (mp_count_bits(&key->q) == 1024)) { 2189 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q, 2190 &key->dP, &key->dQ, &key->u, &key->n, 2191 out, outLen); 2192 } 2193 break; 2044 2194 #else 2045 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,2046 NULL, NULL, NULL,&key->n, out, outLen);2195 return sp_RsaPrivate_2048(in, inLen, &key->d, NULL, NULL, NULL, 2196 NULL, NULL, &key->n, out, outLen); 2047 2197 #endif 2048 2198 #endif … … 2064 2214 #endif 2065 2215 #ifndef RSA_LOW_MEM 2066 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q, 2067 &key->dP, &key->dQ, &key->u, &key->n, 2068 out, outLen); 2216 if ((mp_count_bits(&key->p) == 1536) && 2217 (mp_count_bits(&key->q) == 1536)) { 2218 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q, 2219 &key->dP, &key->dQ, &key->u, &key->n, 2220 out, outLen); 2221 } 2222 break; 2069 2223 #else 2070 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,2071 NULL, NULL, NULL,&key->n, out, outLen);2224 return sp_RsaPrivate_3072(in, inLen, &key->d, NULL, NULL, NULL, 2225 NULL, NULL, &key->n, out, outLen); 2072 2226 #endif 2073 2227 #endif … … 2089 2243 #endif 2090 2244 #ifndef RSA_LOW_MEM 2091 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q, 2092 &key->dP, &key->dQ, &key->u, &key->n, 2093 out, outLen); 2245 if ((mp_count_bits(&key->p) == 2048) && 2246 (mp_count_bits(&key->q) == 2048)) { 2247 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q, 2248 &key->dP, &key->dQ, &key->u, &key->n, 2249 out, outLen); 2250 } 2251 break; 2094 2252 #else 2095 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,2096 NULL, NULL, NULL,&key->n, out, outLen);2253 return sp_RsaPrivate_4096(in, inLen, &key->d, NULL, NULL, NULL, 2254 NULL, NULL, &key->n, out, outLen); 2097 2255 #endif 2098 2256 #endif … … 2105 2263 #endif /* WOLFSSL_HAVE_SP_RSA */ 2106 2264 2107 #if def WOLFSSL_SP_MATH2265 #if defined(WOLFSSL_SP_MATH) 2108 2266 (void)rng; 2109 2267 WOLFSSL_MSG("SP Key Size Error"); … … 2116 2274 if (tmp == NULL) 2117 2275 return MEMORY_E; 2276 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) 2118 2277 #ifdef WC_RSA_BLINDING 2119 2278 rnd = (mp_int*)XMALLOC(sizeof(mp_int) * 2, key->heap, DYNAMIC_TYPE_RSA); … … 2124 2283 rndi = rnd + 1; 2125 2284 #endif /* WC_RSA_BLINDING */ 2285 #endif 2126 2286 #endif /* WOLFSSL_SMALL_STACK */ 2127 2287 … … 2129 2289 ret = MP_INIT_E; 2130 2290 2291 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) 2131 2292 #ifdef WC_RSA_BLINDING 2132 2293 if (ret == 0) { … … 2139 2300 } 2140 2301 #endif 2302 #endif 2141 2303 2142 2304 #ifndef TEST_UNPAD_CONSTANT_TIME … … 2146 2308 if (ret == 0) { 2147 2309 switch(type) { 2148 #if ndef WOLFSSL_RSA_PUBLIC_ONLY2310 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) 2149 2311 case RSA_PRIVATE_DECRYPT: 2150 2312 case RSA_PRIVATE_ENCRYPT: … … 2159 2321 2160 2322 /* rnd = rnd^e */ 2323 #ifndef WOLFSSL_SP_MATH_ALL 2161 2324 if (ret == 0 && mp_exptmod(rnd, &key->e, &key->n, rnd) != MP_OKAY) 2162 2325 ret = MP_EXPTMOD_E; 2326 #else 2327 if (ret == 0 && mp_exptmod_nct(rnd, &key->e, &key->n, 2328 rnd) != MP_OKAY) { 2329 ret = MP_EXPTMOD_E; 2330 } 2331 #endif 2163 2332 2164 2333 /* tmp = tmp*rnd mod n */ … … 2214 2383 2215 2384 /* tmp = (tmpa - tmpb) * qInv (mod p) */ 2385 #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \ 2386 !defined(WOLFSSL_SP_INT_NEGATIVE)) 2387 if (ret == 0 && mp_submod(tmpa, tmpb, &key->p, tmp) != MP_OKAY) 2388 ret = MP_SUB_E; 2389 #else 2216 2390 if (ret == 0 && mp_sub(tmpa, tmpb, tmp) != MP_OKAY) 2217 2391 ret = MP_SUB_E; 2392 #endif 2218 2393 2219 2394 if (ret == 0 && mp_mulmod(tmp, &key->u, &key->p, … … 2254 2429 case RSA_PUBLIC_ENCRYPT: 2255 2430 case RSA_PUBLIC_DECRYPT: 2256 #ifdef WOLFSSL_XILINX_CRYPT2257 ret = wc_RsaFunctionXil(in, inLen, out, outLen, type, key, rng);2258 #else2259 2431 if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) 2260 2432 ret = MP_EXPTMOD_E; 2261 #endif2262 2433 break; 2263 2434 default: … … 2272 2443 ret = RSA_BUFFER_E; 2273 2444 } 2445 2446 #ifndef WOLFSSL_XILINX_CRYPT 2274 2447 if (ret == 0) { 2275 2448 *outLen = keyLen; … … 2277 2450 ret = MP_TO_E; 2278 2451 } 2452 #endif 2279 2453 #else 2280 2454 (void)type; … … 2510 2684 CRYSError_t ret = 0; 2511 2685 CRYS_RSAPrimeData_t primeData; 2512 uint16_tactualOutLen = outLen;2686 word16 actualOutLen = outLen; 2513 2687 2514 2688 ret = CRYS_RSA_PKCS1v15_Decrypt(&key->ctx.privKey, … … 2530 2704 { 2531 2705 CRYSError_t ret = 0; 2532 uint16_tactualOutLen = outLen*sizeof(byte);2706 word16 actualOutLen = outLen*sizeof(byte); 2533 2707 CRYS_RSAPrivUserContext_t contextPrivate; 2534 2708 … … 2593 2767 #endif 2594 2768 2769 #ifndef WOLFSSL_RSA_VERIFY_ONLY 2595 2770 #ifndef TEST_UNPAD_CONSTANT_TIME 2596 2771 #ifndef NO_RSA_BOUNDS_CHECK … … 2612 2787 2613 2788 if (mp_init(c) != MP_OKAY) 2614 ret = M EMORY_E;2789 ret = MP_INIT_E; 2615 2790 if (ret == 0) { 2616 2791 if (mp_read_unsigned_bin(c, in, inLen) != 0) … … 2642 2817 } 2643 2818 #endif /* NO_RSA_BOUNDS_CHECK */ 2819 #endif 2644 2820 #endif 2645 2821 … … 2990 3166 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && 2991 3167 pad_type != WC_RSA_PSS_PAD) { 2992 if (ret > 0) { 3168 ret = key->asyncDev.event.ret; 3169 if (ret >= 0) { 2993 3170 /* convert result */ 2994 3171 byte* dataLen = (byte*)&key->dataLen; … … 3132 3309 RsaKey* key) 3133 3310 { 3134 return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key 3311 return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key, WC_RSA_PKCSV15_PAD); 3135 3312 } 3136 3313 … … 3138 3315 RsaKey* key, int pad_type) 3139 3316 { 3317 return wc_RsaSSL_Verify_ex2(in, inLen, out, outLen, key, pad_type, 3318 WC_HASH_TYPE_NONE); 3319 } 3320 3321 int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, 3322 RsaKey* key, int pad_type, enum wc_HashType hash) 3323 { 3140 3324 WC_RNG* rng; 3141 3325 … … 3150 3334 #endif 3151 3335 3336 #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER 3152 3337 return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, 3153 3338 RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, 3154 WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng); 3339 hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); 3340 #else 3341 return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, 3342 RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, 3343 hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); 3344 #endif 3155 3345 } 3156 3346 #endif … … 3407 3597 hLen = wc_HashGetDigestSize(hash); 3408 3598 if (hLen < 0) 3409 return hLen;3599 return BAD_FUNC_ARG; 3410 3600 if ((word32)hLen != digestLen) 3411 3601 return BAD_FUNC_ARG; … … 3674 3864 ret = mp_sub(p, q, &d); 3675 3865 3866 #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \ 3867 defined(WOLFSSL_SP_INT_NEGATIVE)) 3676 3868 if (ret == 0) 3677 3869 ret = mp_abs(&d, &d); 3870 #endif 3678 3871 3679 3872 /* compare */ … … 3887 4080 { 3888 4081 #ifndef WC_NO_RNG 3889 mp_int p, q, tmp1, tmp2, tmp3; 4082 #ifdef WOLFSSL_SMALL_STACK 4083 mp_int *p = (mp_int *)XMALLOC(sizeof *p, key->heap, DYNAMIC_TYPE_RSA); 4084 mp_int *q = (mp_int *)XMALLOC(sizeof *q, key->heap, DYNAMIC_TYPE_RSA); 4085 mp_int *tmp1 = (mp_int *)XMALLOC(sizeof *tmp1, key->heap, DYNAMIC_TYPE_RSA); 4086 mp_int *tmp2 = (mp_int *)XMALLOC(sizeof *tmp2, key->heap, DYNAMIC_TYPE_RSA); 4087 mp_int *tmp3 = (mp_int *)XMALLOC(sizeof *tmp3, key->heap, DYNAMIC_TYPE_RSA); 4088 #else 4089 mp_int p_buf, *p = &p_buf; 4090 mp_int q_buf, *q = &q_buf; 4091 mp_int tmp1_buf, *tmp1 = &tmp1_buf; 4092 mp_int tmp2_buf, *tmp2 = &tmp2_buf; 4093 mp_int tmp3_buf, *tmp3 = &tmp3_buf; 4094 #endif 3890 4095 int err, i, failCount, primeSz, isPrime = 0; 3891 4096 byte* buf = NULL; 3892 4097 3893 if (key == NULL || rng == NULL) 3894 return BAD_FUNC_ARG; 3895 3896 if (!RsaSizeCheck(size)) 3897 return BAD_FUNC_ARG; 3898 3899 if (e < 3 || (e & 1) == 0) 3900 return BAD_FUNC_ARG; 4098 #ifdef WOLFSSL_SMALL_STACK 4099 if ((p == NULL) || 4100 (q == NULL) || 4101 (tmp1 == NULL) || 4102 (tmp2 == NULL) || 4103 (tmp3 == NULL)) { 4104 err = MEMORY_E; 4105 goto out; 4106 } 4107 #endif 4108 4109 if (key == NULL || rng == NULL) { 4110 err = BAD_FUNC_ARG; 4111 goto out; 4112 } 4113 4114 if (!RsaSizeCheck(size)) { 4115 err = BAD_FUNC_ARG; 4116 goto out; 4117 } 4118 4119 if (e < 3 || (e & 1) == 0) { 4120 err = BAD_FUNC_ARG; 4121 goto out; 4122 } 3901 4123 3902 4124 #if defined(WOLFSSL_CRYPTOCELL) 3903 4125 3904 return cc310_RSA_GenerateKeyPair(key, size, e); 4126 err = cc310_RSA_GenerateKeyPair(key, size, e); 4127 goto out; 3905 4128 3906 4129 #endif /*WOLFSSL_CRYPTOCELL*/ … … 3908 4131 #ifdef WOLF_CRYPTO_CB 3909 4132 if (key->devId != INVALID_DEVID) { 3910 int ret= wc_CryptoCb_MakeRsaKey(key, size, e, rng);3911 if ( ret!= CRYPTOCB_UNAVAILABLE)3912 return ret;4133 err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); 4134 if (err != CRYPTOCB_UNAVAILABLE) 4135 goto out; 3913 4136 /* fall-through when unavailable */ 3914 4137 } … … 3921 4144 /* TODO: Not implemented */ 3922 4145 #elif defined(HAVE_INTEL_QA) 3923 return IntelQaRsaKeyGen(&key->asyncDev, key, size, e, rng); 4146 err = IntelQaRsaKeyGen(&key->asyncDev, key, size, e, rng); 4147 goto out; 3924 4148 #else 3925 4149 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_RSA_MAKE)) { … … 3929 4153 testDev->rsaMake.size = size; 3930 4154 testDev->rsaMake.e = e; 3931 return WC_PENDING_E; 4155 err = WC_PENDING_E; 4156 goto out; 3932 4157 } 3933 4158 #endif … … 3935 4160 #endif 3936 4161 3937 err = mp_init_multi( &p, &q, &tmp1, &tmp2, &tmp3, NULL);4162 err = mp_init_multi(p, q, tmp1, tmp2, tmp3, NULL); 3938 4163 3939 4164 if (err == MP_OKAY) 3940 err = mp_set_int( &tmp3, e);4165 err = mp_set_int(tmp3, e); 3941 4166 3942 4167 /* The failCount value comes from NIST FIPS 186-4, section B.3.3, … … 3970 4195 buf[primeSz-1] |= 0x01; 3971 4196 /* load value */ 3972 err = mp_read_unsigned_bin( &p, buf, primeSz);4197 err = mp_read_unsigned_bin(p, buf, primeSz); 3973 4198 } 3974 4199 3975 4200 if (err == MP_OKAY) 3976 err = _CheckProbablePrime( &p, NULL, &tmp3, size, &isPrime, rng);4201 err = _CheckProbablePrime(p, NULL, tmp3, size, &isPrime, rng); 3977 4202 3978 4203 #ifdef HAVE_FIPS … … 4005 4230 buf[primeSz-1] |= 0x01; 4006 4231 /* load value */ 4007 err = mp_read_unsigned_bin( &q, buf, primeSz);4232 err = mp_read_unsigned_bin(q, buf, primeSz); 4008 4233 } 4009 4234 4010 4235 if (err == MP_OKAY) 4011 err = _CheckProbablePrime( &p, &q, &tmp3, size, &isPrime, rng);4236 err = _CheckProbablePrime(p, q, tmp3, size, &isPrime, rng); 4012 4237 4013 4238 #ifdef HAVE_FIPS … … 4028 4253 } 4029 4254 4030 if (err == MP_OKAY && mp_cmp( &p, &q) < 0) {4031 err = mp_copy( &p, &tmp1);4255 if (err == MP_OKAY && mp_cmp(p, q) < 0) { 4256 err = mp_copy(p, tmp1); 4032 4257 if (err == MP_OKAY) 4033 err = mp_copy( &q, &p);4258 err = mp_copy(q, p); 4034 4259 if (err == MP_OKAY) 4035 mp_copy( &tmp1, &q);4260 mp_copy(tmp1, q); 4036 4261 } 4037 4262 … … 4044 4269 /* Software Key Calculation */ 4045 4270 if (err == MP_OKAY) /* tmp1 = p-1 */ 4046 err = mp_sub_d( &p, 1, &tmp1);4271 err = mp_sub_d(p, 1, tmp1); 4047 4272 if (err == MP_OKAY) /* tmp2 = q-1 */ 4048 err = mp_sub_d( &q, 1, &tmp2);4273 err = mp_sub_d(q, 1, tmp2); 4049 4274 #ifdef WC_RSA_BLINDING 4050 4275 if (err == MP_OKAY) /* tmp3 = order of n */ 4051 err = mp_mul( &tmp1, &tmp2, &tmp3);4276 err = mp_mul(tmp1, tmp2, tmp3); 4052 4277 #else 4053 4278 if (err == MP_OKAY) /* tmp3 = lcm(p-1, q-1), last loop */ 4054 err = mp_lcm( &tmp1, &tmp2, &tmp3);4279 err = mp_lcm(tmp1, tmp2, tmp3); 4055 4280 #endif 4056 4281 /* make key */ … … 4061 4286 if (err == MP_OKAY) { 4062 4287 do { 4063 err = mp_rand(&key->p, get_digit_count( &tmp3), rng);4288 err = mp_rand(&key->p, get_digit_count(tmp3), rng); 4064 4289 if (err == MP_OKAY) 4065 4290 err = mp_set_bit(&key->p, 0); … … 4067 4292 err = mp_set_bit(&key->p, size - 1); 4068 4293 if (err == MP_OKAY) 4069 err = mp_gcd(&key->p, &tmp3, &key->q);4294 err = mp_gcd(&key->p, tmp3, &key->q); 4070 4295 } 4071 4296 while ((err == MP_OKAY) && !mp_isone(&key->q)); … … 4075 4300 #endif 4076 4301 if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ 4077 err = mp_invmod(&key->e, &tmp3, &key->d);4302 err = mp_invmod(&key->e, tmp3, &key->d); 4078 4303 #ifdef WC_RSA_BLINDING 4079 4304 /* Take off blinding from d and reset e */ 4080 4305 if (err == MP_OKAY) 4081 err = mp_mulmod(&key->d, &key->p, &tmp3, &key->d);4306 err = mp_mulmod(&key->d, &key->p, tmp3, &key->d); 4082 4307 if (err == MP_OKAY) 4083 4308 err = mp_set_int(&key->e, (mp_digit)e); 4084 4309 #endif 4085 4310 if (err == MP_OKAY) /* key->n = pq */ 4086 err = mp_mul( &p, &q, &key->n);4311 err = mp_mul(p, q, &key->n); 4087 4312 if (err == MP_OKAY) /* key->dP = d mod(p-1) */ 4088 err = mp_mod(&key->d, &tmp1, &key->dP);4313 err = mp_mod(&key->d, tmp1, &key->dP); 4089 4314 if (err == MP_OKAY) /* key->dQ = d mod(q-1) */ 4090 err = mp_mod(&key->d, &tmp2, &key->dQ);4315 err = mp_mod(&key->d, tmp2, &key->dQ); 4091 4316 #ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME 4092 4317 if (err == MP_OKAY) /* key->u = 1/q mod p */ 4093 err = mp_invmod( &q, &p, &key->u);4318 err = mp_invmod(q, p, &key->u); 4094 4319 #else 4095 4320 if (err == MP_OKAY) 4096 err = mp_sub_d( &p, 2, &tmp3);4321 err = mp_sub_d(p, 2, tmp3); 4097 4322 if (err == MP_OKAY) /* key->u = 1/q mod p = q^p-2 mod p */ 4098 err = mp_exptmod( &q, &tmp3 , &p, &key->u);4323 err = mp_exptmod(q, tmp3 , p, &key->u); 4099 4324 #endif 4100 4325 if (err == MP_OKAY) 4101 err = mp_copy( &p, &key->p);4326 err = mp_copy(p, &key->p); 4102 4327 if (err == MP_OKAY) 4103 err = mp_copy( &q, &key->q);4328 err = mp_copy(q, &key->q); 4104 4329 4105 4330 #ifdef HAVE_WOLF_BIGINT … … 4126 4351 key->type = RSA_PRIVATE; 4127 4352 4128 mp_clear( &tmp1);4129 mp_clear( &tmp2);4130 mp_clear( &tmp3);4131 mp_clear( &p);4132 mp_clear( &q);4353 mp_clear(tmp1); 4354 mp_clear(tmp2); 4355 mp_clear(tmp3); 4356 mp_clear(p); 4357 mp_clear(q); 4133 4358 4134 4359 #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_RSA_KEY_CHECK) … … 4140 4365 if (err != 0) { 4141 4366 wc_FreeRsaKey(key); 4142 return err;4367 goto out; 4143 4368 } 4144 4369 … … 4148 4373 } 4149 4374 #endif 4150 return 0; 4375 4376 err = 0; 4377 4378 out: 4379 4380 #ifdef WOLFSSL_SMALL_STACK 4381 if (p) 4382 XFREE(p, key->heap, DYNAMIC_TYPE_RSA); 4383 if (q) 4384 XFREE(q, key->heap, DYNAMIC_TYPE_RSA); 4385 if (tmp1) 4386 XFREE(tmp1, key->heap, DYNAMIC_TYPE_RSA); 4387 if (tmp2) 4388 XFREE(tmp2, key->heap, DYNAMIC_TYPE_RSA); 4389 if (tmp3) 4390 XFREE(tmp3, key->heap, DYNAMIC_TYPE_RSA); 4391 #endif 4392 4393 return err; 4151 4394 #else 4152 4395 return NOT_COMPILED_IN; … … 4160 4403 int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) 4161 4404 { 4405 if (key == NULL || rng == NULL) 4406 return BAD_FUNC_ARG; 4407 4408 key->rng = rng; 4409 4410 return 0; 4411 } 4412 #endif /* WC_RSA_BLINDING */ 4413 4414 #ifdef WC_RSA_NONBLOCK 4415 int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb) 4416 { 4162 4417 if (key == NULL) 4163 4418 return BAD_FUNC_ARG; 4164 4419 4165 key->rng = rng;4166 4167 return 0;4168 }4169 #endif /* WC_RSA_BLINDING */4170 4171 #ifdef WC_RSA_NONBLOCK4172 int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb)4173 {4174 if (key == NULL)4175 return BAD_FUNC_ARG;4176 4177 4420 if (nb) { 4178 4421 XMEMSET(nb, 0, sizeof(RsaNb)); -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/sha.c
r457 r464 191 191 int wc_ShaFinal(wc_Sha* sha, byte* hash) 192 192 { 193 uint32_thashlen = WC_SHA_DIGEST_SIZE;193 word32 hashlen = WC_SHA_DIGEST_SIZE; 194 194 LTC_HASH_Finish(&sha->ctx, hash, &hashlen); 195 195 return wc_InitSha(sha); /* reset state */ … … 225 225 cau_sha1_initialize_output(sha->digest); 226 226 #else 227 MMCAU_SHA1_InitializeOutput(( uint32_t*)sha->digest);227 MMCAU_SHA1_InitializeOutput((word32*)sha->digest); 228 228 #endif 229 229 wolfSSL_CryptHwMutexUnLock(); … … 243 243 cau_sha1_hash_n((byte*)data, 1, sha->digest); 244 244 #else 245 MMCAU_SHA1_HashN((byte*)data, 1, ( uint32_t*)sha->digest);245 MMCAU_SHA1_HashN((byte*)data, 1, (word32*)sha->digest); 246 246 #endif 247 247 wolfSSL_CryptHwMutexUnLock(); … … 277 277 #else 278 278 MMCAU_SHA1_HashN((byte*)data, len/WC_SHA_BLOCK_SIZE, 279 ( uint32_t*)sha->digest);279 (word32*)sha->digest); 280 280 #endif 281 281 } … … 328 328 329 329 /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ 330 331 #elif defined(WOLFSSL_IMXRT_DCP) 332 /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 333 334 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 335 336 /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ 330 337 331 338 #else … … 520 527 } 521 528 529 if (data == NULL && len == 0) { 530 /* valid, but do nothing */ 531 return 0; 532 } 533 522 534 #ifdef WOLF_CRYPTO_CB 523 535 if (sha->devId != INVALID_DEVID) { … … 540 552 if (sha->buffLen >= WC_SHA_BLOCK_SIZE) 541 553 return BUFFER_E; 542 543 if (data == NULL && len == 0) {544 /* valid, but do nothing */545 return 0;546 }547 554 548 555 /* add length for final */ … … 680 687 if (ret != CRYPTOCB_UNAVAILABLE) 681 688 return ret; 682 ret = 0; /* reset ret */683 689 /* fall-through when unavailable */ 684 690 } … … 794 800 sha->msg = NULL; 795 801 } 802 #endif 803 #ifdef WOLFSSL_IMXRT_DCP 804 DCPShaFree(sha); 796 805 #endif 797 806 } … … 842 851 XMEMCPY(dst, src, sizeof(wc_Sha)); 843 852 853 #ifdef WOLFSSL_SILABS_SE_ACCEL 854 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); 855 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); 856 #endif 857 844 858 #ifdef WOLFSSL_ASYNC_CRYPT 845 859 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/sha256.c
r457 r464 20 20 */ 21 21 22 /* For more info on the algorithm, see https://tools.ietf.org/html/rfc6234 */ 23 /* 24 25 DESCRIPTION 26 This library provides the interface to SHA-256 secure hash algorithms. 27 SHA-256 performs processing on message blocks to produce a final hash digest 28 output. It can be used to hash a message, M, having a length of L bits, 29 where 0 <= L < 2^64. 30 31 */ 22 32 #ifdef HAVE_CONFIG_H 23 33 #include <config.h> … … 120 130 #elif defined(WOLFSSL_CRYPTOCELL) 121 131 /* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */ 132 133 #elif defined(WOLFSSL_IMXRT_DCP) 134 135 #elif defined(WOLFSSL_PSOC6_CRYPTO) 136 137 122 138 #else 123 139 … … 165 181 !defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \ 166 182 (!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \ 167 (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) 183 (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) && \ 184 !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) 185 168 186 169 187 static int InitSha256(wc_Sha256* sha256) … … 197 215 198 216 /* Hardware Acceleration */ 199 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 217 #if defined(USE_INTEL_SPEEDUP) && (defined(HAVE_INTEL_AVX1) || \ 218 defined(HAVE_INTEL_AVX2)) 200 219 201 220 /* in case intel instructions aren't available, plus we need the K[] global */ … … 295 314 static int transform_check = 0; 296 315 static word32 intel_flags; 297 298 #define XTRANSFORM(S, D) (*Transform_Sha256_p)((S),(D)) 299 #define XTRANSFORM_LEN(S, D, L) (*Transform_Sha256_Len_p)((S),(D),(L)) 316 static int Transform_Sha256_is_vectorized = 0; 317 318 static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) { 319 int ret; 320 if (Transform_Sha256_is_vectorized) 321 SAVE_VECTOR_REGISTERS(); 322 ret = (*Transform_Sha256_p)(S, D); 323 if (Transform_Sha256_is_vectorized) 324 RESTORE_VECTOR_REGISTERS(); 325 return ret; 326 } 327 #define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__) 328 329 static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) { 330 int ret; 331 if (Transform_Sha256_is_vectorized) 332 SAVE_VECTOR_REGISTERS(); 333 ret = (*Transform_Sha256_Len_p)(S, D, L); 334 if (Transform_Sha256_is_vectorized) 335 RESTORE_VECTOR_REGISTERS(); 336 return ret; 337 } 338 #define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__) 300 339 301 340 static void Sha256_SetTransform(void) … … 313 352 Transform_Sha256_p = Transform_Sha256_AVX2_RORX; 314 353 Transform_Sha256_Len_p = Transform_Sha256_AVX2_RORX_Len; 354 Transform_Sha256_is_vectorized = 1; 315 355 } 316 356 else … … 320 360 Transform_Sha256_p = Transform_Sha256_AVX2; 321 361 Transform_Sha256_Len_p = Transform_Sha256_AVX2_Len; 362 Transform_Sha256_is_vectorized = 1; 322 363 } 323 364 #ifdef HAVE_INTEL_RORX … … 325 366 Transform_Sha256_p = Transform_Sha256_AVX1_RORX; 326 367 Transform_Sha256_Len_p = Transform_Sha256_AVX1_RORX_Len; 368 Transform_Sha256_is_vectorized = 1; 327 369 } 328 370 #endif … … 334 376 Transform_Sha256_p = Transform_Sha256_AVX1; 335 377 Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len; 378 Transform_Sha256_is_vectorized = 1; 336 379 } 337 380 else … … 340 383 Transform_Sha256_p = Transform_Sha256; 341 384 Transform_Sha256_Len_p = NULL; 385 Transform_Sha256_is_vectorized = 0; 342 386 } 343 387 … … 354 398 #ifdef WOLF_CRYPTO_CB 355 399 sha256->devId = devId; 400 #endif 401 #ifdef WOLFSSL_SMALL_STACK_CACHE 402 sha256->W = NULL; 356 403 #endif 357 404 … … 415 462 cau_sha256_initialize_output(sha256->digest); 416 463 #else 417 MMCAU_SHA256_InitializeOutput(( uint32_t*)sha256->digest);464 MMCAU_SHA256_InitializeOutput((word32*)sha256->digest); 418 465 #endif 419 466 wolfSSL_CryptHwMutexUnLock(); … … 495 542 (void)heap; 496 543 544 XMEMSET(sha256, 0, sizeof(wc_Sha256)); 497 545 wc_Stm32_Hash_Init(&sha256->stmCtx); 498 546 return 0; … … 664 712 /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ 665 713 714 #elif defined(WOLFSSL_PSOC6_CRYPTO) 715 716 /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */ 717 718 #elif defined(WOLFSSL_IMXRT_DCP) 719 #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h> 720 /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 721 722 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 723 /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ 724 666 725 #else 667 726 #define NEED_SOFT_SHA256 … … 678 737 sha256->devCtx = NULL; 679 738 #endif 739 #ifdef WOLFSSL_SMALL_STACK_CACHE 740 sha256->W = NULL; 741 #endif 680 742 681 743 ret = InitSha256(sha256); 682 744 if (ret != 0) 683 745 return ret; 684 685 #ifdef WOLFSSL_SMALL_STACK_CACHE686 sha256->W = NULL;687 #endif688 746 689 747 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) … … 700 758 #ifdef NEED_SOFT_SHA256 701 759 702 static const ALIGN32 word32 K[64] = {760 static const FLASH_QUALIFIER ALIGN32 word32 K[64] = { 703 761 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, 704 762 0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L, … … 929 987 if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) { 930 988 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) 931 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 989 #if defined(USE_INTEL_SPEEDUP) && \ 990 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 932 991 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) 933 992 #endif … … 961 1020 /* process blocks */ 962 1021 #ifdef XTRANSFORM_LEN 963 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1022 #if defined(USE_INTEL_SPEEDUP) && \ 1023 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 964 1024 if (Transform_Sha256_Len_p != NULL) 965 1025 #endif … … 976 1036 } 977 1037 } 978 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1038 #if defined(USE_INTEL_SPEEDUP) && \ 1039 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 979 1040 else 980 1041 #endif 981 1042 #endif /* XTRANSFORM_LEN */ 982 #if !defined(XTRANSFORM_LEN) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1043 #if !defined(XTRANSFORM_LEN) || (defined(USE_INTEL_SPEEDUP) && \ 1044 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) 983 1045 { 984 1046 while (len >= WC_SHA256_BLOCK_SIZE) { … … 988 1050 /* Little Endian requires byte swap, so can't use data directly */ 989 1051 #if defined(WC_HASH_DATA_ALIGNMENT) && !defined(LITTLE_ENDIAN_ORDER) && \ 990 !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2) 1052 !(defined(USE_INTEL_SPEEDUP) && \ 1053 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) 991 1054 if (((size_t)data % WC_HASH_DATA_ALIGNMENT) == 0) { 992 1055 local32 = (word32*)data; … … 1002 1065 1003 1066 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) 1004 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1067 #if defined(USE_INTEL_SPEEDUP) && \ 1068 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 1005 1069 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) 1006 1070 #endif … … 1031 1095 1032 1096 /* save remainder */ 1033 if ( len > 0) {1097 if (ret == 0 && len > 0) { 1034 1098 XMEMCPY(local, data, len); 1035 1099 sha256->buffLen = len; … … 1089 1153 1090 1154 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) 1091 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1155 #if defined(USE_INTEL_SPEEDUP) && \ 1156 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 1092 1157 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) 1093 1158 #endif … … 1126 1191 /* store lengths */ 1127 1192 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) 1128 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1193 #if defined(USE_INTEL_SPEEDUP) && \ 1194 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 1129 1195 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) 1130 1196 #endif … … 1139 1205 sizeof(word32)); 1140 1206 1141 #if defined(FREESCALE_MMCAU_SHA) || defined(HAVE_INTEL_AVX1) ||\1142 defined(HAVE_INTEL_AVX2)1207 #if defined(FREESCALE_MMCAU_SHA) || (defined(USE_INTEL_SPEEDUP) && \ 1208 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) 1143 1209 /* Kinetis requires only these bytes reversed */ 1144 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1210 #if defined(USE_INTEL_SPEEDUP) && \ 1211 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 1145 1212 if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) 1146 1213 #endif … … 1245 1312 (void)heap; 1246 1313 1314 XMEMSET(sha224, 0, sizeof(wc_Sha224)); 1247 1315 wc_Stm32_Hash_Init(&sha224->stmCtx); 1248 1316 return 0; … … 1294 1362 #elif defined(WOLFSSL_DEVCRYPTO_HASH) 1295 1363 /* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */ 1364 1365 #elif defined(WOLFSSL_SILABS_SE_ACCEL) 1366 /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ 1296 1367 1297 1368 #else … … 1321 1392 sha224->hiLen = 0; 1322 1393 1323 #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2) 1394 #if defined(USE_INTEL_SPEEDUP) && \ 1395 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) 1324 1396 /* choose best Transform function under this runtime environment */ 1325 1397 Sha256_SetTransform(); … … 1343 1415 1344 1416 sha224->heap = heap; 1417 #ifdef WOLFSSL_SMALL_STACK_CACHE 1418 sha224->W = NULL; 1419 #endif 1345 1420 1346 1421 ret = InitSha224(sha224); 1347 1422 if (ret != 0) 1348 1423 return ret; 1349 1350 #ifdef WOLFSSL_SMALL_STACK_CACHE1351 sha224->W = NULL;1352 #endif1353 1424 1354 1425 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224) … … 1486 1557 } 1487 1558 #endif 1559 #ifdef WOLFSSL_IMXRT_DCP 1560 DCPSha256Free(sha256); 1561 #endif 1488 1562 } 1489 1563 … … 1521 1595 #endif 1522 1596 1597 #ifdef WOLFSSL_SILABS_SE_ACCEL 1598 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); 1599 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); 1600 #endif 1601 1523 1602 #ifdef WOLFSSL_ASYNC_CRYPT 1524 1603 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); … … 1560 1639 1561 1640 /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ 1641 #elif defined(WOLFSSL_PSOC6_CRYPTO) 1642 /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */ 1643 #elif defined(WOLFSSL_IMXRT_DCP) 1644 /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ 1562 1645 #else 1563 1646 … … 1604 1687 #endif 1605 1688 1689 #ifdef WOLFSSL_SILABS_SE_ACCEL 1690 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); 1691 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); 1692 #endif 1693 1606 1694 #ifdef WOLFSSL_ASYNC_CRYPT 1607 1695 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/sha512.c
r457 r464 27 27 #include <wolfssl/wolfcrypt/settings.h> 28 28 29 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) 29 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO) 30 30 31 31 #if defined(HAVE_FIPS) && \ … … 188 188 #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) 189 189 /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ 190 191 #elif defined(WOLFSSL_SILABS_SHA384) 192 /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */ 190 193 191 194 #else … … 338 341 static int transform_check = 0; 339 342 static int intel_flags; 340 #define Transform_Sha512(sha512) (*Transform_Sha512_p)(sha512) 341 #define Transform_Sha512_Len(sha512, len) \ 342 (*Transform_Sha512_Len_p)(sha512, len) 343 344 static void Sha512_SetTransform() 343 static int Transform_Sha512_is_vectorized = 0; 344 345 static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) { 346 int ret; 347 if (Transform_Sha512_is_vectorized) 348 SAVE_VECTOR_REGISTERS(); 349 ret = (*Transform_Sha512_p)(sha512); 350 if (Transform_Sha512_is_vectorized) 351 RESTORE_VECTOR_REGISTERS(); 352 return ret; 353 } 354 static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) { 355 int ret; 356 if (Transform_Sha512_is_vectorized) 357 SAVE_VECTOR_REGISTERS(); 358 ret = (*Transform_Sha512_Len_p)(sha512, len); 359 if (Transform_Sha512_is_vectorized) 360 RESTORE_VECTOR_REGISTERS(); 361 return ret; 362 } 363 364 static void Sha512_SetTransform(void) 345 365 { 346 366 if (transform_check) … … 355 375 Transform_Sha512_p = Transform_Sha512_AVX2_RORX; 356 376 Transform_Sha512_Len_p = Transform_Sha512_AVX2_RORX_Len; 377 Transform_Sha512_is_vectorized = 1; 357 378 } 358 379 else … … 361 382 Transform_Sha512_p = Transform_Sha512_AVX2; 362 383 Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len; 384 Transform_Sha512_is_vectorized = 1; 363 385 } 364 386 #ifdef HAVE_INTEL_RORX … … 366 388 Transform_Sha512_p = Transform_Sha512_AVX1_RORX; 367 389 Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len; 390 Transform_Sha512_is_vectorized = 1; 368 391 } 369 392 #endif … … 375 398 Transform_Sha512_p = Transform_Sha512_AVX1; 376 399 Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len; 400 Transform_Sha512_is_vectorized = 1; 377 401 } 378 402 else 379 403 #endif 404 { 380 405 Transform_Sha512_p = _Transform_Sha512; 406 Transform_Sha512_is_vectorized = 1; 407 } 381 408 382 409 transform_check = 1; … … 399 426 400 427 sha512->heap = heap; 428 #ifdef WOLFSSL_SMALL_STACK_CACHE 429 sha512->W = NULL; 430 #endif 401 431 402 432 ret = InitSha512(sha512); … … 406 436 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 407 437 Sha512_SetTransform(); 408 #endif409 410 #ifdef WOLFSSL_SMALL_STACK_CACHE411 sha512->W = NULL;412 438 #endif 413 439 … … 508 534 word64* W = sha512->W; 509 535 if (W == NULL) { 510 W = (word64*) XMALLOC(sizeof(word64) * 16, NULL, 511 DYNAMIC_TYPE_TMP_BUFFER); 536 W = (word64*)XMALLOC(sizeof(word64) * 16, NULL,DYNAMIC_TYPE_TMP_BUFFER); 512 537 if (W == NULL) 513 538 return MEMORY_E; … … 693 718 #endif 694 719 695 if ( len > 0) {720 if (ret == 0 && len > 0) { 696 721 XMEMCPY(local, data, len); 697 722 sha512->buffLen = len; … … 722 747 #endif /* WOLFSSL_SHA512 */ 723 748 724 #endif /* WOLFSSL_IMX6_CAAM */749 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA384 */ 725 750 726 751 static WC_INLINE int Sha512Final(wc_Sha512* sha512) … … 903 928 /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ 904 929 930 #elif defined(WOLFSSL_SILABS_SHA512) 931 /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */ 932 905 933 #else 906 934 … … 1020 1048 1021 1049 sha384->heap = heap; 1050 #ifdef WOLFSSL_SMALL_STACK_CACHE 1051 sha384->W = NULL; 1052 #endif 1053 1022 1054 ret = InitSha384(sha384); 1023 1055 if (ret != 0) … … 1026 1058 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) 1027 1059 Sha512_SetTransform(); 1028 #endif1029 #ifdef WOLFSSL_SMALL_STACK_CACHE1030 sha384->W = NULL;1031 1060 #endif 1032 1061 … … 1041 1070 } 1042 1071 1043 #endif /* WOLFSSL_IMX6_CAAM */1072 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 */ 1044 1073 1045 1074 int wc_InitSha384(wc_Sha384* sha384) … … 1112 1141 #endif 1113 1142 1143 #ifdef WOLFSSL_SILABS_SHA512 1144 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); 1145 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); 1146 #endif 1147 1114 1148 #ifdef WOLFSSL_ASYNC_CRYPT 1115 1149 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); … … 1188 1222 #endif 1189 1223 1224 #ifdef WOLFSSL_SILABS_SHA384 1225 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); 1226 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); 1227 #endif 1228 1190 1229 #ifdef WOLFSSL_ASYNC_CRYPT 1191 1230 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/wc_encrypt.c
r457 r464 29 29 #include <wolfssl/wolfcrypt/des3.h> 30 30 #include <wolfssl/wolfcrypt/hash.h> 31 #include <wolfssl/wolfcrypt/rc2.h> 31 32 #include <wolfssl/wolfcrypt/arc4.h> 32 33 #include <wolfssl/wolfcrypt/wc_encrypt.h> … … 239 240 240 241 241 #if def WOLFSSL_ENCRYPTED_KEYS242 #if !defined(NO_ASN) && defined(WOLFSSL_ENCRYPTED_KEYS) 242 243 243 244 int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, … … 361 362 } 362 363 363 #endif /* WOLFSSL_ENCRYPTED_KEYS */364 #endif /* !NO_ASN && WOLFSSL_ENCRYPTED_KEYS */ 364 365 365 366 … … 375 376 int length, int version, byte* cbcIv, int enc, int shaOid) 376 377 { 377 int typeH ;378 int typeH = WC_HASH_TYPE_NONE; 378 379 int derivedLen = 0; 379 380 int ret = 0; … … 456 457 break; 457 458 #endif /* WOLFSSL_AES_128 && !NO_SHA */ 459 #ifdef WC_RC2 460 case PBE_SHA1_40RC2_CBC: 461 typeH = WC_SHA; 462 derivedLen = 5; 463 break; 464 #endif 458 465 default: 459 466 WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); … … 612 619 case PBE_AES128_CBC: 613 620 { 614 Aes aes; 615 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 621 #ifdef WOLFSSL_SMALL_STACK 622 Aes *aes; 623 aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES); 624 if (aes == NULL) 625 return MEMORY_E; 626 #else 627 Aes aes[1]; 628 #endif 629 ret = wc_AesInit(aes, NULL, INVALID_DEVID); 616 630 if (ret == 0) { 617 631 if (enc) { 618 ret = wc_AesSetKey( &aes, key, derivedLen, cbcIv,632 ret = wc_AesSetKey(aes, key, derivedLen, cbcIv, 619 633 AES_ENCRYPTION); 620 634 } 621 635 else { 622 ret = wc_AesSetKey( &aes, key, derivedLen, cbcIv,636 ret = wc_AesSetKey(aes, key, derivedLen, cbcIv, 623 637 AES_DECRYPTION); 624 638 } … … 626 640 if (ret == 0) { 627 641 if (enc) 628 ret = wc_AesCbcEncrypt( &aes, input, input, length);642 ret = wc_AesCbcEncrypt(aes, input, input, length); 629 643 else 630 ret = wc_AesCbcDecrypt(&aes, input, input, length); 631 } 644 ret = wc_AesCbcDecrypt(aes, input, input, length); 645 } 646 ForceZero(aes, sizeof(Aes)); 647 #ifdef WOLFSSL_SMALL_STACK 648 XFREE(aes, NULL, DYNAMIC_TYPE_AES); 649 #endif 632 650 if (ret != 0) { 633 651 #ifdef WOLFSSL_SMALL_STACK … … 636 654 return ret; 637 655 } 638 ForceZero(&aes, sizeof(Aes));639 656 break; 640 657 } 641 658 #endif /* WOLFSSL_AES_256 */ 642 659 #endif /* !NO_AES && HAVE_AES_CBC */ 660 #ifdef WC_RC2 661 case PBE_SHA1_40RC2_CBC: 662 { 663 Rc2 rc2; 664 /* effective key size for RC2-40-CBC is 40 bits */ 665 ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40); 666 if (ret == 0) { 667 if (enc) 668 ret = wc_Rc2CbcEncrypt(&rc2, input, input, length); 669 else 670 ret = wc_Rc2CbcDecrypt(&rc2, input, input, length); 671 } 672 if (ret != 0) { 673 #ifdef WOLFSSL_SMALL_STACK 674 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 675 #endif 676 return ret; 677 } 678 ForceZero(&rc2, sizeof(Rc2)); 679 break; 680 } 681 #endif 643 682 644 683 default: -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/wc_port.c
r457 r464 47 47 #endif 48 48 49 #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) 49 #ifdef WOLFSSL_PSOC6_CRYPTO 50 #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h> 51 #endif 52 53 #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ 54 defined(WOLFSSL_ATECC608A) 50 55 #include <wolfssl/wolfcrypt/port/atmel/atmel.h> 51 56 #endif … … 69 74 defined(WOLFSSL_IMX6_CAAM_BLOB) 70 75 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> 76 #endif 77 78 #ifdef WOLFSSL_IMXRT_DCP 79 #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h> 71 80 #endif 72 81 … … 105 114 { 106 115 int ret = 0; 107 108 116 if (initRefCount == 0) { 109 117 WOLFSSL_ENTER("wolfCrypt_Init"); … … 181 189 #endif 182 190 183 #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) 191 #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ 192 defined(WOLFSSL_ATECC608A) 184 193 ret = atmel_init(); 185 194 if (ret != 0) { … … 200 209 #endif 201 210 211 #if defined(WOLFSSL_PSOC6_CRYPTO) 212 ret = psoc6_crypto_port_init(); 213 if (ret != 0) { 214 WOLFSSL_MSG("PSoC6 crypto engine init failed"); 215 return ret; 216 } 217 #endif 218 219 #ifdef WOLFSSL_SILABS_SE_ACCEL 220 /* init handles if it is already initialized */ 221 ret = sl_se_init(); 222 #endif 223 202 224 #ifdef WOLFSSL_ARMASM 203 225 WOLFSSL_MSG("Using ARM hardware acceleration"); … … 220 242 221 243 #ifdef HAVE_ECC 244 #ifdef FP_ECC 245 wc_ecc_fp_init(); 246 #endif 222 247 #ifdef ECC_CACHE_CURVE 223 248 if ((ret = wc_ecc_curve_cache_init()) != 0) { … … 248 273 #endif 249 274 275 #ifdef WOLFSSL_IMXRT_DCP 276 if ((ret = wc_dcp_init()) != 0) { 277 return ret; 278 } 279 #endif 280 250 281 #if defined(WOLFSSL_DSP) && !defined(WOLFSSL_DSP_BUILD) 251 282 if ((ret = wolfSSL_InitHandle()) != 0) { … … 260 291 } 261 292 293 #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE 294 long wolfCrypt_heap_peakAllocs_checkpoint(void) { 295 long ret = ourMemStats.peakAllocsTripOdometer; 296 ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - 297 ourMemStats.totalDeallocs; 298 return ret; 299 } 300 long wolfCrypt_heap_peakBytes_checkpoint(void) { 301 long ret = ourMemStats.peakBytesTripOdometer; 302 ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; 303 return ret; 304 } 305 #endif 262 306 263 307 /* return success value is the same as wolfCrypt_Init */ … … 303 347 cc310_Free(); 304 348 #endif 349 #ifdef WOLFSSL_SILABS_SE_ACCEL 350 ret = sl_se_deinit(); 351 #endif 305 352 #if defined(WOLFSSL_RENESAS_TSIP_CRYPT) 306 353 tsip_Close(); … … 315 362 } 316 363 317 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ 318 !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) 364 #ifndef NO_FILESYSTEM 365 366 /* Helpful function to load file into allocated buffer */ 367 int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, 368 void* heap) 369 { 370 int ret; 371 size_t fileSz; 372 XFILE f; 373 374 if (fname == NULL || buf == NULL || bufLen == NULL) { 375 return BAD_FUNC_ARG; 376 } 377 378 /* set defaults */ 379 *buf = NULL; 380 *bufLen = 0; 381 382 /* open file (read-only binary) */ 383 f = XFOPEN(fname, "rb"); 384 if (!f) { 385 WOLFSSL_MSG("wc_LoadFile file load error"); 386 return BAD_PATH_ERROR; 387 } 388 389 XFSEEK(f, 0, XSEEK_END); 390 fileSz = XFTELL(f); 391 XREWIND(f); 392 if (fileSz > 0) { 393 *bufLen = fileSz; 394 *buf = (byte*)XMALLOC(*bufLen, heap, DYNAMIC_TYPE_TMP_BUFFER); 395 if (*buf == NULL) { 396 WOLFSSL_MSG("wc_LoadFile memory error"); 397 ret = MEMORY_E; 398 } 399 else { 400 size_t readLen = XFREAD(*buf, 1, *bufLen, f); 401 402 /* check response code */ 403 ret = (readLen == *bufLen) ? 0 : -1; 404 } 405 } 406 else { 407 ret = BUFFER_E; 408 } 409 XFCLOSE(f); 410 411 (void)heap; 412 413 return ret; 414 } 415 416 #if !defined(NO_WOLFSSL_DIR) && \ 417 !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) 319 418 320 419 /* File Handling Helpers */ … … 615 714 } 616 715 617 #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ 716 #endif /* !NO_WOLFSSL_DIR */ 717 #endif /* !NO_FILESYSTEM */ 618 718 619 719 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_ZEPHYR) … … 622 722 XFILE file; 623 723 624 file = XMALLOC(sizeof(*file), NULL, DYNAMIC_TYPE_FILE);724 file = (XFILE)XMALLOC(sizeof(*file), NULL, DYNAMIC_TYPE_FILE); 625 725 if (file != NULL) { 626 726 if (fs_open(file, filename) != 0) { … … 648 748 #endif /* !NO_FILESYSTEM && !WOLFSSL_ZEPHYR */ 649 749 650 750 #if !defined(WOLFSSL_USER_MUTEX) 651 751 wolfSSL_Mutex* wc_InitAndAllocMutex(void) 652 752 { … … 666 766 return m; 667 767 } 768 #endif 668 769 669 770 #ifdef USE_WOLF_STRTOK … … 753 854 static int wcCryptHwMutexInit = 0; 754 855 755 int wolfSSL_CryptHwMutexInit(void) { 856 int wolfSSL_CryptHwMutexInit(void) 857 { 756 858 int ret = 0; 757 if (wcCryptHwMutexInit == 0) {859 if (wcCryptHwMutexInit == 0) { 758 860 ret = wc_InitMutex(&wcCryptHwMutex); 759 if (ret == 0) {861 if (ret == 0) { 760 862 wcCryptHwMutexInit = 1; 761 863 } … … 763 865 return ret; 764 866 } 765 766 int wolfSSL_CryptHwMutexLock(void){867 int wolfSSL_CryptHwMutexLock(void) 868 { 767 869 int ret = BAD_MUTEX_E; 768 769 870 /* Make sure HW Mutex has been initialized */ 770 wolfSSL_CryptHwMutexInit(); 771 772 if(wcCryptHwMutexInit) { 871 ret = wolfSSL_CryptHwMutexInit(); 872 if (ret == 0) { 773 873 ret = wc_LockMutex(&wcCryptHwMutex); 774 874 } 775 875 return ret; 776 876 } 777 778 int wolfSSL_CryptHwMutexUnLock(void){877 int wolfSSL_CryptHwMutexUnLock(void) 878 { 779 879 int ret = BAD_MUTEX_E; 780 781 if(wcCryptHwMutexInit) { 880 if (wcCryptHwMutexInit) { 782 881 ret = wc_UnLockMutex(&wcCryptHwMutex); 783 882 } … … 886 985 } 887 986 987 #elif defined(RTTHREAD) 988 989 int wc_InitMutex(wolfSSL_Mutex* m) 990 { 991 int iReturn; 992 993 *m = ( wolfSSL_Mutex ) rt_mutex_create("mutex",RT_IPC_FLAG_FIFO); 994 if( *m != NULL ) 995 iReturn = 0; 996 else 997 iReturn = BAD_MUTEX_E; 998 999 1000 return iReturn; 1001 } 1002 1003 int wc_FreeMutex(wolfSSL_Mutex* m) 1004 { 1005 rt_mutex_delete( *m ); 1006 return 0; 1007 } 1008 1009 1010 int wc_LockMutex(wolfSSL_Mutex* m) 1011 { 1012 /* Assume an infinite block, or should there be zero block? */ 1013 return rt_mutex_take( *m, RT_WAITING_FOREVER ); 1014 } 1015 1016 int wc_UnLockMutex(wolfSSL_Mutex* m) 1017 { 1018 return rt_mutex_release( *m ); 1019 } 1020 888 1021 #elif defined(WOLFSSL_SAFERTOS) 889 1022 … … 980 1113 else 981 1114 return BAD_MUTEX_E; 1115 } 1116 1117 #elif defined(WOLFSSL_KTHREADS) 1118 1119 /* Linux kernel mutex routines are voids, alas. */ 1120 1121 int wc_InitMutex(wolfSSL_Mutex* m) 1122 { 1123 mutex_init(m); 1124 return 0; 1125 } 1126 1127 int wc_FreeMutex(wolfSSL_Mutex* m) 1128 { 1129 mutex_destroy(m); 1130 return 0; 1131 } 1132 1133 int wc_LockMutex(wolfSSL_Mutex* m) 1134 { 1135 mutex_lock(m); 1136 return 0; 1137 } 1138 1139 1140 int wc_UnLockMutex(wolfSSL_Mutex* m) 1141 { 1142 mutex_unlock(m); 1143 return 0; 982 1144 } 983 1145 … … 1126 1288 1127 1289 #elif defined(MICRIUM) 1290 #if (OS_VERSION < 50000) 1291 #define MICRIUM_ERR_TYPE OS_ERR 1292 #define MICRIUM_ERR_NONE OS_ERR_NONE 1293 #define MICRIUM_ERR_CODE(err) err 1294 #else 1295 #define MICRIUM_ERR_TYPE RTOS_ERR 1296 #define MICRIUM_ERR_NONE RTOS_ERR_NONE 1297 #define MICRIUM_ERR_CODE(err) RTOS_ERR_CODE_GET(err) 1298 #endif 1128 1299 1129 1300 int wc_InitMutex(wolfSSL_Mutex* m) 1130 1301 { 1131 OS_ERRerr;1302 MICRIUM_ERR_TYPE err; 1132 1303 1133 1304 OSMutexCreate(m, "wolfSSL Mutex", &err); 1134 1305 1135 if ( err == OS_ERR_NONE)1306 if (MICRIUM_ERR_CODE(err) == MICRIUM_ERR_NONE) 1136 1307 return 0; 1137 1308 else … … 1142 1313 { 1143 1314 #if (OS_CFG_MUTEX_DEL_EN == DEF_ENABLED) 1144 OS_ERRerr;1315 MICRIUM_ERR_TYPE err; 1145 1316 1146 1317 OSMutexDel(m, OS_OPT_DEL_ALWAYS, &err); 1147 1318 1148 if ( err == OS_ERR_NONE)1319 if (MICRIUM_ERR_CODE(err) == MICRIUM_ERR_NONE) 1149 1320 return 0; 1150 1321 else 1151 1322 return BAD_MUTEX_E; 1152 1323 #else 1324 (void)m; 1153 1325 return 0; 1154 1326 #endif … … 1157 1329 int wc_LockMutex(wolfSSL_Mutex* m) 1158 1330 { 1159 OS_ERRerr;1331 MICRIUM_ERR_TYPE err; 1160 1332 1161 1333 OSMutexPend(m, 0, OS_OPT_PEND_BLOCKING, NULL, &err); 1162 1334 1163 if ( err == OS_ERR_NONE)1335 if (MICRIUM_ERR_CODE(err) == MICRIUM_ERR_NONE) 1164 1336 return 0; 1165 1337 else … … 1169 1341 int wc_UnLockMutex(wolfSSL_Mutex* m) 1170 1342 { 1171 OS_ERRerr;1343 MICRIUM_ERR_TYPE err; 1172 1344 1173 1345 OSMutexPost(m, OS_OPT_POST_NONE, &err); 1174 1346 1175 if ( err == OS_ERR_NONE)1347 if (MICRIUM_ERR_CODE(err) == MICRIUM_ERR_NONE) 1176 1348 return 0; 1177 1349 else … … 1846 2018 } 1847 2019 2020 #elif defined(WOLFSSL_USER_MUTEX) 2021 2022 /* Use user own mutex */ 2023 2024 /* 2025 int wc_InitMutex(wolfSSL_Mutex* m) { ... } 2026 int wc_FreeMutex(wolfSSL_Mutex *m) { ... } 2027 int wc_LockMutex(wolfSSL_Mutex *m) { ... } 2028 int wc_UnLockMutex(wolfSSL_Mutex *m) { ... } 2029 */ 2030 1848 2031 #else 1849 2032 #warning No mutex handling defined … … 1937 2120 1938 2121 ret->tm_mday = (int)++dayno; 2122 #ifndef WOLFSSL_LINUXKM 1939 2123 ret->tm_isdst = 0; 2124 #endif 1940 2125 1941 2126 return ret; … … 1979 2164 DWORD sec = 0; 1980 2165 #else 1981 uint32_tsec = 0;2166 word32 sec = 0; 1982 2167 #endif 1983 2168 time_t localTime; … … 2002 2187 time_t deos_time(time_t* timer) 2003 2188 { 2004 const uint32_tsystemTickTimeInHz = 1000000 / systemTickInMicroseconds();2005 uint32_t*systemTickPtr = systemTickPointer();2189 const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); 2190 word32 *systemTickPtr = systemTickPointer(); 2006 2191 2007 2192 if (timer != NULL) … … 2071 2256 #include "xrtcpsu.h" 2072 2257 2073 time_t XTIME(time_t * timer)2258 time_t xilinx_time(time_t * timer) 2074 2259 { 2075 2260 time_t sec = 0; … … 2180 2365 #endif /* !NO_CRYPT_BENCHMARK */ 2181 2366 #endif /* WOLFSSL_TELIT_M2MB */ 2367 2368 2369 #if defined(WOLFSSL_LINUXKM) 2370 time_t time(time_t * timer) 2371 { 2372 time_t ret; 2373 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) 2374 struct timespec ts; 2375 getnstimeofday(&ts); 2376 ret = ts.tv_sec * 1000000000LL + ts.tv_nsec; 2377 #else 2378 ret = ktime_get_real_seconds(); 2379 #endif 2380 if (timer) 2381 *timer = ret; 2382 return ret; 2383 } 2384 #endif /* WOLFSSL_LINUXKM */ 2182 2385 2183 2386 #endif /* !NO_ASN_TIME */ … … 2262 2465 #endif /* WOLFSSL_NUCLEUS_1_2 */ 2263 2466 2467 #ifdef WOLFSSL_LINUXKM 2468 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) 2469 /* adapted from kvrealloc() draft by Changli Gao, 2010-05-13 */ 2470 void *lkm_realloc(void *ptr, size_t newsize) { 2471 void *nptr; 2472 size_t oldsize; 2473 2474 if (unlikely(newsize == 0)) { 2475 kvfree(ptr); 2476 return ZERO_SIZE_PTR; 2477 } 2478 2479 if (unlikely(ptr == NULL)) 2480 return kvmalloc(newsize, GFP_KERNEL); 2481 2482 if (is_vmalloc_addr(ptr)) { 2483 /* no way to discern the size of the old allocation, 2484 * because the kernel doesn't export find_vm_area(). if 2485 * it did, we could then call get_vm_area_size() on the 2486 * returned struct vm_struct. 2487 */ 2488 return NULL; 2489 } else { 2490 struct page *page; 2491 2492 page = virt_to_head_page(ptr); 2493 if (PageSlab(page) || PageCompound(page)) { 2494 if (newsize < PAGE_SIZE) 2495 return krealloc(ptr, newsize, GFP_KERNEL); 2496 oldsize = ksize(ptr); 2497 } else { 2498 oldsize = page->private; 2499 if (newsize <= oldsize) 2500 return ptr; 2501 } 2502 } 2503 2504 nptr = kvmalloc(newsize, GFP_KERNEL); 2505 if (nptr != NULL) { 2506 memcpy(nptr, ptr, oldsize); 2507 kvfree(ptr); 2508 } 2509 2510 return nptr; 2511 } 2512 #endif /* >= 4.12 */ 2513 #endif /* WOLFSSL_LINUXKM */ 2514 2264 2515 #if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH) 2265 2516 #include <wolfcrypt/src/port/ti/ti-ccm.c> /* initialize and Mutex for TI Crypt Engine */ -
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/wolfmath.c
r457 r464 72 72 73 73 74 #if !defined(WOLFSSL_SP_MATH)75 74 int get_digit_count(mp_int* a) 76 75 { … … 80 79 return a->used; 81 80 } 82 #endif83 81 84 82 mp_digit get_digit(mp_int* a, int n) … … 90 88 } 91 89 90 #if defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY) 92 91 /* Conditionally copy a into b. Performed in constant time. 93 92 * … … 102 101 int err = MP_OKAY; 103 102 int i; 103 #if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 8 104 unsigned int mask = (unsigned int)0 - copy; 105 #else 104 106 mp_digit mask = (mp_digit)0 - copy; 107 #endif 105 108 106 109 if (a == NULL || b == NULL) … … 124 127 } 125 128 b->used ^= (a->used ^ b->used) & (int)mask; 126 } 127 128 return err; 129 } 129 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ 130 defined(WOLFSSL_SP_INT_NEGATIVE) 131 b->sign ^= (a->sign ^ b->sign) & (int)mask; 132 #endif 133 } 134 135 return err; 136 } 137 #endif 130 138 131 139 #ifndef WC_NO_RNG … … 147 155 ret = MISSING_RNG_E; 148 156 } 149 else if (a == NULL ) {157 else if (a == NULL || digits == 0) { 150 158 ret = BAD_FUNC_ARG; 151 159 } … … 157 165 } 158 166 #else 159 #if defined(WOLFSSL_SP_MATH) 167 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) 160 168 if ((ret == MP_OKAY) && (digits > SP_INT_DIGITS)) 161 169 #else … … 194 202 #endif 195 203 204 #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT) 196 205 /* export an mp_int as unsigned char or hex string 197 206 * encType is WC_TYPE_UNSIGNED_BIN or WC_TYPE_HEX_STR … … 227 236 return err; 228 237 } 238 #endif 229 239 230 240
Note:
See TracChangeset
for help on using the changeset viewer.