- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/ecc.c
r352 r372 94 94 95 95 96 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 97 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ 98 #define FIPS_NO_WRAPPERS 99 100 #ifdef USE_WINDOWS_API 101 #pragma code_seg(".fipsA$f") 102 #pragma const_seg(".fipsB$f") 103 #endif 104 #endif 105 96 106 #include <wolfssl/wolfcrypt/ecc.h> 97 107 #include <wolfssl/wolfcrypt/asn.h> … … 113 123 #endif 114 124 125 #ifdef WOLF_CRYPTO_DEV 126 #include <wolfssl/wolfcrypt/cryptodev.h> 127 #endif 128 115 129 #ifdef NO_INLINE 116 130 #include <wolfssl/wolfcrypt/misc.h> … … 124 138 #endif 125 139 126 #ifdef USE_FAST_MATH 140 #ifdef WOLFSSL_SP_MATH 141 #define GEN_MEM_ERR MP_MEM 142 #elif defined(USE_FAST_MATH) 127 143 #define GEN_MEM_ERR FP_MEM 128 144 #else … … 186 202 #endif 187 203 188 189 204 /* The encoded OID's for ECC curves */ 190 205 #ifdef ECC112 191 206 #ifndef NO_ECC_SECP 192 static const ecc_oid_t ecc_oid_secp112r1[] = {193 207 #ifdef HAVE_OID_ENCODING 194 1,3,132,0,6 208 #define CODED_SECP112R1 {1,3,132,0,6} 209 #define CODED_SECP112R1_SZ 5 195 210 #else 196 0x2B,0x81,0x04,0x00,0x06 211 #define CODED_SECP112R1 {0x2B,0x81,0x04,0x00,0x06} 212 #define CODED_SECP112R1_SZ 5 197 213 #endif 198 }; 214 #ifndef USE_WINDOWS_API 215 static const ecc_oid_t ecc_oid_secp112r1[] = CODED_SECP112R1; 216 #else 217 #define ecc_oid_secp112r1 CODED_SECP112R1 218 #endif 219 #define ecc_oid_secp112r1_sz CODED_SECP112R1_SZ 199 220 #endif /* !NO_ECC_SECP */ 200 221 #ifdef HAVE_ECC_SECPR2 201 static const ecc_oid_t ecc_oid_secp112r2[] = {202 222 #ifdef HAVE_OID_ENCODING 203 1,3,132,0,7 223 #define CODED_SECP112R2 {1,3,132,0,7} 224 #define CODED_SECP112R2_SZ 5 204 225 #else 205 0x2B,0x81,0x04,0x00,0x07 226 #define CODED_SECP112R2 {0x2B,0x81,0x04,0x00,0x07} 227 #define CODED_SECP112R2_SZ 5 206 228 #endif 207 }; 229 #ifndef USE_WINDOWS_API 230 static const ecc_oid_t ecc_oid_secp112r2[] = CODED_SECP112R2; 231 #else 232 #define ecc_oid_secp112r2 CODED_SECP112R2 233 #endif 234 #define ecc_oid_secp112r2_sz CODED_SECP112R2_SZ 208 235 #endif /* HAVE_ECC_SECPR2 */ 209 236 #endif /* ECC112 */ 210 237 #ifdef ECC128 211 238 #ifndef NO_ECC_SECP 212 static const ecc_oid_t ecc_oid_secp128r1[] = {213 239 #ifdef HAVE_OID_ENCODING 214 1,3,132,0,28 240 #define CODED_SECP128R1 {1,3,132,0,28} 241 #define CODED_SECP128R1_SZ 5 215 242 #else 216 0x2B,0x81,0x04,0x00,0x1C 243 #define CODED_SECP128R1 {0x2B,0x81,0x04,0x00,0x1C} 244 #define CODED_SECP128R1_SZ 5 217 245 #endif 218 }; 246 #ifndef USE_WINDOWS_API 247 static const ecc_oid_t ecc_oid_secp128r1[] = CODED_SECP128R1; 248 #else 249 #define ecc_oid_secp128r1 CODED_SECP128R1 250 #endif 251 #define ecc_oid_secp128r1_sz CODED_SECP128R1_SZ 219 252 #endif /* !NO_ECC_SECP */ 220 253 #ifdef HAVE_ECC_SECPR2 221 static const ecc_oid_t ecc_oid_secp128r2[] = {222 254 #ifdef HAVE_OID_ENCODING 223 1,3,132,0,29 255 #define CODED_SECP128R2 {1,3,132,0,29} 256 #define CODED_SECP128R2_SZ 5 224 257 #else 225 0x2B,0x81,0x04,0x00,0x1D 258 #define CODED_SECP128R2 {0x2B,0x81,0x04,0x00,0x1D} 259 #define CODED_SECP128R2_SZ 5 226 260 #endif 227 }; 261 #ifndef USE_WINDOWS_API 262 static const ecc_oid_t ecc_oid_secp128r2[] = CODED_SECP128R2; 263 #else 264 #define ecc_oid_secp128r2 CODED_SECP128R2 265 #endif 266 #define ecc_oid_secp128r2_sz CODED_SECP128R2_SZ 228 267 #endif /* HAVE_ECC_SECPR2 */ 229 268 #endif /* ECC128 */ 230 269 #ifdef ECC160 231 270 #ifndef NO_ECC_SECP 232 static const ecc_oid_t ecc_oid_secp160r1[] = {233 271 #ifdef HAVE_OID_ENCODING 234 1,3,132,0,8 272 #define CODED_SECP160R1 {1,3,132,0,8} 273 #define CODED_SECP160R1_SZ 5 235 274 #else 236 0x2B,0x81,0x04,0x00,0x08 275 #define CODED_SECP160R1 {0x2B,0x81,0x04,0x00,0x08} 276 #define CODED_SECP160R1_SZ 5 237 277 #endif 238 }; 278 #ifndef USE_WINDOWS_API 279 static const ecc_oid_t ecc_oid_secp160r1[] = CODED_SECP160R1; 280 #else 281 #define ecc_oid_secp160r1 CODED_SECP160R1 282 #endif 283 #define ecc_oid_secp160r1_sz CODED_SECP160R1_SZ 239 284 #endif /* !NO_ECC_SECP */ 240 285 #ifdef HAVE_ECC_SECPR2 241 static const ecc_oid_t ecc_oid_secp160r2[] = {242 286 #ifdef HAVE_OID_ENCODING 243 1,3,132,0,30 287 #define CODED_SECP160R2 {1,3,132,0,30} 288 #define CODED_SECP160R1_SZ 5 244 289 #else 245 0x2B,0x81,0x04,0x00,0x1E 290 #define CODED_SECP160R2 {0x2B,0x81,0x04,0x00,0x1E} 291 #define CODED_SECP160R2_SZ 5 246 292 #endif 247 }; 293 #ifndef USE_WINDOWS_API 294 static const ecc_oid_t ecc_oid_secp160r2[] = CODED_SECP160R2; 295 #else 296 #define ecc_oid_secp160r2 CODED_SECP160R2 297 #endif 298 #define ecc_oid_secp160r2_sz CODED_SECP160R2_SZ 248 299 #endif /* HAVE_ECC_SECPR2 */ 249 300 #ifdef HAVE_ECC_KOBLITZ 250 static const ecc_oid_t ecc_oid_secp160k1[] = {251 301 #ifdef HAVE_OID_ENCODING 252 1,3,132,0,9 302 #define CODED_SECP160K1 {1,3,132,0,9} 303 #define CODED_SECP160K1_SZ 5 253 304 #else 254 0x2B,0x81,0x04,0x00,0x09 305 #define CODED_SECP160K1 {0x2B,0x81,0x04,0x00,0x09} 306 #define CODED_SECP160K1_SZ 5 255 307 #endif 256 }; 308 #ifndef USE_WINDOWS_API 309 static const ecc_oid_t ecc_oid_secp160k1[] = CODED_SECP160K1; 310 #else 311 #define ecc_oid_secp160k1 CODED_SECP160K1 312 #endif 313 #define ecc_oid_secp160k1_sz CODED_SECP160K1_SZ 257 314 #endif /* HAVE_ECC_KOBLITZ */ 258 315 #ifdef HAVE_ECC_BRAINPOOL 259 static const ecc_oid_t ecc_oid_brainpoolp160r1[] = {260 316 #ifdef HAVE_OID_ENCODING 261 1,3,36,3,3,2,8,1,1,1 317 #define CODED_BRAINPOOLP160R1 {1,3,36,3,3,2,8,1,1,1} 318 #define CODED_BRAINPOOLP160R1_SZ 10 262 319 #else 263 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01 320 #define CODED_BRAINPOOLP160R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01} 321 #define CODED_BRAINPOOLP160R1_SZ 9 264 322 #endif 265 }; 323 #ifndef USE_WINDOWS_API 324 static const ecc_oid_t ecc_oid_brainpoolp160r1[] = CODED_BRAINPOOLP160R1; 325 #else 326 #define ecc_oid_brainpoolp160r1 CODED_BRAINPOOLP160R1 327 #endif 328 #define ecc_oid_brainpoolp160r1_sz CODED_BRAINPOOLP160R1_SZ 266 329 #endif /* HAVE_ECC_BRAINPOOL */ 267 330 #endif /* ECC160 */ 268 331 #ifdef ECC192 269 332 #ifndef NO_ECC_SECP 270 static const ecc_oid_t ecc_oid_secp192r1[] = {271 333 #ifdef HAVE_OID_ENCODING 272 1,2,840,10045,3,1,1 334 #define CODED_SECP192R1 {1,2,840,10045,3,1,1} 335 #define CODED_SECP192R1_SZ 7 273 336 #else 274 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01 337 #define CODED_SECP192R1 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01} 338 #define CODED_SECP192R1_SZ 8 275 339 #endif 276 }; 340 #ifndef USE_WINDOWS_API 341 static const ecc_oid_t ecc_oid_secp192r1[] = CODED_SECP192R1; 342 #else 343 #define ecc_oid_secp192r1 CODED_SECP192R1 344 #endif 345 #define ecc_oid_secp192r1_sz CODED_SECP192R1_SZ 277 346 #endif /* !NO_ECC_SECP */ 278 347 #ifdef HAVE_ECC_SECPR2 279 static const ecc_oid_t ecc_oid_prime192v2[] = {280 348 #ifdef HAVE_OID_ENCODING 281 1,2,840,10045,3,1,2 349 #define CODED_PRIME192V2 {1,2,840,10045,3,1,2} 350 #define CODED_PRIME192V2_SZ 7 282 351 #else 283 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02 352 #define CODED_PRIME192V2 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02} 353 #define CODED_PRIME192V2_SZ 8 284 354 #endif 285 }; 355 #ifndef USE_WINDOWS_API 356 static const ecc_oid_t ecc_oid_prime192v2[] = CODED_PRIME192V2; 357 #else 358 #define ecc_oid_prime192v2 CODED_PRIME192V2 359 #endif 360 #define ecc_oid_prime192v2_sz CODED_PRIME192V2_SZ 286 361 #endif /* HAVE_ECC_SECPR2 */ 287 362 #ifdef HAVE_ECC_SECPR3 288 static const ecc_oid_t ecc_oid_prime192v3[] = {289 363 #ifdef HAVE_OID_ENCODING 290 1,2,840,10045,3,1,3 364 #define CODED_PRIME192V3 {1,2,840,10045,3,1,3} 365 #define CODED_PRIME192V3_SZ 7 291 366 #else 292 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03 367 #define CODED_PRIME192V3 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03} 368 #define CODED_PRIME192V3_SZ 8 293 369 #endif 294 }; 370 #ifndef USE_WINDOWS_API 371 static const ecc_oid_t ecc_oid_prime192v3[] = CODED_PRIME192V3; 372 #else 373 #define ecc_oid_prime192v3 CODED_PRIME192V3 374 #endif 375 #define ecc_oid_prime192v3_sz CODED_PRIME192V3_SZ 295 376 #endif /* HAVE_ECC_SECPR3 */ 296 377 #ifdef HAVE_ECC_KOBLITZ 297 static const ecc_oid_t ecc_oid_secp192k1[] = {298 378 #ifdef HAVE_OID_ENCODING 299 1,3,132,0,31 379 #define CODED_SECP192K1 {1,3,132,0,31} 380 #define CODED_SECP192K1_SZ 5 300 381 #else 301 0x2B,0x81,0x04,0x00,0x1F 382 #define CODED_SECP192K1 {0x2B,0x81,0x04,0x00,0x1F} 383 #define CODED_SECP192K1_SZ 5 302 384 #endif 303 }; 385 #ifndef USE_WINDOWS_API 386 static const ecc_oid_t ecc_oid_secp192k1[] = CODED_SECP192K1; 387 #else 388 #define ecc_oid_secp192k1 CODED_SECP192K1 389 #endif 390 #define ecc_oid_secp192k1_sz CODED_SECP192K1_SZ 304 391 #endif /* HAVE_ECC_KOBLITZ */ 305 392 #ifdef HAVE_ECC_BRAINPOOL 306 static const ecc_oid_t ecc_oid_brainpoolp192r1[] = {307 393 #ifdef HAVE_OID_ENCODING 308 1,3,36,3,3,2,8,1,1,3 394 #define CODED_BRAINPOOLP192R1 {1,3,36,3,3,2,8,1,1,3} 395 #define CODED_BRAINPOOLP192R1_SZ 10 309 396 #else 310 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03 397 #define CODED_BRAINPOOLP192R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03} 398 #define CODED_BRAINPOOLP192R1_SZ 9 311 399 #endif 312 }; 400 #ifndef USE_WINDOWS_API 401 static const ecc_oid_t ecc_oid_brainpoolp192r1[] = CODED_BRAINPOOLP192R1; 402 #else 403 #define ecc_oid_brainpoolp192r1 CODED_BRAINPOOLP192R1 404 #endif 405 #define ecc_oid_brainpoolp192r1_sz CODED_BRAINPOOLP192R1_SZ 313 406 #endif /* HAVE_ECC_BRAINPOOL */ 314 407 #endif /* ECC192 */ 315 408 #ifdef ECC224 316 409 #ifndef NO_ECC_SECP 317 static const ecc_oid_t ecc_oid_secp224r1[] = {318 410 #ifdef HAVE_OID_ENCODING 319 1,3,132,0,33 411 #define CODED_SECP224R1 {1,3,132,0,33} 412 #define CODED_SECP224R1_SZ 5 320 413 #else 321 0x2B,0x81,0x04,0x00,0x21 414 #define CODED_SECP224R1 {0x2B,0x81,0x04,0x00,0x21} 415 #define CODED_SECP224R1_SZ 5 322 416 #endif 323 }; 417 #ifndef USE_WINDOWS_API 418 static const ecc_oid_t ecc_oid_secp224r1[] = CODED_SECP224R1; 419 #else 420 #define ecc_oid_secp224r1 CODED_SECP224R1 421 #endif 422 #define ecc_oid_secp224r1_sz CODED_SECP224R1_SZ 324 423 #endif /* !NO_ECC_SECP */ 325 424 #ifdef HAVE_ECC_KOBLITZ 326 static const ecc_oid_t ecc_oid_secp224k1[] = {327 425 #ifdef HAVE_OID_ENCODING 328 1,3,132,0,32 426 #define CODED_SECP224K1 {1,3,132,0,32} 427 #define CODED_SECP224K1_SZ 5 329 428 #else 330 0x2B,0x81,0x04,0x00,0x20 429 #define CODED_SECP224K1 {0x2B,0x81,0x04,0x00,0x20} 430 #define CODED_SECP224K1_SZ 5 331 431 #endif 332 }; 432 #ifndef USE_WINDOWS_API 433 static const ecc_oid_t ecc_oid_secp224k1[] = CODED_SECP224K1; 434 #else 435 #define ecc_oid_secp224k1 CODED_SECP224K1 436 #endif 437 #define ecc_oid_secp224k1_sz CODED_SECP224K1_SZ 333 438 #endif /* HAVE_ECC_KOBLITZ */ 334 439 #ifdef HAVE_ECC_BRAINPOOL 335 static const ecc_oid_t ecc_oid_brainpoolp224r1[] = {336 440 #ifdef HAVE_OID_ENCODING 337 1,3,36,3,3,2,8,1,1,5 441 #define CODED_BRAINPOOLP224R1 {1,3,36,3,3,2,8,1,1,5} 442 #define CODED_BRAINPOOLP224R1_SZ 10 338 443 #else 339 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05 444 #define CODED_BRAINPOOLP224R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05} 445 #define CODED_BRAINPOOLP224R1_SZ 9 340 446 #endif 341 }; 447 #ifndef USE_WINDOWS_API 448 static const ecc_oid_t ecc_oid_brainpoolp224r1[] = CODED_BRAINPOOLP224R1; 449 #else 450 #define ecc_oid_brainpoolp224r1 CODED_BRAINPOOLP224R1 451 #endif 452 #define ecc_oid_brainpoolp224r1_sz CODED_BRAINPOOLP224R1_SZ 342 453 #endif /* HAVE_ECC_BRAINPOOL */ 343 454 #endif /* ECC224 */ 344 455 #ifdef ECC239 345 456 #ifndef NO_ECC_SECP 346 static const ecc_oid_t ecc_oid_prime239v1[] = {347 457 #ifdef HAVE_OID_ENCODING 348 1,2,840,10045,3,1,4 458 #define CODED_PRIME239V1 {1,2,840,10045,3,1,4} 459 #define CODED_PRIME239V1_SZ 7 349 460 #else 350 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04 461 #define CODED_PRIME239V1 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04} 462 #define CODED_PRIME239V1_SZ 8 351 463 #endif 352 }; 464 #ifndef USE_WINDOWS_API 465 static const ecc_oid_t ecc_oid_prime239v1[] = CODED_PRIME239V1; 466 #else 467 #define ecc_oid_prime239v1 CODED_PRIME239V1 468 #endif 469 #define ecc_oid_prime239v1_sz CODED_PRIME239V1_SZ 353 470 #endif /* !NO_ECC_SECP */ 354 471 #ifdef HAVE_ECC_SECPR2 355 static const ecc_oid_t ecc_oid_prime239v2[] = {356 472 #ifdef HAVE_OID_ENCODING 357 1,2,840,10045,3,1,5 473 #define CODED_PRIME239V2 {1,2,840,10045,3,1,5} 474 #define CODED_PRIME239V2_SZ 7 358 475 #else 359 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05 476 #define CODED_PRIME239V2 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05} 477 #define CODED_PRIME239V2_SZ 8 360 478 #endif 361 }; 479 #ifndef USE_WINDOWS_API 480 static const ecc_oid_t ecc_oid_prime239v2[] = CODED_PRIME239V2; 481 #else 482 #define ecc_oid_prime239v2 CODED_PRIME239V2 483 #endif 484 #define ecc_oid_prime239v2_sz CODED_PRIME239V2_SZ 362 485 #endif /* HAVE_ECC_SECPR2 */ 363 486 #ifdef HAVE_ECC_SECPR3 364 static const ecc_oid_t ecc_oid_prime239v3[] = {365 487 #ifdef HAVE_OID_ENCODING 366 1,2,840,10045,3,1,6 488 #define CODED_PRIME239V3 {1,2,840,10045,3,1,6} 489 #define CODED_PRIME239V3_SZ 7 367 490 #else 368 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06 491 #define CODED_PRIME239V3 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06} 492 #define CODED_PRIME239V3_SZ 8 369 493 #endif 370 }; 494 #ifndef USE_WINDOWS_API 495 static const ecc_oid_t ecc_oid_prime239v3[] = CODED_PRIME239V3; 496 #else 497 #define ecc_oid_prime239v3 CODED_PRIME239V3 498 #endif 499 #define ecc_oid_prime239v3_sz CODED_PRIME239V3_SZ 371 500 #endif /* HAVE_ECC_SECPR3 */ 372 501 #endif /* ECC239 */ 373 502 #ifdef ECC256 374 503 #ifndef NO_ECC_SECP 375 static const ecc_oid_t ecc_oid_secp256r1[] = {376 504 #ifdef HAVE_OID_ENCODING 377 1,2,840,10045,3,1,7 505 #define CODED_SECP256R1 {1,2,840,10045,3,1,7} 506 #define CODED_SECP256R1_SZ 7 378 507 #else 379 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07 508 #define CODED_SECP256R1 {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07} 509 #define CODED_SECP256R1_SZ 8 380 510 #endif 381 }; 511 #ifndef USE_WINDOWS_API 512 static const ecc_oid_t ecc_oid_secp256r1[] = CODED_SECP256R1; 513 #else 514 #define ecc_oid_secp256r1 CODED_SECP256R1 515 #endif 516 #define ecc_oid_secp256r1_sz CODED_SECP256R1_SZ 382 517 #endif /* !NO_ECC_SECP */ 383 518 #ifdef HAVE_ECC_KOBLITZ 384 static const ecc_oid_t ecc_oid_secp256k1[] = {385 519 #ifdef HAVE_OID_ENCODING 386 1,3,132,0,10 520 #define CODED_SECP256K1 {1,3,132,0,10} 521 #define CODED_SECP256K1_SZ 5 387 522 #else 388 0x2B,0x81,0x04,0x00,0x0A 523 #define CODED_SECP256K1 {0x2B,0x81,0x04,0x00,0x0A} 524 #define CODED_SECP256K1_SZ 5 389 525 #endif 390 }; 526 #ifndef USE_WINDOWS_API 527 static const ecc_oid_t ecc_oid_secp256k1[] = CODED_SECP256K1; 528 #else 529 #define ecc_oid_secp256k1 CODED_SECP256K1 530 #endif 531 #define ecc_oid_secp256k1_sz CODED_SECP256K1_SZ 391 532 #endif /* HAVE_ECC_KOBLITZ */ 392 533 #ifdef HAVE_ECC_BRAINPOOL 393 static const ecc_oid_t ecc_oid_brainpoolp256r1[] = {394 534 #ifdef HAVE_OID_ENCODING 395 1,3,36,3,3,2,8,1,1,7 535 #define CODED_BRAINPOOLP256R1 {1,3,36,3,3,2,8,1,1,7} 536 #define CODED_BRAINPOOLP256R1_SZ 10 396 537 #else 397 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 538 #define CODED_BRAINPOOLP256R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07} 539 #define CODED_BRAINPOOLP256R1_SZ 9 398 540 #endif 399 }; 541 #ifndef USE_WINDOWS_API 542 static const ecc_oid_t ecc_oid_brainpoolp256r1[] = CODED_BRAINPOOLP256R1; 543 #else 544 #define ecc_oid_brainpoolp256r1 CODED_BRAINPOOLP256R1 545 #endif 546 #define ecc_oid_brainpoolp256r1_sz CODED_BRAINPOOLP256R1_SZ 400 547 #endif /* HAVE_ECC_BRAINPOOL */ 401 548 #endif /* ECC256 */ 402 549 #ifdef ECC320 403 550 #ifdef HAVE_ECC_BRAINPOOL 404 static const ecc_oid_t ecc_oid_brainpoolp320r1[] = {405 551 #ifdef HAVE_OID_ENCODING 406 1,3,36,3,3,2,8,1,1,9 552 #define CODED_BRAINPOOLP320R1 {1,3,36,3,3,2,8,1,1,9} 553 #define CODED_BRAINPOOLP320R1_SZ 10 407 554 #else 408 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09 555 #define CODED_BRAINPOOLP320R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09} 556 #define CODED_BRAINPOOLP320R1_SZ 9 409 557 #endif 410 }; 558 #ifndef USE_WINDOWS_API 559 static const ecc_oid_t ecc_oid_brainpoolp320r1[] = CODED_BRAINPOOLP320R1; 560 #else 561 #define ecc_oid_brainpoolp320r1 CODED_BRAINPOOLP320R1 562 #endif 563 #define ecc_oid_brainpoolp320r1_sz CODED_BRAINPOOLP320R1_SZ 411 564 #endif /* HAVE_ECC_BRAINPOOL */ 412 565 #endif /* ECC320 */ 413 566 #ifdef ECC384 414 567 #ifndef NO_ECC_SECP 415 static const ecc_oid_t ecc_oid_secp384r1[] = {416 568 #ifdef HAVE_OID_ENCODING 417 1,3,132,0,34 569 #define CODED_SECP384R1 {1,3,132,0,34} 570 #define CODED_SECP384R1_SZ 5 418 571 #else 419 0x2B,0x81,0x04,0x00,0x22 572 #define CODED_SECP384R1 {0x2B,0x81,0x04,0x00,0x22} 573 #define CODED_SECP384R1_SZ 5 420 574 #endif 421 }; 575 #ifndef USE_WINDOWS_API 576 static const ecc_oid_t ecc_oid_secp384r1[] = CODED_SECP384R1; 577 #define CODED_SECP384R1_OID ecc_oid_secp384r1 578 #else 579 #define ecc_oid_secp384r1 CODED_SECP384R1 580 #endif 581 #define ecc_oid_secp384r1_sz CODED_SECP384R1_SZ 422 582 #endif /* !NO_ECC_SECP */ 423 583 #ifdef HAVE_ECC_BRAINPOOL 424 static const ecc_oid_t ecc_oid_brainpoolp384r1[] = {425 584 #ifdef HAVE_OID_ENCODING 426 1,3,36,3,3,2,8,1,1,11 585 #define CODED_BRAINPOOLP384R1 {1,3,36,3,3,2,8,1,1,11} 586 #define CODED_BRAINPOOLP384R1_SZ 10 427 587 #else 428 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B 588 #define CODED_BRAINPOOLP384R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B} 589 #define CODED_BRAINPOOLP384R1_SZ 9 429 590 #endif 430 }; 591 #ifndef USE_WINDOWS_API 592 static const ecc_oid_t ecc_oid_brainpoolp384r1[] = CODED_BRAINPOOLP384R1; 593 #else 594 #define ecc_oid_brainpoolp384r1 CODED_BRAINPOOLP384R1 595 #endif 596 #define ecc_oid_brainpoolp384r1_sz CODED_BRAINPOOLP384R1_SZ 431 597 #endif /* HAVE_ECC_BRAINPOOL */ 432 598 #endif /* ECC384 */ 433 599 #ifdef ECC512 434 600 #ifdef HAVE_ECC_BRAINPOOL 435 static const ecc_oid_t ecc_oid_brainpoolp512r1[] = {436 601 #ifdef HAVE_OID_ENCODING 437 1,3,36,3,3,2,8,1,1,13 602 #define CODED_BRAINPOOLP512R1 {1,3,36,3,3,2,8,1,1,13} 603 #define CODED_BRAINPOOLP512R1_SZ 10 438 604 #else 439 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D 605 #define CODED_BRAINPOOLP512R1 {0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D} 606 #define CODED_BRAINPOOLP512R1_SZ 9 440 607 #endif 441 }; 608 #ifndef USE_WINDOWS_API 609 static const ecc_oid_t ecc_oid_brainpoolp512r1[] = CODED_BRAINPOOLP512R1; 610 #else 611 #define ecc_oid_brainpoolp512r1 CODED_BRAINPOOLP512R1 612 #endif 613 #define ecc_oid_brainpoolp512r1_sz CODED_BRAINPOOLP512R1_SZ 442 614 #endif /* HAVE_ECC_BRAINPOOL */ 443 615 #endif /* ECC512 */ 444 616 #ifdef ECC521 445 617 #ifndef NO_ECC_SECP 446 static const ecc_oid_t ecc_oid_secp521r1[] = {447 618 #ifdef HAVE_OID_ENCODING 448 1,3,132,0,35 619 #define CODED_SECP521R1 {1,3,132,0,35} 620 #define CODED_SECP521R1_SZ 5 449 621 #else 450 0x2B,0x81,0x04,0x00,0x23 622 #define CODED_SECP521R1 {0x2B,0x81,0x04,0x00,0x23} 623 #define CODED_SECP521R1_SZ 5 451 624 #endif 452 }; 625 #ifndef USE_WINDOWS_API 626 static const ecc_oid_t ecc_oid_secp521r1[] = CODED_SECP521R1; 627 #else 628 #define ecc_oid_secp521r1 CODED_SECP521R1 629 #endif 630 #define ecc_oid_secp521r1_sz CODED_SECP521R1_SZ 453 631 #endif /* !NO_ECC_SECP */ 454 632 #endif /* ECC521 */ … … 472 650 "A89CE5AF8724C0A23E0E0FF77500", /* Gy */ 473 651 ecc_oid_secp112r1, /* oid/oidSz */ 474 sizeof(ecc_oid_secp112r1) / sizeof(ecc_oid_t),652 ecc_oid_secp112r1_sz, 475 653 ECC_SECP112R1_OID, /* oid sum */ 476 654 1, /* cofactor */ … … 489 667 "ADCD46F5882E3747DEF36E956E97", /* Gy */ 490 668 ecc_oid_secp112r2, /* oid/oidSz */ 491 sizeof(ecc_oid_secp112r2) / sizeof(ecc_oid_t),669 ecc_oid_secp112r2_sz, 492 670 ECC_SECP112R2_OID, /* oid sum */ 493 671 4, /* cofactor */ … … 508 686 "CF5AC8395BAFEB13C02DA292DDED7A83", /* Gy */ 509 687 ecc_oid_secp128r1, /* oid/oidSz */ 510 sizeof(ecc_oid_secp128r1) / sizeof(ecc_oid_t),688 ecc_oid_secp128r1_sz, 511 689 ECC_SECP128R1_OID, /* oid sum */ 512 690 1, /* cofactor */ … … 525 703 "27B6916A894D3AEE7106FE805FC34B44", /* Gy */ 526 704 ecc_oid_secp128r2, /* oid/oidSz */ 527 sizeof(ecc_oid_secp128r2) / sizeof(ecc_oid_t),705 ecc_oid_secp128r2_sz, 528 706 ECC_SECP128R2_OID, /* oid sum */ 529 707 4, /* cofactor */ … … 544 722 "23A628553168947D59DCC912042351377AC5FB32", /* Gy */ 545 723 ecc_oid_secp160r1, /* oid/oidSz */ 546 sizeof(ecc_oid_secp160r1) / sizeof(ecc_oid_t),724 ecc_oid_secp160r1_sz, 547 725 ECC_SECP160R1_OID, /* oid sum */ 548 726 1, /* cofactor */ … … 561 739 "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", /* Gy */ 562 740 ecc_oid_secp160r2, /* oid/oidSz */ 563 sizeof(ecc_oid_secp160r2) / sizeof(ecc_oid_t),741 ecc_oid_secp160r2_sz, 564 742 ECC_SECP160R2_OID, /* oid sum */ 565 743 1, /* cofactor */ … … 578 756 "938CF935318FDCED6BC28286531733C3F03C4FEE", /* Gy */ 579 757 ecc_oid_secp160k1, /* oid/oidSz */ 580 sizeof(ecc_oid_secp160k1) / sizeof(ecc_oid_t),758 ecc_oid_secp160k1_sz, 581 759 ECC_SECP160K1_OID, /* oid sum */ 582 760 1, /* cofactor */ … … 595 773 "1667CB477A1A8EC338F94741669C976316DA6321", /* Gy */ 596 774 ecc_oid_brainpoolp160r1, /* oid/oidSz */ 597 sizeof(ecc_oid_brainpoolp160r1) / sizeof(ecc_oid_t),775 ecc_oid_brainpoolp160r1_sz, 598 776 ECC_BRAINPOOLP160R1_OID, /* oid sum */ 599 777 1, /* cofactor */ … … 614 792 "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", /* Gy */ 615 793 ecc_oid_secp192r1, /* oid/oidSz */ 616 sizeof(ecc_oid_secp192r1) / sizeof(ecc_oid_t),794 ecc_oid_secp192r1_sz, 617 795 ECC_SECP192R1_OID, /* oid sum */ 618 796 1, /* cofactor */ … … 631 809 "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", /* Gy */ 632 810 ecc_oid_prime192v2, /* oid/oidSz */ 633 sizeof(ecc_oid_prime192v2) / sizeof(ecc_oid_t),811 ecc_oid_prime192v2_sz, 634 812 ECC_PRIME192V2_OID, /* oid sum */ 635 813 1, /* cofactor */ … … 648 826 "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", /* Gy */ 649 827 ecc_oid_prime192v3, /* oid/oidSz */ 650 sizeof(ecc_oid_prime192v3) / sizeof(ecc_oid_t),828 ecc_oid_prime192v3_sz, 651 829 ECC_PRIME192V3_OID, /* oid sum */ 652 830 1, /* cofactor */ … … 665 843 "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", /* Gy */ 666 844 ecc_oid_secp192k1, /* oid/oidSz */ 667 sizeof(ecc_oid_secp192k1) / sizeof(ecc_oid_t),845 ecc_oid_secp192k1_sz, 668 846 ECC_SECP192K1_OID, /* oid sum */ 669 847 1, /* cofactor */ … … 682 860 "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", /* Gy */ 683 861 ecc_oid_brainpoolp192r1, /* oid/oidSz */ 684 sizeof(ecc_oid_brainpoolp192r1) / sizeof(ecc_oid_t),862 ecc_oid_brainpoolp192r1_sz, 685 863 ECC_BRAINPOOLP192R1_OID, /* oid sum */ 686 864 1, /* cofactor */ … … 701 879 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */ 702 880 ecc_oid_secp224r1, /* oid/oidSz */ 703 sizeof(ecc_oid_secp224r1) / sizeof(ecc_oid_t),881 ecc_oid_secp224r1_sz, 704 882 ECC_SECP224R1_OID, /* oid sum */ 705 883 1, /* cofactor */ … … 718 896 "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", /* Gy */ 719 897 ecc_oid_secp224k1, /* oid/oidSz */ 720 sizeof(ecc_oid_secp224k1) / sizeof(ecc_oid_t),898 ecc_oid_secp224k1_sz, 721 899 ECC_SECP224K1_OID, /* oid sum */ 722 900 1, /* cofactor */ … … 735 913 "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", /* Gy */ 736 914 ecc_oid_brainpoolp224r1, /* oid/oidSz */ 737 sizeof(ecc_oid_brainpoolp224r1) / sizeof(ecc_oid_t),915 ecc_oid_brainpoolp224r1_sz, 738 916 ECC_BRAINPOOLP224R1_OID, /* oid sum */ 739 917 1, /* cofactor */ … … 754 932 "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", /* Gy */ 755 933 ecc_oid_prime239v1, /* oid/oidSz */ 756 sizeof(ecc_oid_prime239v1) / sizeof(ecc_oid_t),934 ecc_oid_prime239v1_sz, 757 935 ECC_PRIME239V1_OID, /* oid sum */ 758 936 1, /* cofactor */ … … 771 949 "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", /* Gy */ 772 950 ecc_oid_prime239v2, /* oid/oidSz */ 773 sizeof(ecc_oid_prime239v2) / sizeof(ecc_oid_t),951 ecc_oid_prime239v2_sz, 774 952 ECC_PRIME239V2_OID, /* oid sum */ 775 953 1, /* cofactor */ … … 788 966 "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", /* Gy */ 789 967 ecc_oid_prime239v3, /* oid/oidSz */ 790 sizeof(ecc_oid_prime239v3) / sizeof(ecc_oid_t),968 ecc_oid_prime239v3_sz, 791 969 ECC_PRIME239V3_OID, /* oid sum */ 792 970 1, /* cofactor */ … … 807 985 "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", /* Gy */ 808 986 ecc_oid_secp256r1, /* oid/oidSz */ 809 sizeof(ecc_oid_secp256r1) / sizeof(ecc_oid_t),987 ecc_oid_secp256r1_sz, 810 988 ECC_SECP256R1_OID, /* oid sum */ 811 989 1, /* cofactor */ … … 824 1002 "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", /* Gy */ 825 1003 ecc_oid_secp256k1, /* oid/oidSz */ 826 sizeof(ecc_oid_secp256k1) / sizeof(ecc_oid_t),1004 ecc_oid_secp256k1_sz, 827 1005 ECC_SECP256K1_OID, /* oid sum */ 828 1006 1, /* cofactor */ … … 841 1019 "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */ 842 1020 ecc_oid_brainpoolp256r1, /* oid/oidSz */ 843 sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),1021 ecc_oid_brainpoolp256r1_sz, 844 1022 ECC_BRAINPOOLP256R1_OID, /* oid sum */ 845 1023 1, /* cofactor */ … … 859 1037 "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", /* Gx */ 860 1038 "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", /* Gy */ 861 ecc_oid_brainpoolp320r1, sizeof(ecc_oid_brainpoolp320r1) / sizeof(ecc_oid_t),/* oid/oidSz */1039 ecc_oid_brainpoolp320r1, ecc_oid_brainpoolp320r1_sz, /* oid/oidSz */ 862 1040 ECC_BRAINPOOLP320R1_OID, /* oid sum */ 863 1041 1, /* cofactor */ … … 877 1055 "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", /* Gx */ 878 1056 "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", /* Gy */ 879 ecc_oid_secp384r1, sizeof(ecc_oid_secp384r1) / sizeof(ecc_oid_t),/* oid/oidSz */1057 ecc_oid_secp384r1, ecc_oid_secp384r1_sz, /* oid/oidSz */ 880 1058 ECC_SECP384R1_OID, /* oid sum */ 881 1059 1, /* cofactor */ … … 893 1071 "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", /* Gx */ 894 1072 "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", /* Gy */ 895 ecc_oid_brainpoolp384r1, sizeof(ecc_oid_brainpoolp384r1) / sizeof(ecc_oid_t),/* oid/oidSz */1073 ecc_oid_brainpoolp384r1, ecc_oid_brainpoolp384r1_sz, /* oid/oidSz */ 896 1074 ECC_BRAINPOOLP384R1_OID, /* oid sum */ 897 1075 1, /* cofactor */ … … 911 1089 "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", /* Gx */ 912 1090 "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", /* Gy */ 913 ecc_oid_brainpoolp512r1, sizeof(ecc_oid_brainpoolp512r1) / sizeof(ecc_oid_t),/* oid/oidSz */1091 ecc_oid_brainpoolp512r1, ecc_oid_brainpoolp512r1_sz, /* oid/oidSz */ 914 1092 ECC_BRAINPOOLP512R1_OID, /* oid sum */ 915 1093 1, /* cofactor */ … … 929 1107 "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", /* Gx */ 930 1108 "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", /* Gy */ 931 ecc_oid_secp521r1, sizeof(ecc_oid_secp521r1) / sizeof(ecc_oid_t),/* oid/oidSz */1109 ecc_oid_secp521r1, ecc_oid_secp521r1_sz, /* oid/oidSz */ 932 1110 ECC_SECP521R1_OID, /* oid sum */ 933 1111 1, /* cofactor */ … … 940 1118 1, /* non-zero */ 941 1119 ECC_CURVE_CUSTOM, 942 NULL, NULL, NULL, NULL, NULL, NULL, NULL, 943 NULL, 0, 0, 0 1120 #ifndef USE_WINDOWS_API 1121 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1122 #else 1123 {0},{0},{0},{0},{0},{0},{0},{0}, 1124 #endif 1125 0, 0, 0 944 1126 }, 945 1127 #endif 946 1128 { 947 0, -1, 948 NULL, NULL, NULL, NULL, NULL, NULL, NULL, 949 NULL, 0, 0, 0 1129 0, 1130 ECC_CURVE_INVALID, 1131 #ifndef USE_WINDOWS_API 1132 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1133 #else 1134 {0},{0},{0},{0},{0},{0},{0},{0}, 1135 #endif 1136 0, 0, 0 950 1137 } 951 1138 }; 952 1139 #define ECC_SET_COUNT (sizeof(ecc_sets)/sizeof(ecc_set_type)) 1140 953 1141 954 1142 #ifdef HAVE_OID_ENCODING … … 970 1158 #else 971 1159 1160 #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH) 972 1161 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, 973 1162 mp_int* prime, mp_int* order); 974 #ifdef ECC_SHAMIR975 static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,976 ecc_point* C, mp_int* a, mp_int* modulus, void* heap);977 1163 #endif 978 1164 … … 1038 1224 #endif 1039 1225 1040 #define DECLARE_CURVE_SPECS(intcount) ecc_curve_spec* curve = NULL; 1226 #define DECLARE_CURVE_SPECS(curve, intcount) ecc_curve_spec* curve = NULL 1227 #define ALLOC_CURVE_SPECS(intcount) 1228 #define FREE_CURVE_SPECS() 1229 #elif defined(WOLFSSL_SMALL_STACK) 1230 #define DECLARE_CURVE_SPECS(curve, intcount) \ 1231 mp_int* spec_ints = NULL; \ 1232 ecc_curve_spec curve_lcl; \ 1233 ecc_curve_spec* curve = &curve_lcl; \ 1234 XMEMSET(curve, 0, sizeof(ecc_curve_spec)); \ 1235 curve->spec_count = intcount 1236 1237 #define ALLOC_CURVE_SPECS(intcount) \ 1238 spec_ints = (mp_int*)XMALLOC(sizeof(mp_int) * (intcount), NULL, \ 1239 DYNAMIC_TYPE_ECC); \ 1240 if (spec_ints == NULL) \ 1241 return MEMORY_E; \ 1242 curve->spec_ints = spec_ints 1243 #define FREE_CURVE_SPECS() \ 1244 XFREE(spec_ints, NULL, DYNAMIC_TYPE_ECC) 1041 1245 #else 1042 #define DECLARE_CURVE_SPECS( intcount) \1246 #define DECLARE_CURVE_SPECS(curve, intcount) \ 1043 1247 mp_int spec_ints[(intcount)]; \ 1044 1248 ecc_curve_spec curve_lcl; \ … … 1046 1250 XMEMSET(curve, 0, sizeof(ecc_curve_spec)); \ 1047 1251 curve->spec_ints = spec_ints; \ 1048 curve->spec_count = intcount; 1252 curve->spec_count = intcount 1253 #define ALLOC_CURVE_SPECS(intcount) 1254 #define FREE_CURVE_SPECS() 1049 1255 #endif /* ECC_CACHE_CURVE */ 1050 1256 … … 1100 1306 curve->load_mask |= mask; 1101 1307 1102 err = mp_read_radix(*dst, src, 16);1308 err = mp_read_radix(*dst, src, MP_RADIX_HEX); 1103 1309 1104 1310 #ifdef HAVE_WOLF_BIGINT … … 1169 1375 1170 1376 /* determine items to load */ 1171 load_items = ( ~curve->load_mask& load_mask);1377 load_items = (((byte)~(word32)curve->load_mask) & load_mask); 1172 1378 curve->load_mask |= load_items; 1173 1379 … … 1293 1499 } 1294 1500 1501 1502 #ifdef ALT_ECC_SIZE 1503 static void alt_fp_init(mp_int* a) 1504 { 1505 a->size = FP_SIZE_ECC; 1506 mp_zero(a); 1507 } 1508 #endif /* ALT_ECC_SIZE */ 1509 1510 1295 1511 #ifndef WOLFSSL_ATECC508A 1512 1513 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL) 1296 1514 1297 1515 /** … … 1308 1526 mp_int* a, mp_int* modulus, mp_digit mp) 1309 1527 { 1310 mp_int t1, t2; 1528 #ifndef WOLFSSL_SP_MATH 1529 #ifdef WOLFSSL_SMALL_STACK 1530 mp_int* t1 = NULL; 1531 mp_int* t2 = NULL; 1311 1532 #ifdef ALT_ECC_SIZE 1312 mp_int rx, ry, rz; 1533 mp_int* rx = NULL; 1534 mp_int* ry = NULL; 1535 mp_int* rz = NULL; 1536 #endif 1537 #else 1538 mp_int t1[1], t2[1]; 1539 #ifdef ALT_ECC_SIZE 1540 mp_int rx[1], ry[1], rz[1]; 1541 #endif 1313 1542 #endif 1314 1543 mp_int *x, *y, *z; … … 1326 1555 } 1327 1556 1328 if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 1557 #ifdef WOLFSSL_SMALL_STACK 1558 #ifdef WOLFSSL_SMALL_STACK_CACHE 1559 if (R->key != NULL) { 1560 t1 = R->key->t1; 1561 t2 = R->key->t2; 1562 #ifdef ALT_ECC_SIZE 1563 rx = R->key->x; 1564 ry = R->key->y; 1565 rz = R->key->z; 1566 #endif 1567 } 1568 else 1569 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 1570 { 1571 t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1572 t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1573 if (t1 == NULL || t2 == NULL) { 1574 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1575 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1576 return MEMORY_E; 1577 } 1578 #ifdef ALT_ECC_SIZE 1579 rx = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1580 ry = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1581 rz = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1582 if (rx == NULL || ry == NULL || rz == NULL) { 1583 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1584 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1585 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1586 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1587 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1588 return MEMORY_E; 1589 } 1590 #endif 1591 } 1592 #endif /* WOLFSSL_SMALL_STACK */ 1593 1594 if ((err = mp_init_multi(t1, t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 1595 #ifdef WOLFSSL_SMALL_STACK 1596 #ifdef WOLFSSL_SMALL_STACK_CACHE 1597 if (R->key == NULL) 1598 #endif 1599 { 1600 #ifdef ALT_ECC_SIZE 1601 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1602 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1603 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1604 #endif 1605 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1606 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1607 } 1608 #endif 1329 1609 return err; 1330 1610 } … … 1332 1612 /* should we dbl instead? */ 1333 1613 if (err == MP_OKAY) 1334 err = mp_sub(modulus, Q->y, &t1);1614 err = mp_sub(modulus, Q->y, t1); 1335 1615 if (err == MP_OKAY) { 1336 1616 if ( (mp_cmp(P->x, Q->x) == MP_EQ) && 1337 1617 (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) && 1338 (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) { 1339 mp_clear(&t1); 1340 mp_clear(&t2); 1618 (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, t1) == MP_EQ)) { 1619 mp_clear(t1); 1620 mp_clear(t2); 1621 #ifdef WOLFSSL_SMALL_STACK 1622 #ifdef WOLFSSL_SMALL_STACK_CACHE 1623 if (R->key == NULL) 1624 #endif 1625 { 1626 #ifdef ALT_ECC_SIZE 1627 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1628 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1629 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1630 #endif 1631 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1632 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1633 } 1634 #endif 1341 1635 return ecc_projective_dbl_point(P, R, a, modulus, mp); 1342 1636 } … … 1351 1645 #ifdef ALT_ECC_SIZE 1352 1646 /* Use local stack variable */ 1353 x = ℞1354 y = &ry;1355 z = &rz;1647 x = rx; 1648 y = ry; 1649 z = rz; 1356 1650 1357 1651 if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { … … 1376 1670 if (!mp_iszero(Q->z)) { 1377 1671 /* T1 = Z' * Z' */ 1378 err = mp_sqr(Q->z, &t1);1672 err = mp_sqr(Q->z, t1); 1379 1673 if (err == MP_OKAY) 1380 err = mp_montgomery_reduce( &t1, modulus, mp);1674 err = mp_montgomery_reduce(t1, modulus, mp); 1381 1675 1382 1676 /* X = X * T1 */ 1383 1677 if (err == MP_OKAY) 1384 err = mp_mul( &t1, x, x);1678 err = mp_mul(t1, x, x); 1385 1679 if (err == MP_OKAY) 1386 1680 err = mp_montgomery_reduce(x, modulus, mp); … … 1388 1682 /* T1 = Z' * T1 */ 1389 1683 if (err == MP_OKAY) 1390 err = mp_mul(Q->z, &t1, &t1);1684 err = mp_mul(Q->z, t1, t1); 1391 1685 if (err == MP_OKAY) 1392 err = mp_montgomery_reduce( &t1, modulus, mp);1686 err = mp_montgomery_reduce(t1, modulus, mp); 1393 1687 1394 1688 /* Y = Y * T1 */ 1395 1689 if (err == MP_OKAY) 1396 err = mp_mul( &t1, y, y);1690 err = mp_mul(t1, y, y); 1397 1691 if (err == MP_OKAY) 1398 1692 err = mp_montgomery_reduce(y, modulus, mp); … … 1402 1696 /* T1 = Z*Z */ 1403 1697 if (err == MP_OKAY) 1404 err = mp_sqr(z, &t1);1405 if (err == MP_OKAY) 1406 err = mp_montgomery_reduce( &t1, modulus, mp);1698 err = mp_sqr(z, t1); 1699 if (err == MP_OKAY) 1700 err = mp_montgomery_reduce(t1, modulus, mp); 1407 1701 1408 1702 /* T2 = X' * T1 */ 1409 1703 if (err == MP_OKAY) 1410 err = mp_mul(Q->x, &t1, &t2);1411 if (err == MP_OKAY) 1412 err = mp_montgomery_reduce( &t2, modulus, mp);1704 err = mp_mul(Q->x, t1, t2); 1705 if (err == MP_OKAY) 1706 err = mp_montgomery_reduce(t2, modulus, mp); 1413 1707 1414 1708 /* T1 = Z * T1 */ 1415 1709 if (err == MP_OKAY) 1416 err = mp_mul(z, &t1, &t1);1417 if (err == MP_OKAY) 1418 err = mp_montgomery_reduce( &t1, modulus, mp);1710 err = mp_mul(z, t1, t1); 1711 if (err == MP_OKAY) 1712 err = mp_montgomery_reduce(t1, modulus, mp); 1419 1713 1420 1714 /* T1 = Y' * T1 */ 1421 1715 if (err == MP_OKAY) 1422 err = mp_mul(Q->y, &t1, &t1);1423 if (err == MP_OKAY) 1424 err = mp_montgomery_reduce( &t1, modulus, mp);1716 err = mp_mul(Q->y, t1, t1); 1717 if (err == MP_OKAY) 1718 err = mp_montgomery_reduce(t1, modulus, mp); 1425 1719 1426 1720 /* Y = Y - T1 */ 1427 1721 if (err == MP_OKAY) 1428 err = mp_sub(y, &t1, y);1722 err = mp_sub(y, t1, y); 1429 1723 if (err == MP_OKAY) { 1430 1724 if (mp_isneg(y)) … … 1433 1727 /* T1 = 2T1 */ 1434 1728 if (err == MP_OKAY) 1435 err = mp_add( &t1, &t1, &t1);1729 err = mp_add(t1, t1, t1); 1436 1730 if (err == MP_OKAY) { 1437 if (mp_cmp( &t1, modulus) != MP_LT)1438 err = mp_sub( &t1, modulus, &t1);1731 if (mp_cmp(t1, modulus) != MP_LT) 1732 err = mp_sub(t1, modulus, t1); 1439 1733 } 1440 1734 /* T1 = Y + T1 */ 1441 1735 if (err == MP_OKAY) 1442 err = mp_add( &t1, y, &t1);1736 err = mp_add(t1, y, t1); 1443 1737 if (err == MP_OKAY) { 1444 if (mp_cmp( &t1, modulus) != MP_LT)1445 err = mp_sub( &t1, modulus, &t1);1738 if (mp_cmp(t1, modulus) != MP_LT) 1739 err = mp_sub(t1, modulus, t1); 1446 1740 } 1447 1741 /* X = X - T2 */ 1448 1742 if (err == MP_OKAY) 1449 err = mp_sub(x, &t2, x);1743 err = mp_sub(x, t2, x); 1450 1744 if (err == MP_OKAY) { 1451 1745 if (mp_isneg(x)) … … 1454 1748 /* T2 = 2T2 */ 1455 1749 if (err == MP_OKAY) 1456 err = mp_add( &t2, &t2, &t2);1750 err = mp_add(t2, t2, t2); 1457 1751 if (err == MP_OKAY) { 1458 if (mp_cmp( &t2, modulus) != MP_LT)1459 err = mp_sub( &t2, modulus, &t2);1752 if (mp_cmp(t2, modulus) != MP_LT) 1753 err = mp_sub(t2, modulus, t2); 1460 1754 } 1461 1755 /* T2 = X + T2 */ 1462 1756 if (err == MP_OKAY) 1463 err = mp_add( &t2, x, &t2);1757 err = mp_add(t2, x, t2); 1464 1758 if (err == MP_OKAY) { 1465 if (mp_cmp( &t2, modulus) != MP_LT)1466 err = mp_sub( &t2, modulus, &t2);1759 if (mp_cmp(t2, modulus) != MP_LT) 1760 err = mp_sub(t2, modulus, t2); 1467 1761 } 1468 1762 … … 1484 1778 /* T1 = T1 * X */ 1485 1779 if (err == MP_OKAY) 1486 err = mp_mul( &t1, x, &t1);1487 if (err == MP_OKAY) 1488 err = mp_montgomery_reduce( &t1, modulus, mp);1780 err = mp_mul(t1, x, t1); 1781 if (err == MP_OKAY) 1782 err = mp_montgomery_reduce(t1, modulus, mp); 1489 1783 1490 1784 /* X = X * X */ … … 1496 1790 /* T2 = T2 * x */ 1497 1791 if (err == MP_OKAY) 1498 err = mp_mul( &t2, x, &t2);1499 if (err == MP_OKAY) 1500 err = mp_montgomery_reduce( &t2, modulus, mp);1792 err = mp_mul(t2, x, t2); 1793 if (err == MP_OKAY) 1794 err = mp_montgomery_reduce(t2, modulus, mp); 1501 1795 1502 1796 /* T1 = T1 * X */ 1503 1797 if (err == MP_OKAY) 1504 err = mp_mul( &t1, x, &t1);1505 if (err == MP_OKAY) 1506 err = mp_montgomery_reduce( &t1, modulus, mp);1798 err = mp_mul(t1, x, t1); 1799 if (err == MP_OKAY) 1800 err = mp_montgomery_reduce(t1, modulus, mp); 1507 1801 1508 1802 /* X = Y*Y */ … … 1514 1808 /* X = X - T2 */ 1515 1809 if (err == MP_OKAY) 1516 err = mp_sub(x, &t2, x);1810 err = mp_sub(x, t2, x); 1517 1811 if (err == MP_OKAY) { 1518 1812 if (mp_isneg(x)) … … 1521 1815 /* T2 = T2 - X */ 1522 1816 if (err == MP_OKAY) 1523 err = mp_sub( &t2, x, &t2);1817 err = mp_sub(t2, x, t2); 1524 1818 if (err == MP_OKAY) { 1525 if (mp_isneg( &t2))1526 err = mp_add( &t2, modulus, &t2);1819 if (mp_isneg(t2)) 1820 err = mp_add(t2, modulus, t2); 1527 1821 } 1528 1822 /* T2 = T2 - X */ 1529 1823 if (err == MP_OKAY) 1530 err = mp_sub( &t2, x, &t2);1824 err = mp_sub(t2, x, t2); 1531 1825 if (err == MP_OKAY) { 1532 if (mp_isneg( &t2))1533 err = mp_add( &t2, modulus, &t2);1826 if (mp_isneg(t2)) 1827 err = mp_add(t2, modulus, t2); 1534 1828 } 1535 1829 /* T2 = T2 * Y */ 1536 1830 if (err == MP_OKAY) 1537 err = mp_mul( &t2, y, &t2);1538 if (err == MP_OKAY) 1539 err = mp_montgomery_reduce( &t2, modulus, mp);1831 err = mp_mul(t2, y, t2); 1832 if (err == MP_OKAY) 1833 err = mp_montgomery_reduce(t2, modulus, mp); 1540 1834 1541 1835 /* Y = T2 - T1 */ 1542 1836 if (err == MP_OKAY) 1543 err = mp_sub( &t2, &t1, y);1837 err = mp_sub(t2, t1, y); 1544 1838 if (err == MP_OKAY) { 1545 1839 if (mp_isneg(y)) … … 1566 1860 1567 1861 /* clean up */ 1568 mp_clear(&t1); 1569 mp_clear(&t2); 1862 mp_clear(t1); 1863 mp_clear(t2); 1864 #ifdef WOLFSSL_SMALL_STACK 1865 #ifdef WOLFSSL_SMALL_STACK_CACHE 1866 if (R->key == NULL) 1867 #endif 1868 { 1869 #ifdef ALT_ECC_SIZE 1870 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1871 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1872 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1873 #endif 1874 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1875 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1876 } 1877 #endif 1570 1878 1571 1879 return err; 1880 #else 1881 if (P == NULL || Q == NULL || R == NULL || modulus == NULL) { 1882 return ECC_BAD_ARG_E; 1883 } 1884 1885 (void)a; 1886 (void)mp; 1887 1888 return sp_ecc_proj_add_point_256(P->x, P->y, P->z, Q->x, Q->y, Q->z, 1889 R->x, R->y, R->z); 1890 #endif 1572 1891 } 1573 1892 … … 1602 1921 mp_int* modulus, mp_digit mp) 1603 1922 { 1604 mp_int t1, t2; 1923 #ifndef WOLFSSL_SP_MATH 1924 #ifdef WOLFSSL_SMALL_STACK 1925 mp_int* t1 = NULL; 1926 mp_int* t2 = NULL; 1605 1927 #ifdef ALT_ECC_SIZE 1606 mp_int rx, ry, rz; 1928 mp_int* rx = NULL; 1929 mp_int* ry = NULL; 1930 mp_int* rz = NULL; 1931 #endif 1932 #else 1933 mp_int t1[1], t2[1]; 1934 #ifdef ALT_ECC_SIZE 1935 mp_int rx[1], ry[1], rz[1]; 1936 #endif 1607 1937 #endif 1608 1938 mp_int *x, *y, *z; … … 1612 1942 return ECC_BAD_ARG_E; 1613 1943 1614 if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 1944 #ifdef WOLFSSL_SMALL_STACK 1945 #ifdef WOLFSSL_SMALL_STACK_CACHE 1946 if (R->key != NULL) { 1947 t1 = R->key->t1; 1948 t2 = R->key->t2; 1949 #ifdef ALT_ECC_SIZE 1950 rx = R->key->x; 1951 ry = R->key->y; 1952 rz = R->key->z; 1953 #endif 1954 } 1955 else 1956 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 1957 { 1958 t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1959 t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1960 if (t1 == NULL || t2 == NULL) { 1961 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1962 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1963 return MEMORY_E; 1964 } 1965 #ifdef ALT_ECC_SIZE 1966 rx = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1967 ry = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1968 rz = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 1969 if (rx == NULL || ry == NULL || rz == NULL) { 1970 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1971 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1972 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1973 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1974 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1975 return MEMORY_E; 1976 } 1977 #endif 1978 } 1979 #endif 1980 1981 if ((err = mp_init_multi(t1, t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 1982 #ifdef WOLFSSL_SMALL_STACK 1983 #ifdef WOLFSSL_SMALL_STACK_CACHE 1984 if (R->key == NULL) 1985 #endif 1986 { 1987 #ifdef ALT_ECC_SIZE 1988 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 1989 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 1990 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 1991 #endif 1992 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 1993 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 1994 } 1995 #endif 1615 1996 return err; 1616 1997 } … … 1620 2001 #ifdef ALT_ECC_SIZE 1621 2002 /* Use local stack variable */ 1622 x = ℞1623 y = &ry;1624 z = &rz;2003 x = rx; 2004 y = ry; 2005 z = rz; 1625 2006 1626 2007 if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { 1627 mp_clear(&t1); 1628 mp_clear(&t2); 2008 mp_clear(t1); 2009 mp_clear(t2); 2010 #ifdef WOLFSSL_SMALL_STACK 2011 #ifdef WOLFSSL_SMALL_STACK_CACHE 2012 if (R->key == NULL) 2013 #endif 2014 { 2015 #ifdef ALT_ECC_SIZE 2016 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 2017 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 2018 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 2019 #endif 2020 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2021 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2022 } 2023 #endif 1629 2024 return err; 1630 2025 } … … 1645 2040 /* T1 = Z * Z */ 1646 2041 if (err == MP_OKAY) 1647 err = mp_sqr(z, &t1);1648 if (err == MP_OKAY) 1649 err = mp_montgomery_reduce( &t1, modulus, mp);2042 err = mp_sqr(z, t1); 2043 if (err == MP_OKAY) 2044 err = mp_montgomery_reduce(t1, modulus, mp); 1650 2045 1651 2046 /* Z = Y * Z */ … … 1667 2062 if (err == MP_OKAY) { 1668 2063 /* Use a and prime to determine if a == 3 */ 1669 err = mp_submod(modulus, a, modulus, &t2);1670 } 1671 if (err == MP_OKAY && mp_cmp_d( &t2, 3) != MP_EQ) {2064 err = mp_submod(modulus, a, modulus, t2); 2065 } 2066 if (err == MP_OKAY && mp_cmp_d(t2, 3) != MP_EQ) { 1672 2067 /* use "a" in calc */ 1673 2068 1674 2069 /* T2 = T1 * T1 */ 1675 2070 if (err == MP_OKAY) 1676 err = mp_sqr( &t1, &t2);2071 err = mp_sqr(t1, t2); 1677 2072 if (err == MP_OKAY) 1678 err = mp_montgomery_reduce( &t2, modulus, mp);2073 err = mp_montgomery_reduce(t2, modulus, mp); 1679 2074 /* T1 = T2 * a */ 1680 2075 if (err == MP_OKAY) 1681 err = mp_mulmod( &t2, a, modulus, &t1);2076 err = mp_mulmod(t2, a, modulus, t1); 1682 2077 /* T2 = X * X */ 1683 2078 if (err == MP_OKAY) 1684 err = mp_sqr(x, &t2);2079 err = mp_sqr(x, t2); 1685 2080 if (err == MP_OKAY) 1686 err = mp_montgomery_reduce( &t2, modulus, mp);2081 err = mp_montgomery_reduce(t2, modulus, mp); 1687 2082 /* T1 = T2 + T1 */ 1688 2083 if (err == MP_OKAY) 1689 err = mp_add( &t1, &t2, &t1);2084 err = mp_add(t1, t2, t1); 1690 2085 if (err == MP_OKAY) { 1691 if (mp_cmp( &t1, modulus) != MP_LT)1692 err = mp_sub( &t1, modulus, &t1);2086 if (mp_cmp(t1, modulus) != MP_LT) 2087 err = mp_sub(t1, modulus, t1); 1693 2088 } 1694 2089 /* T1 = T2 + T1 */ 1695 2090 if (err == MP_OKAY) 1696 err = mp_add( &t1, &t2, &t1);2091 err = mp_add(t1, t2, t1); 1697 2092 if (err == MP_OKAY) { 1698 if (mp_cmp( &t1, modulus) != MP_LT)1699 err = mp_sub( &t1, modulus, &t1);2093 if (mp_cmp(t1, modulus) != MP_LT) 2094 err = mp_sub(t1, modulus, t1); 1700 2095 } 1701 2096 /* T1 = T2 + T1 */ 1702 2097 if (err == MP_OKAY) 1703 err = mp_add( &t1, &t2, &t1);2098 err = mp_add(t1, t2, t1); 1704 2099 if (err == MP_OKAY) { 1705 if (mp_cmp( &t1, modulus) != MP_LT)1706 err = mp_sub( &t1, modulus, &t1);2100 if (mp_cmp(t1, modulus) != MP_LT) 2101 err = mp_sub(t1, modulus, t1); 1707 2102 } 1708 2103 } … … 1715 2110 /* T2 = X - T1 */ 1716 2111 if (err == MP_OKAY) 1717 err = mp_sub(x, &t1, &t2);2112 err = mp_sub(x, t1, t2); 1718 2113 if (err == MP_OKAY) { 1719 if (mp_isneg( &t2))1720 err = mp_add( &t2, modulus, &t2);2114 if (mp_isneg(t2)) 2115 err = mp_add(t2, modulus, t2); 1721 2116 } 1722 2117 /* T1 = X + T1 */ 1723 2118 if (err == MP_OKAY) 1724 err = mp_add( &t1, x, &t1);2119 err = mp_add(t1, x, t1); 1725 2120 if (err == MP_OKAY) { 1726 if (mp_cmp( &t1, modulus) != MP_LT)1727 err = mp_sub( &t1, modulus, &t1);2121 if (mp_cmp(t1, modulus) != MP_LT) 2122 err = mp_sub(t1, modulus, t1); 1728 2123 } 1729 2124 /* T2 = T1 * T2 */ 1730 2125 if (err == MP_OKAY) 1731 err = mp_mul( &t1, &t2, &t2);2126 err = mp_mul(t1, t2, t2); 1732 2127 if (err == MP_OKAY) 1733 err = mp_montgomery_reduce( &t2, modulus, mp);2128 err = mp_montgomery_reduce(t2, modulus, mp); 1734 2129 1735 2130 /* T1 = 2T2 */ 1736 2131 if (err == MP_OKAY) 1737 err = mp_add( &t2, &t2, &t1);2132 err = mp_add(t2, t2, t1); 1738 2133 if (err == MP_OKAY) { 1739 if (mp_cmp( &t1, modulus) != MP_LT)1740 err = mp_sub( &t1, modulus, &t1);2134 if (mp_cmp(t1, modulus) != MP_LT) 2135 err = mp_sub(t1, modulus, t1); 1741 2136 } 1742 2137 /* T1 = T1 + T2 */ 1743 2138 if (err == MP_OKAY) 1744 err = mp_add( &t1, &t2, &t1);2139 err = mp_add(t1, t2, t1); 1745 2140 if (err == MP_OKAY) { 1746 if (mp_cmp( &t1, modulus) != MP_LT)1747 err = mp_sub( &t1, modulus, &t1);2141 if (mp_cmp(t1, modulus) != MP_LT) 2142 err = mp_sub(t1, modulus, t1); 1748 2143 } 1749 2144 } … … 1764 2159 /* T2 = Y * Y */ 1765 2160 if (err == MP_OKAY) 1766 err = mp_sqr(y, &t2);1767 if (err == MP_OKAY) 1768 err = mp_montgomery_reduce( &t2, modulus, mp);2161 err = mp_sqr(y, t2); 2162 if (err == MP_OKAY) 2163 err = mp_montgomery_reduce(t2, modulus, mp); 1769 2164 1770 2165 /* T2 = T2/2 */ 1771 2166 if (err == MP_OKAY) { 1772 if (mp_isodd( &t2) == MP_YES)1773 err = mp_add( &t2, modulus, &t2);1774 } 1775 if (err == MP_OKAY) 1776 err = mp_div_2( &t2, &t2);2167 if (mp_isodd(t2) == MP_YES) 2168 err = mp_add(t2, modulus, t2); 2169 } 2170 if (err == MP_OKAY) 2171 err = mp_div_2(t2, t2); 1777 2172 1778 2173 /* Y = Y * X */ … … 1784 2179 /* X = T1 * T1 */ 1785 2180 if (err == MP_OKAY) 1786 err = mp_sqr( &t1, x);2181 err = mp_sqr(t1, x); 1787 2182 if (err == MP_OKAY) 1788 2183 err = mp_montgomery_reduce(x, modulus, mp); … … 1812 2207 /* Y = Y * T1 */ 1813 2208 if (err == MP_OKAY) 1814 err = mp_mul(y, &t1, y);2209 err = mp_mul(y, t1, y); 1815 2210 if (err == MP_OKAY) 1816 2211 err = mp_montgomery_reduce(y, modulus, mp); … … 1818 2213 /* Y = Y - T2 */ 1819 2214 if (err == MP_OKAY) 1820 err = mp_sub(y, &t2, y);2215 err = mp_sub(y, t2, y); 1821 2216 if (err == MP_OKAY) { 1822 2217 if (mp_isneg(y)) … … 1834 2229 1835 2230 /* clean up */ 1836 mp_clear(&t1); 1837 mp_clear(&t2); 2231 mp_clear(t1); 2232 mp_clear(t2); 2233 2234 #ifdef WOLFSSL_SMALL_STACK 2235 #ifdef WOLFSSL_SMALL_STACK_CACHE 2236 if (R->key == NULL) 2237 #endif 2238 { 2239 #ifdef ALT_ECC_SIZE 2240 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 2241 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 2242 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 2243 #endif 2244 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2245 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2246 } 2247 #endif 1838 2248 1839 2249 return err; 2250 #else 2251 if (P == NULL || R == NULL || modulus == NULL) 2252 return ECC_BAD_ARG_E; 2253 2254 (void)a; 2255 (void)mp; 2256 2257 return sp_ecc_proj_dbl_point_256(P->x, P->y, P->z, R->x, R->y, R->z); 2258 #endif 1840 2259 } 1841 2260 … … 1850 2269 int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp) 1851 2270 { 1852 mp_int t1, t2; 2271 #ifndef WOLFSSL_SP_MATH 2272 #ifdef WOLFSSL_SMALL_STACK 2273 mp_int* t1 = NULL; 2274 mp_int* t2 = NULL; 1853 2275 #ifdef ALT_ECC_SIZE 1854 mp_int rx, ry, rz; 1855 #endif 2276 mp_int* rx = NULL; 2277 mp_int* ry = NULL; 2278 mp_int* rz = NULL; 2279 #endif 2280 #else 2281 mp_int t1[1], t2[1]; 2282 #ifdef ALT_ECC_SIZE 2283 mp_int rx[1], ry[1], rz[1]; 2284 #endif 2285 #endif /* WOLFSSL_SMALL_STACK */ 1856 2286 mp_int *x, *y, *z; 1857 2287 int err; … … 1870 2300 } 1871 2301 1872 if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 2302 #ifdef WOLFSSL_SMALL_STACK 2303 #ifdef WOLFSSL_SMALL_STACK_CACHE 2304 if (P->key != NULL) { 2305 t1 = P->key->t1; 2306 t2 = P->key->t2; 2307 #ifdef ALT_ECC_SIZE 2308 rx = P->key->x; 2309 ry = P->key->y; 2310 rz = P->key->z; 2311 #endif 2312 } 2313 else 2314 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2315 { 2316 t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2317 t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2318 if (t1 == NULL || t2 == NULL) { 2319 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2320 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2321 return MEMORY_E; 2322 } 2323 #ifdef ALT_ECC_SIZE 2324 rx = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2325 ry = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2326 rz = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 2327 if (rx == NULL || ry == NULL || rz == NULL) { 2328 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 2329 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 2330 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 2331 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2332 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2333 return MEMORY_E; 2334 } 2335 #endif 2336 } 2337 #endif /* WOLFSSL_SMALL_STACK */ 2338 2339 if ((err = mp_init_multi(t1, t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 2340 #ifdef WOLFSSL_SMALL_STACK 2341 #ifdef WOLFSSL_SMALL_STACK_CACHE 2342 if (P->key == NULL) 2343 #endif 2344 { 2345 #ifdef ALT_ECC_SIZE 2346 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 2347 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 2348 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 2349 #endif 2350 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2351 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2352 } 2353 #endif 1873 2354 return MEMORY_E; 1874 2355 } … … 1876 2357 #ifdef ALT_ECC_SIZE 1877 2358 /* Use local stack variable */ 1878 x = ℞1879 y = &ry;1880 z = &rz;2359 x = rx; 2360 y = ry; 2361 z = rz; 1881 2362 1882 2363 if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { … … 1906 2387 /* get 1/z */ 1907 2388 if (err == MP_OKAY) 1908 err = mp_invmod(z, modulus, &t1);2389 err = mp_invmod(z, modulus, t1); 1909 2390 1910 2391 /* get 1/z^2 and 1/z^3 */ 1911 2392 if (err == MP_OKAY) 1912 err = mp_sqr( &t1, &t2);1913 if (err == MP_OKAY) 1914 err = mp_mod( &t2, modulus, &t2);1915 if (err == MP_OKAY) 1916 err = mp_mul( &t1, &t2, &t1);1917 if (err == MP_OKAY) 1918 err = mp_mod( &t1, modulus, &t1);2393 err = mp_sqr(t1, t2); 2394 if (err == MP_OKAY) 2395 err = mp_mod(t2, modulus, t2); 2396 if (err == MP_OKAY) 2397 err = mp_mul(t1, t2, t1); 2398 if (err == MP_OKAY) 2399 err = mp_mod(t1, modulus, t1); 1919 2400 1920 2401 /* multiply against x/y */ 1921 2402 if (err == MP_OKAY) 1922 err = mp_mul(x, &t2, x);2403 err = mp_mul(x, t2, x); 1923 2404 if (err == MP_OKAY) 1924 2405 err = mp_montgomery_reduce(x, modulus, mp); 1925 2406 if (err == MP_OKAY) 1926 err = mp_mul(y, &t1, y);2407 err = mp_mul(y, t1, y); 1927 2408 if (err == MP_OKAY) 1928 2409 err = mp_montgomery_reduce(y, modulus, mp); … … 1944 2425 1945 2426 /* clean up */ 1946 mp_clear(&t1); 1947 mp_clear(&t2); 2427 mp_clear(t1); 2428 mp_clear(t2); 2429 2430 #ifdef WOLFSSL_SMALL_STACK 2431 #ifdef WOLFSSL_SMALL_STACK_CACHE 2432 if (P->key == NULL) 2433 #endif 2434 { 2435 #ifdef ALT_ECC_SIZE 2436 XFREE(rz, NULL, DYNAMIC_TYPE_ECC); 2437 XFREE(ry, NULL, DYNAMIC_TYPE_ECC); 2438 XFREE(rx, NULL, DYNAMIC_TYPE_ECC); 2439 #endif 2440 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 2441 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 2442 } 2443 #endif 1948 2444 1949 2445 return err; 1950 } 2446 #else 2447 if (P == NULL || modulus == NULL) 2448 return ECC_BAD_ARG_E; 2449 2450 (void)mp; 2451 2452 return sp_ecc_map_256(P->x, P->y, P->z); 2453 #endif 2454 } 2455 2456 #endif /* !WOLFSSL_SP_MATH || WOLFSSL_PUBLIC_ECC_ADD_DBL */ 1951 2457 1952 2458 #if !defined(FREESCALE_LTC_ECC) 1953 2459 2460 #if !defined(FP_ECC) || !defined(WOLFSSL_SP_MATH) 1954 2461 /** 1955 2462 Perform a point multiplication … … 1973 2480 #endif 1974 2481 { 2482 #ifndef WOLFSSL_SP_MATH 1975 2483 #ifndef ECC_TIMING_RESISTANT 1976 2484 /* size of sliding window, don't change this! */ … … 1984 2492 ecc_point *tG, *M[M_POINTS]; 1985 2493 int i, err; 1986 mp_int mu; 2494 #ifdef WOLFSSL_SMALL_STACK 2495 mp_int* mu = NULL; 2496 #ifdef WOLFSSL_SMALL_STACK_CACHE 2497 ecc_key key; 2498 #endif 2499 #else 2500 mp_int mu[1]; 2501 #endif 1987 2502 mp_digit mp; 1988 2503 mp_digit buf; … … 1996 2511 tG = NULL; 1997 2512 XMEMSET(M, 0, sizeof(M)); 2513 #ifdef WOLFSSL_SMALL_STACK 2514 mu = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2515 if (mu == NULL) 2516 return MEMORY_E; 2517 #endif 2518 #ifdef WOLFSSL_SMALL_STACK_CACHE 2519 key.t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2520 key.t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2521 #ifdef ALT_ECC_SIZE 2522 key.x = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2523 key.y = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2524 key.z = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 2525 #endif 2526 if (key.t1 == NULL || key.t2 == NULL 2527 #ifdef ALT_ECC_SIZE 2528 || key.x == NULL || key.y == NULL || key.z == NULL 2529 #endif 2530 ) { 2531 #ifdef ALT_ECC_SIZE 2532 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2533 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2534 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2535 #endif 2536 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2537 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2538 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2539 return MEMORY_E; 2540 } 2541 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 1998 2542 1999 2543 /* init montgomery reduction */ 2000 2544 if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { 2545 #ifdef WOLFSSL_SMALL_STACK_CACHE 2546 #ifdef ALT_ECC_SIZE 2547 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2548 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2549 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2550 #endif 2551 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2552 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2553 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2554 #ifdef WOLFSSL_SMALL_STACK 2555 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2556 #endif 2001 2557 return err; 2002 2558 } 2003 2559 2004 if ((err = mp_init(&mu)) != MP_OKAY) { 2560 if ((err = mp_init(mu)) != MP_OKAY) { 2561 #ifdef WOLFSSL_SMALL_STACK_CACHE 2562 #ifdef ALT_ECC_SIZE 2563 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2564 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2565 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2566 #endif 2567 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2568 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2569 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2570 #ifdef WOLFSSL_SMALL_STACK 2571 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2572 #endif 2005 2573 return err; 2006 2574 } 2007 if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { 2008 mp_clear(&mu); 2575 if ((err = mp_montgomery_calc_normalization(mu, modulus)) != MP_OKAY) { 2576 mp_clear(mu); 2577 #ifdef WOLFSSL_SMALL_STACK_CACHE 2578 #ifdef ALT_ECC_SIZE 2579 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2580 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2581 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2582 #endif 2583 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2584 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2585 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2586 #ifdef WOLFSSL_SMALL_STACK 2587 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2588 #endif 2009 2589 return err; 2010 2590 } … … 2014 2594 M[i] = wc_ecc_new_point_h(heap); 2015 2595 if (M[i] == NULL) { 2016 mp_clear( &mu);2596 mp_clear(mu); 2017 2597 err = MEMORY_E; goto exit; 2018 2598 } 2599 #ifdef WOLFSSL_SMALL_STACK_CACHE 2600 M[i]->key = &key; 2601 #endif 2019 2602 } 2020 2603 … … 2026 2609 /* tG = G and convert to montgomery */ 2027 2610 if (err == MP_OKAY) { 2028 if (mp_cmp_d( &mu, 1) == MP_EQ) {2611 if (mp_cmp_d(mu, 1) == MP_EQ) { 2029 2612 err = mp_copy(G->x, tG->x); 2030 2613 if (err == MP_OKAY) … … 2033 2616 err = mp_copy(G->z, tG->z); 2034 2617 } else { 2035 err = mp_mulmod(G->x, &mu, modulus, tG->x);2618 err = mp_mulmod(G->x, mu, modulus, tG->x); 2036 2619 if (err == MP_OKAY) 2037 err = mp_mulmod(G->y, &mu, modulus, tG->y);2620 err = mp_mulmod(G->y, mu, modulus, tG->y); 2038 2621 if (err == MP_OKAY) 2039 err = mp_mulmod(G->z, &mu, modulus, tG->z);2622 err = mp_mulmod(G->z, mu, modulus, tG->z); 2040 2623 } 2041 2624 } 2042 2625 2043 2626 /* done with mu */ 2044 mp_clear(&mu); 2045 2627 mp_clear(mu); 2628 2629 #ifdef WOLFSSL_SMALL_STACK_CACHE 2630 R->key = &key; 2631 #endif 2046 2632 #ifndef ECC_TIMING_RESISTANT 2047 2633 … … 2305 2891 wc_ecc_del_point_h(M[i], heap); 2306 2892 } 2893 #ifdef WOLFSSL_SMALL_STACK_CACHE 2894 R->key = NULL; 2895 #ifdef ALT_ECC_SIZE 2896 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 2897 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 2898 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 2899 #endif 2900 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 2901 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 2902 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 2903 #ifdef WOLFSSL_SMALL_STACK 2904 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 2905 #endif 2307 2906 2308 2907 return err; 2309 } 2908 #else 2909 if (k == NULL || G == NULL || R == NULL || modulus == NULL) { 2910 return ECC_BAD_ARG_E; 2911 } 2912 2913 (void)a; 2914 2915 return sp_ecc_mulmod_256(k, G, R, map, heap); 2916 #endif 2917 } 2918 2919 #endif /* !FP_ECC || !WOLFSSL_SP_MATH */ 2310 2920 2311 2921 #endif /* !FREESCALE_LTC_ECC */ … … 2327 2937 } 2328 2938 2329 2330 #ifdef ALT_ECC_SIZE 2331 2332 static void alt_fp_init(fp_int* a) 2333 { 2334 a->size = FP_SIZE_ECC; 2335 fp_zero(a); 2336 } 2337 2338 #endif /* ALT_ECC_SIZE */ 2339 2939 #endif /* !WOLFSSL_ATECC508A */ 2340 2940 2341 2941 /** … … 2346 2946 { 2347 2947 ecc_point* p; 2948 2949 (void)heap; 2348 2950 2349 2951 p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); … … 2455 3057 } 2456 3058 2457 #endif /* !WOLFSSL_ATECC508A */2458 2459 3059 2460 3060 /** Returns whether an ECC idx is valid or not … … 2588 3188 { 2589 3189 int err = MP_OKAY; 2590 mp_int a, b; 3190 #ifdef WOLFSSL_SMALL_STACK 3191 mp_int* a = NULL; 3192 mp_int* b = NULL; 3193 #else 3194 mp_int a[1], b[1]; 3195 #endif 2591 3196 2592 3197 if (param == NULL || curveParam == NULL) 2593 3198 return BAD_FUNC_ARG; 2594 3199 2595 if ((err = mp_init_multi(&a, &b, NULL, NULL, NULL, NULL)) != MP_OKAY) 3200 #ifdef WOLFSSL_SMALL_STACK 3201 a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 3202 if (a == NULL) 3203 return MEMORY_E; 3204 b = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 3205 if (b == NULL) { 3206 XFREE(a, NULL, DYNAMIC_TYPE_ECC); 3207 return MEMORY_E; 3208 } 3209 #endif 3210 3211 if ((err = mp_init_multi(a, b, NULL, NULL, NULL, NULL)) != MP_OKAY) { 3212 #ifdef WOLFSSL_SMALL_STACK 3213 XFREE(a, NULL, DYNAMIC_TYPE_ECC); 3214 XFREE(b, NULL, DYNAMIC_TYPE_ECC); 3215 #endif 2596 3216 return err; 3217 } 2597 3218 2598 3219 if (err == MP_OKAY) 2599 err = mp_read_unsigned_bin( &a, param, paramSz);3220 err = mp_read_unsigned_bin(a, param, paramSz); 2600 3221 2601 3222 if (err == MP_OKAY) 2602 err = mp_read_radix( &b, curveParam, 16);3223 err = mp_read_radix(b, curveParam, MP_RADIX_HEX); 2603 3224 2604 3225 if (err == MP_OKAY) { 2605 if (mp_cmp( &a, &b) != MP_EQ) {3226 if (mp_cmp(a, b) != MP_EQ) { 2606 3227 err = -1; 2607 3228 } else { … … 2610 3231 } 2611 3232 2612 mp_clear(&a); 2613 mp_clear(&b); 3233 mp_clear(a); 3234 mp_clear(b); 3235 #ifdef WOLFSSL_SMALL_STACK 3236 XFREE(b, NULL, DYNAMIC_TYPE_ECC); 3237 XFREE(a, NULL, DYNAMIC_TYPE_ECC); 3238 #endif 2614 3239 2615 3240 return err; … … 2672 3297 } 2673 3298 3299 /* Returns the curve id that corresponds to a given OID, 3300 * as listed in ecc_sets[] of ecc.c. 3301 * 3302 * oid OID, from ecc_sets[].name in ecc.c 3303 * len OID len, from ecc_sets[].name in ecc.c 3304 * return curve id, from ecc_sets[] on success, negative on error 3305 */ 3306 int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len) 3307 { 3308 int curve_idx; 3309 3310 if (oid == NULL) 3311 return BAD_FUNC_ARG; 3312 3313 for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) { 3314 if (ecc_sets[curve_idx].oid && ecc_sets[curve_idx].oidSz == len && 3315 XMEMCMP(ecc_sets[curve_idx].oid, oid, len) == 0) { 3316 break; 3317 } 3318 } 3319 if (ecc_sets[curve_idx].size == 0) { 3320 WOLFSSL_MSG("ecc_set curve name not found"); 3321 return ECC_CURVE_INVALID; 3322 } 3323 3324 return ecc_sets[curve_idx].id; 3325 } 3326 3327 3328 #ifdef WOLFSSL_ASYNC_CRYPT 3329 static WC_INLINE int wc_ecc_alloc_mpint(ecc_key* key, mp_int** mp) 3330 { 3331 if (key == NULL || mp == NULL) 3332 return BAD_FUNC_ARG; 3333 if (*mp == NULL) { 3334 *mp = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT); 3335 if (*mp == NULL) { 3336 return MEMORY_E; 3337 } 3338 XMEMSET(*mp, 0, sizeof(mp_int)); 3339 } 3340 return 0; 3341 } 3342 static WC_INLINE void wc_ecc_free_mpint(ecc_key* key, mp_int** mp) 3343 { 3344 if (key && mp && *mp) { 3345 mp_clear(*mp); 3346 XFREE(*mp, key->heap, DYNAMIC_TYPE_BIGINT); 3347 *mp = NULL; 3348 } 3349 } 3350 3351 static int wc_ecc_alloc_async(ecc_key* key) 3352 { 3353 int err = wc_ecc_alloc_mpint(key, &key->r); 3354 if (err == 0) 3355 err = wc_ecc_alloc_mpint(key, &key->s); 3356 return err; 3357 } 3358 3359 static void wc_ecc_free_async(ecc_key* key) 3360 { 3361 wc_ecc_free_mpint(key, &key->r); 3362 wc_ecc_free_mpint(key, &key->s); 3363 #ifdef HAVE_CAVIUM_V 3364 wc_ecc_free_mpint(key, &key->e); 3365 wc_ecc_free_mpint(key, &key->signK); 3366 #endif /* HAVE_CAVIUM_V */ 3367 } 3368 #endif /* WOLFSSL_ASYNC_CRYPT */ 3369 2674 3370 2675 3371 #ifdef HAVE_ECC_DHE … … 2693 3389 } 2694 3390 3391 #ifdef WOLF_CRYPTO_DEV 3392 if (private_key->devId != INVALID_DEVID) { 3393 err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); 3394 if (err != NOT_COMPILED_IN) 3395 return err; 3396 } 3397 #endif 3398 2695 3399 /* type valid? */ 2696 3400 if (private_key->type != ECC_PRIVATEKEY && … … 2711 3415 2712 3416 #ifdef WOLFSSL_ATECC508A 2713 err = atcatls_ecdh(private_key->slot, public_key->pubkey, out); 2714 if (err != ATCA_SUCCESS) { 2715 err = BAD_COND_E; 2716 } 3417 /* For SECP256R1 use hardware */ 3418 if (private_key->dp->id == ECC_SECP256R1) { 3419 err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out); 2717 3420 *outlen = private_key->dp->size; 3421 } 3422 else { 3423 err = NOT_COMPILED_IN; 3424 } 3425 2718 3426 #else 3427 2719 3428 err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen); 2720 3429 #endif /* WOLFSSL_ATECC508A */ … … 2730 3439 { 2731 3440 int err; 3441 #ifndef WOLFSSL_SP_MATH 2732 3442 ecc_point* result = NULL; 2733 3443 word32 x = 0; 3444 #endif 2734 3445 mp_int* k = &private_key->k; 2735 3446 #ifdef HAVE_ECC_CDH … … 2763 3474 #endif 2764 3475 #endif 3476 #ifdef WOLFSSL_SP_MATH 3477 { 3478 err = WC_KEY_SIZE_E; 3479 3480 (void)curve; 3481 } 3482 #else 2765 3483 { 2766 3484 /* make new point */ … … 2792 3510 wc_ecc_del_point_h(result, private_key->heap); 2793 3511 } 3512 #endif 2794 3513 #ifdef HAVE_ECC_CDH 2795 3514 if (k == &k_lcl) … … 2807 3526 int err; 2808 3527 2809 #ifdef HAVE_CAVIUM 2810 /* TODO: Not implemented - use software for now */ 2811 err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen, curve); 2812 2813 #elif defined(HAVE_INTEL_QA) 3528 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) 3529 #ifdef HAVE_CAVIUM_V 3530 /* verify the curve is supported by hardware */ 3531 if (NitroxEccIsCurveSupported(private_key)) 3532 #endif 3533 { 3534 word32 keySz = private_key->dp->size; 3535 2814 3536 /* sync public key x/y */ 2815 err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF); 3537 err = wc_mp_to_bigint_sz(&private_key->k, &private_key->k.raw, keySz); 3538 if (err == MP_OKAY) 3539 err = wc_mp_to_bigint_sz(point->x, &point->x->raw, keySz); 3540 if (err == MP_OKAY) 3541 err = wc_mp_to_bigint_sz(point->y, &point->y->raw, keySz); 3542 #ifdef HAVE_CAVIUM_V 3543 /* allocate buffer for output */ 2816 3544 if (err == MP_OKAY) 2817 err = wc_mp_to_bigint(&private_key->k, &private_key->k.raw);3545 err = wc_ecc_alloc_mpint(private_key, &private_key->e); 2818 3546 if (err == MP_OKAY) 2819 err = wc_mp_to_bigint(point->x, &point->x->raw); 3547 err = wc_bigint_alloc(&private_key->e->raw, 3548 NitroxEccGetSize(private_key)*2); 2820 3549 if (err == MP_OKAY) 2821 err = wc_mp_to_bigint(point->y, &point->y->raw); 3550 err = NitroxEcdh(private_key, 3551 &private_key->k.raw, &point->x->raw, &point->y->raw, 3552 private_key->e->raw.buf, &private_key->e->raw.len, 3553 &curve->prime->raw); 3554 #else 3555 if (err == MP_OKAY) 3556 err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF); 2822 3557 if (err == MP_OKAY) 2823 3558 err = IntelQaEcdh(&private_key->asyncDev, … … 2826 3561 &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, 2827 3562 private_key->dp->cofactor); 2828 #else /* WOLFSSL_ASYNC_CRYPT_TEST */ 3563 #endif 3564 return err; 3565 } 3566 #elif defined(WOLFSSL_ASYNC_CRYPT_TEST) 2829 3567 if (wc_AsyncTestInit(&private_key->asyncDev, ASYNC_TEST_ECC_SHARED_SEC)) { 2830 3568 WC_ASYNC_TEST* testDev = &private_key->asyncDev.test; … … 2835 3573 return WC_PENDING_E; 2836 3574 } 3575 #endif 3576 3577 /* use sync in other cases */ 2837 3578 err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen, curve); 2838 #endif2839 3579 2840 3580 return err; … … 2846 3586 { 2847 3587 int err; 2848 DECLARE_CURVE_SPECS( 2)3588 DECLARE_CURVE_SPECS(curve, 2); 2849 3589 2850 3590 if (private_key == NULL || point == NULL || out == NULL || … … 2853 3593 } 2854 3594 3595 ALLOC_CURVE_SPECS(2); 3596 2855 3597 /* load curve info */ 2856 3598 err = wc_ecc_curve_load(private_key->dp, &curve, 2857 3599 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_AF)); 2858 if (err != MP_OKAY) 3600 if (err != MP_OKAY) { 3601 FREE_CURVE_SPECS(); 2859 3602 return err; 3603 } 2860 3604 2861 3605 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) … … 2872 3616 2873 3617 wc_ecc_curve_free(curve); 3618 FREE_CURVE_SPECS(); 2874 3619 2875 3620 return err; … … 2918 3663 case ECC_STATE_SHARED_SEC_RES: 2919 3664 private_key->state = ECC_STATE_SHARED_SEC_RES; 3665 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 3666 if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { 3667 #ifdef HAVE_CAVIUM_V 3668 /* verify the curve is supported by hardware */ 3669 if (NitroxEccIsCurveSupported(private_key)) { 3670 /* copy output */ 3671 *outlen = private_key->dp->size; 3672 XMEMCPY(out, private_key->e->raw.buf, *outlen); 3673 } 3674 #endif /* HAVE_CAVIUM_V */ 3675 } 3676 #endif /* WOLFSSL_ASYNC_CRYPT */ 2920 3677 err = 0; 2921 3678 break; … … 2931 3688 } 2932 3689 3690 /* cleanup */ 3691 #ifdef WOLFSSL_ASYNC_CRYPT 3692 wc_ecc_free_async(private_key); 3693 #endif 2933 3694 private_key->state = ECC_STATE_NONE; 2934 3695 … … 2952 3713 } 2953 3714 3715 #ifndef WOLFSSL_SP_MATH 2954 3716 /* generate random and ensure its greater than 0 and less than order */ 2955 3717 static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) 2956 3718 { 3719 #ifndef WC_NO_RNG 2957 3720 int err; 2958 #if def WOLFSSL_SMALL_STACK2959 byte* buf;3721 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 3722 DECLARE_VAR(buf, byte, ECC_MAXSIZE_GEN, rng->heap); 2960 3723 #else 2961 3724 byte buf[ECC_MAXSIZE_GEN]; 2962 #endif2963 2964 #ifdef WOLFSSL_SMALL_STACK2965 buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER);2966 if (buf == NULL)2967 return MEMORY_E;2968 3725 #endif 2969 3726 … … 2978 3735 if (err == 0) 2979 3736 err = mp_read_unsigned_bin(k, (byte*)buf, size); 2980 2981 /* quick sanity check to make sure we're not dealing with a 0 key */2982 if (err == MP_OKAY) {2983 if (mp_iszero(k) == MP_YES)2984 err = MP_ZERO_E;2985 }2986 3737 2987 3738 /* the key should be smaller than the order of base point */ … … 2992 3743 } 2993 3744 3745 /* quick sanity check to make sure we're not dealing with a 0 key */ 3746 if (err == MP_OKAY) { 3747 if (mp_iszero(k) == MP_YES) 3748 err = MP_ZERO_E; 3749 } 3750 2994 3751 ForceZero(buf, ECC_MAXSIZE); 2995 #if def WOLFSSL_SMALL_STACK2996 XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);3752 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 3753 FREE_VAR(buf, rng->heap); 2997 3754 #endif 2998 3755 2999 3756 return err; 3000 } 3757 #else 3758 (void)rng; 3759 (void)size; 3760 (void)k; 3761 (void)order; 3762 return NOT_COMPILED_IN; 3763 #endif /* !WC_NO_RNG */ 3764 } 3765 #endif /* WOLFSSL_SP_MATH */ 3001 3766 #endif /* !WOLFSSL_ATECC508A */ 3002 3767 3003 static INLINE void wc_ecc_reset(ecc_key* key)3768 static WC_INLINE void wc_ecc_reset(ecc_key* key) 3004 3769 { 3005 3770 /* make sure required key variables are reset */ … … 3026 3791 int err = MP_OKAY; 3027 3792 #ifndef WOLFSSL_ATECC508A 3793 #ifndef WOLFSSL_SP_MATH 3028 3794 ecc_point* base = NULL; 3795 #endif 3029 3796 ecc_point* pub; 3030 DECLARE_CURVE_SPECS( ECC_CURVE_FIELD_COUNT)3031 #endif 3797 DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); 3798 #endif /* !WOLFSSL_ATECC508A */ 3032 3799 3033 3800 if (key == NULL) { … … 3036 3803 3037 3804 #ifndef WOLFSSL_ATECC508A 3805 3038 3806 /* if ecc_point passed in then use it as output for public key point */ 3039 3807 if (pubOut != NULL) { … … 3052 3820 } 3053 3821 else { 3822 ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); 3823 3054 3824 /* load curve info */ 3055 3825 if (err == MP_OKAY) … … 3080 3850 #endif 3081 3851 #endif 3852 #ifdef WOLFSSL_SP_MATH 3853 err = WC_KEY_SIZE_E; 3854 #else 3082 3855 { 3083 3856 if (err == MP_OKAY) { … … 3102 3875 wc_ecc_del_point_h(base, key->heap); 3103 3876 } 3877 #endif 3104 3878 3105 3879 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN … … 3122 3896 if (curveIn == NULL) { 3123 3897 wc_ecc_curve_free(curve); 3124 } 3125 3898 FREE_CURVE_SPECS(); 3899 } 3900 3901 #else 3902 (void)curveIn; 3126 3903 #endif /* WOLFSSL_ATECC508A */ 3127 3904 … … 3156 3933 int err; 3157 3934 #ifndef WOLFSSL_ATECC508A 3158 DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT) 3159 #endif 3935 #ifndef WOLFSSL_SP_MATH 3936 DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); 3937 #endif 3938 #endif /* !WOLFSSL_ATECC508A */ 3160 3939 3161 3940 if (key == NULL || rng == NULL) { … … 3170 3949 return err; 3171 3950 } 3951 3952 #ifdef WOLF_CRYPTO_DEV 3953 if (key->devId != INVALID_DEVID) { 3954 err = wc_CryptoDev_MakeEccKey(rng, keysize, key, curve_id); 3955 if (err != NOT_COMPILED_IN) 3956 return err; 3957 } 3958 #endif 3172 3959 3173 3960 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) … … 3188 3975 #endif 3189 3976 } 3190 #endif /* WOLFSSL_ASYNC_CRYPT */3977 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ 3191 3978 3192 3979 #ifdef WOLFSSL_ATECC508A 3193 3980 key->type = ECC_PRIVATEKEY; 3194 err = atcatls_create_key(key->slot, key->pubkey); 3195 if (err != ATCA_SUCCESS) 3196 err = BAD_COND_E; 3981 key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE); 3982 err = atmel_ecc_create_key(key->slot, key->pubkey_raw); 3983 3984 /* populate key->pubkey */ 3985 if (err == 0 && key->pubkey.x) { 3986 err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw, 3987 ECC_MAX_CRYPTO_HW_SIZE); 3988 } 3989 if (err == 0 && key->pubkey.y) { 3990 err = mp_read_unsigned_bin(key->pubkey.y, 3991 key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE, 3992 ECC_MAX_CRYPTO_HW_SIZE); 3993 } 3197 3994 #else 3198 3995 … … 3206 4003 else 3207 4004 #endif 3208 #endif 3209 { 4005 #endif /* WOLFSSL_HAVE_SP_ECC */ 4006 4007 { /* software key gen */ 4008 #ifdef WOLFSSL_SP_MATH 4009 err = WC_KEY_SIZE_E; 4010 #else 4011 ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); 4012 3210 4013 /* setup the key variables */ 3211 4014 err = mp_init(&key->k); … … 3234 4037 /* cleanup allocations */ 3235 4038 wc_ecc_curve_free(curve); 3236 } 4039 FREE_CURVE_SPECS(); 4040 #endif /* WOLFSSL_SP_MATH */ 4041 } 4042 4043 #ifdef HAVE_WOLF_BIGINT 4044 if (err == MP_OKAY) 4045 err = wc_mp_to_bigint(&key->k, &key->k.raw); 4046 if (err == MP_OKAY) 4047 err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw); 4048 if (err == MP_OKAY) 4049 err = wc_mp_to_bigint(key->pubkey.y, &key->pubkey.y->raw); 4050 if (err == MP_OKAY) 4051 err = wc_mp_to_bigint(key->pubkey.z, &key->pubkey.z->raw); 4052 #endif 3237 4053 3238 4054 #endif /* WOLFSSL_ATECC508A */ … … 3311 4127 } 3312 4128 3313 static INLINE int wc_ecc_alloc_rs(ecc_key* key, mp_int** r, mp_int** s)3314 {3315 int err = 0;3316 3317 #ifndef WOLFSSL_ASYNC_CRYPT3318 (void)key;3319 #endif3320 3321 if (*r == NULL) {3322 #ifdef WOLFSSL_ASYNC_CRYPT3323 *r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT);3324 if (*r == NULL) {3325 return MEMORY_E;3326 }3327 key->r = *r;3328 #endif3329 }3330 if (*s == NULL) {3331 #ifdef WOLFSSL_ASYNC_CRYPT3332 *s = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT);3333 if (*s == NULL) {3334 XFREE(*r, key->heap, DYNAMIC_TYPE_BIGINT);3335 return MEMORY_E;3336 }3337 key->s = *s;3338 #endif3339 }3340 3341 /* initialize mp_int */3342 if (*r)3343 XMEMSET(*r, 0, sizeof(mp_int));3344 if (*s)3345 XMEMSET(*s, 0, sizeof(mp_int));3346 3347 return err;3348 }3349 3350 static INLINE void wc_ecc_free_rs(ecc_key* key, mp_int** r, mp_int** s)3351 {3352 if (*r) {3353 mp_clear(*r);3354 3355 #ifdef WOLFSSL_ASYNC_CRYPT3356 XFREE(*r, key->heap, DYNAMIC_TYPE_BIGINT);3357 key->r = NULL;3358 #endif3359 *r = NULL;3360 }3361 if (*s) {3362 mp_clear(*s);3363 3364 #ifdef WOLFSSL_ASYNC_CRYPT3365 XFREE(*s, key->heap, DYNAMIC_TYPE_BIGINT);3366 key->s = NULL;3367 #endif3368 *s = NULL;3369 }3370 (void)key;3371 }3372 3373 4129 /* Setup dynamic pointers if using normal math for proper freeing */ 3374 4130 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) … … 3387 4143 key->state = ECC_STATE_NONE; 3388 4144 4145 #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) 4146 key->devId = devId; 4147 #else 4148 (void)devId; 4149 #endif 4150 3389 4151 #ifdef WOLFSSL_ATECC508A 3390 key->slot = atmel_ecc_alloc(); 3391 if (key->slot == ATECC_INVALID_SLOT) { 3392 return ECC_BAD_ARG_E; 3393 } 4152 key->slot = ATECC_INVALID_SLOT; 3394 4153 #else 3395 4154 #ifdef ALT_ECC_SIZE … … 3420 4179 ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, 3421 4180 key->heap, devId); 3422 #else3423 (void)devId;3424 4181 #endif 3425 4182 … … 3431 4188 return wc_ecc_init_ex(key, NULL, INVALID_DEVID); 3432 4189 } 4190 4191 #ifdef HAVE_PKCS11 4192 int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, 4193 int devId) 4194 { 4195 int ret = 0; 4196 4197 if (key == NULL) 4198 ret = BAD_FUNC_ARG; 4199 if (ret == 0 && (len < 0 || len > ECC_MAX_ID_LEN)) 4200 ret = BUFFER_E; 4201 4202 if (ret == 0) 4203 ret = wc_ecc_init_ex(key, heap, devId); 4204 4205 if (ret == 0 && id != NULL && len != 0) { 4206 XMEMCPY(key->id, id, len); 4207 key->idLen = len; 4208 } 4209 4210 return ret; 4211 } 4212 #endif 3433 4213 3434 4214 int wc_ecc_set_flags(ecc_key* key, word32 flags) … … 3444 4224 3445 4225 #ifndef NO_ASN 4226 4227 #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) 4228 static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, 4229 mp_int* r, mp_int* s, byte* out, word32 *outlen, WC_RNG* rng, 4230 ecc_key* key) 4231 { 4232 int err; 4233 4234 #ifdef PLUTON_CRYPTO_ECC 4235 if (key->devId != INVALID_DEVID) /* use hardware */ 4236 #endif 4237 { 4238 word32 keysize = (word32)key->dp->size; 4239 4240 /* Check args */ 4241 if (keysize > ECC_MAX_CRYPTO_HW_SIZE || inlen != keysize || 4242 *outlen < keysize*2) { 4243 return ECC_BAD_ARG_E; 4244 } 4245 4246 #if defined(WOLFSSL_ATECC508A) 4247 key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE); 4248 if (key->slot == ATECC_INVALID_SLOT) { 4249 return ECC_BAD_ARG_E; 4250 } 4251 4252 /* Sign: Result is 32-bytes of R then 32-bytes of S */ 4253 err = atmel_ecc_sign(key->slot, in, out); 4254 if (err != 0) { 4255 return err; 4256 } 4257 #elif defined(PLUTON_CRYPTO_ECC) 4258 { 4259 /* perform ECC sign */ 4260 word32 raw_sig_size = *outlen; 4261 err = Crypto_EccSign(in, inlen, out, &raw_sig_size); 4262 if (err != CRYPTO_RES_SUCCESS || raw_sig_size != keysize*2){ 4263 return BAD_COND_E; 4264 } 4265 } 4266 #endif 4267 4268 /* Load R and S */ 4269 err = mp_read_unsigned_bin(r, &out[0], keysize); 4270 if (err != MP_OKAY) { 4271 return err; 4272 } 4273 err = mp_read_unsigned_bin(s, &out[keysize], keysize); 4274 if (err != MP_OKAY) { 4275 return err; 4276 } 4277 4278 /* Check for zeros */ 4279 if (mp_iszero(r) || mp_iszero(s)) { 4280 return MP_ZERO_E; 4281 } 4282 } 4283 #ifdef PLUTON_CRYPTO_ECC 4284 else { 4285 err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); 4286 } 4287 #endif 4288 (void)rng; 4289 4290 return err; 4291 } 4292 #endif /* WOLFSSL_ATECC508A || PLUTON_CRYPTO_ECC */ 4293 3446 4294 /** 3447 4295 Sign a message digest … … 3458 4306 int err; 3459 4307 mp_int *r = NULL, *s = NULL; 3460 #if ndef WOLFSSL_ASYNC_CRYPT4308 #if !defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_SMALL_STACK) 3461 4309 mp_int r_lcl, s_lcl; 3462 r = &r_lcl;3463 s = &s_lcl;3464 4310 #endif 3465 4311 … … 3468 4314 return ECC_BAD_ARG_E; 3469 4315 } 4316 4317 #ifdef WOLF_CRYPTO_DEV 4318 if (key->devId != INVALID_DEVID) { 4319 err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); 4320 if (err != NOT_COMPILED_IN) 4321 return err; 4322 } 4323 #endif 4324 4325 #ifdef WOLFSSL_ASYNC_CRYPT 4326 err = wc_ecc_alloc_async(key); 4327 if (err != 0) 4328 return err; 4329 r = key->r; 4330 s = key->s; 4331 #elif !defined(WOLFSSL_SMALL_STACK) 4332 r = &r_lcl; 4333 s = &s_lcl; 4334 #else 4335 r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 4336 if (r == NULL) 4337 return MEMORY_E; 4338 s = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 4339 if (s == NULL) { 4340 XFREE(r, key->heap, DYNAMIC_TYPE_ECC); 4341 return MEMORY_E; 4342 } 4343 #endif 3470 4344 3471 4345 switch(key->state) { … … 3474 4348 key->state = ECC_STATE_SIGN_DO; 3475 4349 3476 err = wc_ecc_alloc_rs(key, &r, &s);3477 if (err != 0)3478 break;3479 3480 4350 if ((err = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY){ 3481 4351 break; 3482 4352 } 3483 4353 3484 #ifdef WOLFSSL_ATECC508A 3485 /* Check args */ 3486 if (inlen != ATECC_KEY_SIZE || *outlen < SIGN_RSP_SIZE) { 3487 return ECC_BAD_ARG_E; 3488 } 3489 3490 /* Sign: Result is 32-bytes of R then 32-bytes of S */ 3491 err = atcatls_sign(key->slot, in, out); 3492 if (err != ATCA_SUCCESS) { 3493 return BAD_COND_E; 3494 } 3495 3496 /* Load R and S */ 3497 err = mp_read_unsigned_bin(r, &out[0], ATECC_KEY_SIZE); 3498 if (err != MP_OKAY) { 3499 return err; 3500 } 3501 err = mp_read_unsigned_bin(s, &out[ATECC_KEY_SIZE], ATECC_KEY_SIZE); 3502 if (err != MP_OKAY) { 3503 return err; 3504 } 3505 3506 /* Check for zeros */ 3507 if (mp_iszero(r) || mp_iszero(s)) { 3508 return MP_ZERO_E; 3509 } 3510 4354 /* hardware crypto */ 4355 #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) 4356 err = wc_ecc_sign_hash_hw(in, inlen, r, s, out, outlen, rng, key); 3511 4357 #else 3512 3513 4358 err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); 4359 #endif 3514 4360 if (err < 0) { 3515 4361 break; 3516 4362 } 3517 4363 3518 #endif /* WOLFSSL_ATECC508A */3519 4364 FALL_THROUGH; 3520 4365 … … 3523 4368 3524 4369 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 3525 /* restore r/s */3526 r = key->r;3527 s = key->s;3528 3529 4370 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { 3530 /* only do this if not simulator, since it overwrites result */ 4371 #ifdef HAVE_CAVIUM_V 4372 /* Nitrox requires r and s in sep buffer, so split it */ 4373 NitroxEccRsSplit(key, &r->raw, &s->raw); 4374 #endif 3531 4375 #ifndef WOLFSSL_ASYNC_CRYPT_TEST 4376 /* only do this if not simulator, since it overwrites result */ 3532 4377 wc_bigint_to_mp(&r->raw, r); 3533 4378 wc_bigint_to_mp(&s->raw, s); … … 3539 4384 err = StoreECC_DSA_Sig(out, outlen, r, s); 3540 4385 3541 /* always free r/s*/4386 /* done with R/S */ 3542 4387 mp_clear(r); 3543 4388 mp_clear(s); 4389 #if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK) 4390 XFREE(s, key->heap, DYNAMIC_TYPE_ECC); 4391 XFREE(r, key->heap, DYNAMIC_TYPE_ECC); 4392 #endif 3544 4393 break; 3545 4394 3546 4395 default: 3547 4396 err = BAD_STATE_E; 4397 break; 3548 4398 } 3549 4399 … … 3555 4405 3556 4406 /* cleanup */ 3557 wc_ecc_free_rs(key, &r, &s); 4407 #ifdef WOLFSSL_ASYNC_CRYPT 4408 wc_ecc_free_async(key); 4409 #endif 3558 4410 key->state = ECC_STATE_NONE; 3559 4411 … … 3576 4428 { 3577 4429 int err; 3578 mp_int e; 3579 DECLARE_CURVE_SPECS(1) 4430 #ifndef WOLFSSL_SP_MATH 4431 mp_int* e; 4432 #if (!defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)) && \ 4433 !defined(WOLFSSL_SMALL_STACK) 4434 mp_int e_lcl; 4435 #endif 4436 DECLARE_CURVE_SPECS(curve, 1); 4437 #endif /* !WOLFSSL_SP_MATH */ 3580 4438 3581 4439 if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL) … … 3592 4450 } 3593 4451 4452 #ifdef WOLFSSL_SP_MATH 4453 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) 4454 return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->heap); 4455 else 4456 return WC_KEY_SIZE_E; 4457 #else 3594 4458 #ifdef WOLFSSL_HAVE_SP_ECC 3595 4459 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ … … 3603 4467 #endif 3604 4468 } 3605 #endif 4469 #endif /* WOLFSSL_HAVE_SP_ECC */ 4470 3606 4471 3607 4472 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ … … 3621 4486 #endif 3622 4487 4488 ALLOC_CURVE_SPECS(1); 4489 4490 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V) 4491 err = wc_ecc_alloc_mpint(key, &key->e); 4492 if (err != 0) { 4493 FREE_CURVE_SPECS(); 4494 return err; 4495 } 4496 e = key->e; 4497 #elif !defined(WOLFSSL_SMALL_STACK) 4498 e = &e_lcl; 4499 #else 4500 e = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 4501 if (e == NULL) { 4502 FREE_CURVE_SPECS(); 4503 return MEMORY_E; 4504 } 4505 #endif 4506 3623 4507 /* get the hash and load it as a bignum into 'e' */ 3624 4508 /* init the bignums */ 3625 if ((err = mp_init(&e)) != MP_OKAY) { 4509 if ((err = mp_init(e)) != MP_OKAY) { 4510 #ifdef WOLFSSL_SMALL_STACK 4511 XFREE(e, key->heap, DYNAMIC_TYPE_ECC); 4512 #endif 4513 FREE_CURVE_SPECS(); 3626 4514 return err; 3627 4515 } … … 3638 4526 if ((WOLFSSL_BIT_SIZE * inlen) > orderBits) 3639 4527 inlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE; 3640 err = mp_read_unsigned_bin( &e, (byte*)in, inlen);4528 err = mp_read_unsigned_bin(e, (byte*)in, inlen); 3641 4529 3642 4530 /* may still need bit truncation too */ 3643 4531 if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * inlen) > orderBits) 3644 mp_rshb( &e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));4532 mp_rshb(e, WOLFSSL_BIT_SIZE - (orderBits & 0x7)); 3645 4533 } 3646 4534 … … 3648 4536 if (err == MP_OKAY) { 3649 4537 int loop_check = 0; 3650 ecc_key pubkey; 4538 #ifdef WOLFSSL_SMALL_STACK 4539 ecc_key* pubkey = NULL; 4540 #else 4541 ecc_key pubkey[1]; 4542 #endif 3651 4543 3652 4544 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 3653 4545 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { 3654 #ifdef HAVE_CAVIUM 3655 /* TODO: Not implemented */ 3656 #elif defined(HAVE_INTEL_QA) 3657 mp_int k; 3658 3659 err = mp_init(&k); 4546 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) 4547 #ifdef HAVE_CAVIUM_V 4548 if (NitroxEccIsCurveSupported(key)) 4549 #endif 4550 { 4551 word32 keySz = key->dp->size; 4552 mp_int* k; 4553 #ifdef HAVE_CAVIUM_V 4554 err = wc_ecc_alloc_mpint(key, &key->signK); 4555 if (err != 0) 4556 return err; 4557 k = key->signK; 4558 #else 4559 mp_int k_lcl; 4560 k = &k_lcl; 4561 #endif 4562 4563 err = mp_init(k); 4564 3660 4565 /* make sure r and s are allocated */ 4566 #ifdef HAVE_CAVIUM_V 4567 /* Nitrox V needs single buffer for R and S */ 4568 if (err == MP_OKAY) 4569 err = wc_bigint_alloc(&key->r->raw, NitroxEccGetSize(key)*2); 4570 /* Nitrox V only needs Prime and Order */ 4571 if (err == MP_OKAY) 4572 err = wc_ecc_curve_load(key->dp, &curve, 4573 (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_ORDER)); 4574 #else 3661 4575 if (err == MP_OKAY) 3662 4576 err = wc_bigint_alloc(&key->r->raw, key->dp->size); 3663 4577 if (err == MP_OKAY) 4578 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); 4579 #endif 4580 if (err == MP_OKAY) 3664 4581 err = wc_bigint_alloc(&key->s->raw, key->dp->size); 4582 3665 4583 /* load e and k */ 3666 4584 if (err == MP_OKAY) 3667 err = wc_mp_to_bigint(&e, &e.raw);4585 err = wc_mp_to_bigint_sz(e, &e->raw, keySz); 3668 4586 if (err == MP_OKAY) 3669 err = wc_mp_to_bigint(&key->k, &key->k.raw);4587 err = wc_mp_to_bigint_sz(&key->k, &key->k.raw, keySz); 3670 4588 if (err == MP_OKAY) 3671 err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL);4589 err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order); 3672 4590 if (err == MP_OKAY) 3673 err = wc_ecc_gen_k(rng, key->dp->size, &k, curve->order); 4591 err = wc_mp_to_bigint_sz(k, &k->raw, keySz); 4592 4593 #ifdef HAVE_CAVIUM_V 3674 4594 if (err == MP_OKAY) 3675 err = wc_mp_to_bigint(&k, &k.raw); 4595 err = NitroxEcdsaSign(key, &e->raw, &key->k.raw, &k->raw, 4596 &r->raw, &s->raw, &curve->prime->raw, &curve->order->raw); 4597 #else 3676 4598 if (err == MP_OKAY) 3677 err = IntelQaEcdsaSign(&key->asyncDev, &e.raw, &key->k.raw,3678 &k.raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw,4599 err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k.raw, 4600 &k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw, 3679 4601 &curve->prime->raw, &curve->order->raw, &curve->Gx->raw, 3680 4602 &curve->Gy->raw); 3681 3682 mp_clear(&e); 3683 mp_clear(&k); 4603 #endif 4604 4605 #ifndef HAVE_CAVIUM_V 4606 mp_clear(e); 4607 mp_clear(k); 4608 #endif 3684 4609 wc_ecc_curve_free(curve); 4610 FREE_CURVE_SPECS(); 3685 4611 3686 4612 return err; 3687 #endif 4613 } 4614 #endif /* HAVE_CAVIUM_V || HAVE_INTEL_QA */ 3688 4615 } 3689 4616 #endif /* WOLFSSL_ASYNC_CRYPT */ 3690 4617 4618 #ifdef WOLFSSL_SMALL_STACK 4619 pubkey = (ecc_key*)XMALLOC(sizeof(ecc_key), key->heap, DYNAMIC_TYPE_ECC); 4620 if (pubkey == NULL) 4621 err = MEMORY_E; 4622 #endif 4623 3691 4624 /* don't use async for key, since we don't support async return here */ 3692 if (wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID) == MP_OKAY) { 4625 if (err == MP_OKAY && (err = wc_ecc_init_ex(pubkey, key->heap, 4626 INVALID_DEVID)) == MP_OKAY) { 4627 #ifdef WOLFSSL_SMALL_STACK 4628 mp_int* b = NULL; 4629 #else 4630 mp_int b[1]; 4631 #endif 4632 4633 #ifdef WOLFSSL_SMALL_STACK 4634 if (err == MP_OKAY) { 4635 b = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, 4636 DYNAMIC_TYPE_ECC); 4637 if (b == NULL) 4638 err = MEMORY_E; 4639 } 4640 #endif 4641 4642 if (err == MP_OKAY) { 4643 err = mp_init(b); 4644 } 4645 3693 4646 #ifdef WOLFSSL_CUSTOM_CURVES 3694 4647 /* if custom curve, apply params to pubkey */ 3695 if ( key->idx == ECC_CUSTOM_IDX) {3696 wc_ecc_set_custom_curve(&pubkey, key->dp);4648 if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { 4649 err = wc_ecc_set_custom_curve(pubkey, key->dp); 3697 4650 } 3698 4651 #endif 3699 4652 3700 for (;;) { 4653 if (err == MP_OKAY) { 4654 /* Generate blinding value - non-zero value. */ 4655 do { 4656 if (++loop_check > 64) { 4657 err = RNG_FAILURE_E; 4658 break; 4659 } 4660 4661 err = wc_ecc_gen_k(rng, key->dp->size, b, curve->order); 4662 } 4663 while (err == MP_ZERO_E); 4664 loop_check = 0; 4665 } 4666 4667 for (; err == MP_OKAY;) { 3701 4668 if (++loop_check > 64) { 3702 4669 err = RNG_FAILURE_E; 3703 4670 break; 3704 4671 } 3705 err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey,4672 err = wc_ecc_make_key_ex(rng, key->dp->size, pubkey, 3706 4673 key->dp->id); 3707 4674 if (err != MP_OKAY) break; 3708 4675 3709 4676 /* find r = x1 mod n */ 3710 err = mp_mod(pubkey .pubkey.x, curve->order, r);4677 err = mp_mod(pubkey->pubkey.x, curve->order, r); 3711 4678 if (err != MP_OKAY) break; 3712 4679 3713 4680 if (mp_iszero(r) == MP_YES) { 3714 4681 #ifndef ALT_ECC_SIZE 3715 mp_clear(pubkey .pubkey.x);3716 mp_clear(pubkey .pubkey.y);3717 mp_clear(pubkey .pubkey.z);4682 mp_clear(pubkey->pubkey.x); 4683 mp_clear(pubkey->pubkey.y); 4684 mp_clear(pubkey->pubkey.z); 3718 4685 #endif 3719 mp_forcezero(&pubkey .k);4686 mp_forcezero(&pubkey->k); 3720 4687 } 3721 4688 else { 3722 /* find s = (e + xr)/k */ 3723 err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); 4689 /* find s = (e + xr)/k 4690 = b.(e/k.b + x.r/k.b) */ 4691 4692 /* k = k.b */ 4693 err = mp_mulmod(&pubkey->k, b, curve->order, &pubkey->k); 3724 4694 if (err != MP_OKAY) break; 3725 4695 3726 /* s = xr */ 4696 /* k = 1/k.b */ 4697 err = mp_invmod(&pubkey->k, curve->order, &pubkey->k); 4698 if (err != MP_OKAY) break; 4699 4700 /* s = x.r */ 3727 4701 err = mp_mulmod(&key->k, r, curve->order, s); 3728 4702 if (err != MP_OKAY) break; 3729 4703 3730 /* s = e + xr*/3731 err = mp_ add(&e, s, s);4704 /* s = x.r/k.b */ 4705 err = mp_mulmod(&pubkey->k, s, curve->order, s); 3732 4706 if (err != MP_OKAY) break; 3733 4707 3734 /* s = e + xr */ 4708 /* e = e/k.b */ 4709 err = mp_mulmod(&pubkey->k, e, curve->order, e); 4710 if (err != MP_OKAY) break; 4711 4712 /* s = e/k.b + x.r/k.b 4713 = (e + x.r)/k.b */ 4714 err = mp_add(e, s, s); 4715 if (err != MP_OKAY) break; 4716 4717 /* s = b.(e + x.r)/k.b 4718 = (e + x.r)/k */ 4719 err = mp_mulmod(s, b, curve->order, s); 4720 if (err != MP_OKAY) break; 4721 4722 /* s = (e + xr)/k */ 3735 4723 err = mp_mod(s, curve->order, s); 3736 4724 if (err != MP_OKAY) break; 3737 3738 /* s = (e + xr)/k */3739 err = mp_mulmod(s, &pubkey.k, curve->order, s);3740 4725 3741 4726 if (mp_iszero(s) == MP_NO) … … 3743 4728 } 3744 4729 } 3745 wc_ecc_free(&pubkey); 4730 mp_clear(b); 4731 mp_free(b); 4732 #ifdef WOLFSSL_SMALL_STACK 4733 XFREE(b, key->heap, DYNAMIC_TYPE_ECC); 4734 #endif 4735 wc_ecc_free(pubkey); 4736 #ifdef WOLFSSL_SMALL_STACK 4737 XFREE(pubkey, key->heap, DYNAMIC_TYPE_ECC); 4738 #endif 3746 4739 } 3747 4740 } 3748 4741 3749 mp_clear( &e);4742 mp_clear(e); 3750 4743 wc_ecc_curve_free(curve); 4744 #ifdef WOLFSSL_SMALL_STACK 4745 XFREE(e, key->heap, DYNAMIC_TYPE_ECC); 4746 #endif 4747 FREE_CURVE_SPECS(); 4748 #endif /* WOLFSSL_SP_MATH */ 3751 4749 3752 4750 return err; … … 3754 4752 #endif /* WOLFSSL_ATECC508A */ 3755 4753 #endif /* HAVE_ECC_SIGN */ 4754 4755 #ifdef WOLFSSL_CUSTOM_CURVES 4756 void wc_ecc_free_curve(const ecc_set_type* curve, void* heap) 4757 { 4758 if (curve->prime != NULL) 4759 XFREE((void*)curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER); 4760 if (curve->Af != NULL) 4761 XFREE((void*)curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER); 4762 if (curve->Bf != NULL) 4763 XFREE((void*)curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER); 4764 if (curve->order != NULL) 4765 XFREE((void*)curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER); 4766 if (curve->Gx != NULL) 4767 XFREE((void*)curve->Gx, heap, DYNAMIC_TYPE_ECC_BUFFER); 4768 if (curve->Gy != NULL) 4769 XFREE((void*)curve->Gy, heap, DYNAMIC_TYPE_ECC_BUFFER); 4770 4771 XFREE((void*)curve, heap, DYNAMIC_TYPE_ECC_BUFFER); 4772 4773 (void)heap; 4774 } 4775 #endif /* WOLFSSL_CUSTOM_CURVES */ 3756 4776 3757 4777 /** … … 3759 4779 key The key you wish to free 3760 4780 */ 3761 voidwc_ecc_free(ecc_key* key)4781 int wc_ecc_free(ecc_key* key) 3762 4782 { 3763 4783 if (key == NULL) { 3764 return; 3765 } 3766 3767 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 4784 return 0; 4785 } 4786 4787 #ifdef WOLFSSL_ASYNC_CRYPT 4788 #ifdef WC_ASYNC_ENABLE_ECC 3768 4789 wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC); 3769 wc_ecc_free_rs(key, &key->r, &key->s); 4790 #endif 4791 wc_ecc_free_async(key); 3770 4792 #endif 3771 4793 3772 4794 #ifdef WOLFSSL_ATECC508A 3773 4795 atmel_ecc_free(key->slot); 3774 key->slot = -1;4796 key->slot = ATECC_INVALID_SLOT; 3775 4797 #else 3776 4798 … … 3781 4803 mp_forcezero(&key->k); 3782 4804 #endif /* WOLFSSL_ATECC508A */ 3783 } 3784 4805 4806 #ifdef WOLFSSL_CUSTOM_CURVES 4807 if (key->deallocSet && key->dp != NULL) 4808 wc_ecc_free_curve(key->dp, key->heap); 4809 #endif 4810 4811 return 0; 4812 } 4813 4814 #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) 3785 4815 #ifdef ECC_SHAMIR 3786 4816 … … 3801 4831 void* heap) 3802 4832 #else 3803 staticint ecc_mul2add(ecc_point* A, mp_int* kA,4833 int ecc_mul2add(ecc_point* A, mp_int* kA, 3804 4834 ecc_point* B, mp_int* kB, 3805 4835 ecc_point* C, mp_int* a, mp_int* modulus, … … 3807 4837 #endif 3808 4838 { 3809 ecc_point* precomp[16]; 4839 #ifdef WOLFSSL_SMALL_STACK 4840 ecc_point** precomp = NULL; 4841 #ifdef WOLFSSL_SMALL_STACK_CACHE 4842 ecc_key key; 4843 #endif 4844 #else 4845 ecc_point* precomp[SHAMIR_PRECOMP_SZ]; 4846 #endif 3810 4847 unsigned bitbufA, bitbufB, lenA, lenB, len, nA, nB, nibble; 3811 4848 unsigned char* tA; 3812 4849 unsigned char* tB; 3813 4850 int err = MP_OKAY, first, x, y; 3814 mp_digit mp;4851 mp_digit mp = 0; 3815 4852 3816 4853 /* argchks */ … … 3830 4867 return GEN_MEM_ERR; 3831 4868 } 4869 #ifdef WOLFSSL_SMALL_STACK 4870 precomp = (ecc_point**)XMALLOC(sizeof(ecc_point*) * SHAMIR_PRECOMP_SZ, heap, 4871 DYNAMIC_TYPE_ECC_BUFFER); 4872 if (precomp == NULL) { 4873 XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); 4874 XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); 4875 return GEN_MEM_ERR; 4876 } 4877 #endif 4878 #ifdef WOLFSSL_SMALL_STACK_CACHE 4879 key.t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4880 key.t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4881 #ifdef ALT_ECC_SIZE 4882 key.x = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4883 key.y = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4884 key.z = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4885 #endif 4886 if (key.t1 == NULL || key.t2 == NULL 4887 #ifdef ALT_ECC_SIZE 4888 || key.x == NULL || key.y == NULL || key.z == NULL 4889 #endif 4890 ) { 4891 #ifdef ALT_ECC_SIZE 4892 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 4893 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 4894 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 4895 #endif 4896 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 4897 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 4898 XFREE(precomp, heap, DYNAMIC_TYPE_ECC_BUFFER); 4899 XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); 4900 XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); 4901 return MEMORY_E; 4902 } 4903 C->key = &key; 4904 #endif /* WOLFSSL_SMALL_STACK_CACHE */ 3832 4905 3833 4906 /* init variables */ 3834 4907 XMEMSET(tA, 0, ECC_BUFSIZE); 3835 4908 XMEMSET(tB, 0, ECC_BUFSIZE); 4909 #ifndef WOLFSSL_SMALL_STACK 3836 4910 XMEMSET(precomp, 0, sizeof(precomp)); 4911 #else 4912 XMEMSET(precomp, 0, sizeof(ecc_point*) * SHAMIR_PRECOMP_SZ); 4913 #endif 3837 4914 3838 4915 /* get sizes */ … … 3856 4933 /* allocate the table */ 3857 4934 if (err == MP_OKAY) { 3858 for (x = 0; x < 16; x++) {4935 for (x = 0; x < SHAMIR_PRECOMP_SZ; x++) { 3859 4936 precomp[x] = wc_ecc_new_point_h(heap); 3860 4937 if (precomp[x] == NULL) { … … 3862 4939 break; 3863 4940 } 4941 #ifdef WOLFSSL_SMALL_STACK_CACHE 4942 precomp[x]->key = &key; 4943 #endif 3864 4944 } 3865 4945 } … … 3871 4951 3872 4952 if (err == MP_OKAY) { 3873 mp_int mu; 3874 err = mp_init(&mu); 4953 #ifdef WOLFSSL_SMALL_STACK 4954 mp_int* mu = NULL; 4955 #else 4956 mp_int mu[1]; 4957 #endif 4958 #ifdef WOLFSSL_SMALL_STACK 4959 mu = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); 4960 if (mu == NULL) 4961 err = MEMORY_E; 4962 #endif 3875 4963 if (err == MP_OKAY) { 3876 err = mp_montgomery_calc_normalization(&mu, modulus); 4964 err = mp_init(mu); 4965 } 4966 if (err == MP_OKAY) { 4967 err = mp_montgomery_calc_normalization(mu, modulus); 3877 4968 3878 4969 if (err == MP_OKAY) 3879 4970 /* copy ones ... */ 3880 err = mp_mulmod(A->x, &mu, modulus, precomp[1]->x);4971 err = mp_mulmod(A->x, mu, modulus, precomp[1]->x); 3881 4972 3882 4973 if (err == MP_OKAY) 3883 err = mp_mulmod(A->y, &mu, modulus, precomp[1]->y);4974 err = mp_mulmod(A->y, mu, modulus, precomp[1]->y); 3884 4975 if (err == MP_OKAY) 3885 err = mp_mulmod(A->z, &mu, modulus, precomp[1]->z);4976 err = mp_mulmod(A->z, mu, modulus, precomp[1]->z); 3886 4977 3887 4978 if (err == MP_OKAY) 3888 err = mp_mulmod(B->x, &mu, modulus, precomp[1<<2]->x);4979 err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x); 3889 4980 if (err == MP_OKAY) 3890 err = mp_mulmod(B->y, &mu, modulus, precomp[1<<2]->y);4981 err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y); 3891 4982 if (err == MP_OKAY) 3892 err = mp_mulmod(B->z, &mu, modulus, precomp[1<<2]->z);4983 err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z); 3893 4984 3894 4985 /* done with mu */ 3895 mp_clear(&mu); 4986 mp_clear(mu); 4987 #ifdef WOLFSSL_SMALL_STACK 4988 XFREE(mu, heap, DYNAMIC_TYPE_ECC); 4989 #endif 3896 4990 } 3897 4991 } … … 3916 5010 for (x = 1; x < 4; x++) { 3917 5011 for (y = 1; y < 4; y++) { 3918 if (err == MP_OKAY)5012 if (err == MP_OKAY) { 3919 5013 err = ecc_projective_add_point(precomp[x], precomp[(y<<2)], 3920 5014 precomp[x+(y<<2)], a, modulus, mp); 3921 5015 } 3922 5016 } 5017 } 3923 5018 } 3924 5019 … … 3994 5089 3995 5090 /* clean up */ 3996 for (x = 0; x < 16; x++) {5091 for (x = 0; x < SHAMIR_PRECOMP_SZ; x++) { 3997 5092 wc_ecc_del_point_h(precomp[x], heap); 3998 5093 } … … 4000 5095 ForceZero(tA, ECC_BUFSIZE); 4001 5096 ForceZero(tB, ECC_BUFSIZE); 5097 #ifdef WOLFSSL_SMALL_STACK_CACHE 5098 #ifdef ALT_ECC_SIZE 5099 XFREE(key.z, heap, DYNAMIC_TYPE_ECC); 5100 XFREE(key.y, heap, DYNAMIC_TYPE_ECC); 5101 XFREE(key.x, heap, DYNAMIC_TYPE_ECC); 5102 #endif 5103 XFREE(key.t2, heap, DYNAMIC_TYPE_ECC); 5104 XFREE(key.t1, heap, DYNAMIC_TYPE_ECC); 5105 C->key = NULL; 5106 #endif 5107 #ifdef WOLFSSL_SMALL_STACK 5108 XFREE(precomp, heap, DYNAMIC_TYPE_ECC_BUFFER); 5109 #endif 5110 XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); 4002 5111 XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); 4003 XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);4004 5112 4005 5113 return err; … … 4007 5115 4008 5116 #endif /* ECC_SHAMIR */ 5117 #endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A */ 4009 5118 4010 5119 … … 4037 5146 mp_int *r = NULL, *s = NULL; 4038 5147 #ifndef WOLFSSL_ASYNC_CRYPT 4039 mp_int r_lcl, s_lcl; 4040 r = &r_lcl;4041 s = &s_lcl; 5148 #ifndef WOLFSSL_SMALL_STACK 5149 mp_int r_lcl[1], s_lcl[1]; 5150 #endif 4042 5151 #endif 4043 5152 … … 4045 5154 return ECC_BAD_ARG_E; 4046 5155 } 5156 5157 #ifdef WOLF_CRYPTO_DEV 5158 if (key->devId != INVALID_DEVID) { 5159 err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); 5160 if (err != NOT_COMPILED_IN) 5161 return err; 5162 } 5163 #endif 5164 5165 #ifdef WOLFSSL_ASYNC_CRYPT 5166 err = wc_ecc_alloc_async(key); 5167 if (err != 0) 5168 return err; 5169 r = key->r; 5170 s = key->s; 5171 #else 5172 #ifndef WOLFSSL_SMALL_STACK 5173 r = r_lcl; 5174 s = s_lcl; 5175 #else 5176 r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5177 if (r == NULL) 5178 return MEMORY_E; 5179 s = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5180 if (s == NULL) { 5181 XFREE(r, key->heap, DYNAMIC_TYPE_ECC); 5182 return MEMORY_E; 5183 } 5184 #endif 5185 XMEMSET(r, 0, sizeof(mp_int)); 5186 XMEMSET(s, 0, sizeof(mp_int)); 5187 #endif /* WOLFSSL_ASYNC_CRYPT */ 4047 5188 4048 5189 switch(key->state) { … … 4058 5199 * the rest of this function will execute, and everything 4059 5200 * gets cleaned up at the end. */ 4060 err = wc_ecc_alloc_rs(key, &r, &s);4061 if (err != 0)4062 break;4063 4064 5201 /* decode DSA header */ 4065 5202 err = DecodeECC_DSA_Sig(sig, siglen, r, s); … … 4073 5210 4074 5211 err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); 5212 5213 #ifndef WOLFSSL_ASYNC_CRYPT 5214 /* done with R/S */ 5215 mp_clear(r); 5216 mp_clear(s); 5217 #ifdef WOLFSSL_SMALL_STACK 5218 XFREE(s, key->heap, DYNAMIC_TYPE_ECC); 5219 XFREE(r, key->heap, DYNAMIC_TYPE_ECC); 5220 r = NULL; 5221 s = NULL; 5222 #endif 5223 #endif 5224 4075 5225 if (err < 0) { 4076 5226 break; … … 4081 5231 key->state = ECC_STATE_VERIFY_RES; 4082 5232 err = 0; 4083 4084 #ifdef WOLFSSL_ASYNC_CRYPT4085 /* restore r/s */4086 r = key->r;4087 s = key->s;4088 #endif4089 4090 /* done with R/S */4091 mp_clear(r);4092 mp_clear(s);4093 5233 break; 4094 5234 … … 4104 5244 4105 5245 /* cleanup */ 4106 wc_ecc_free_rs(key, &r, &s); 5246 #ifdef WOLFSSL_ASYNC_CRYPT 5247 wc_ecc_free_async(key); 5248 #endif 4107 5249 key->state = ECC_STATE_NONE; 5250 5251 #ifdef WOLFSSL_SMALL_STACK 5252 if (err != WC_PENDING_E) { 5253 XFREE(s, key->heap, DYNAMIC_TYPE_ECC); 5254 XFREE(r, key->heap, DYNAMIC_TYPE_ECC); 5255 r = NULL; 5256 s = NULL; 5257 } 5258 #endif 4108 5259 4109 5260 return err; … … 4126 5277 { 4127 5278 int err; 4128 #ifndef WOLFSSL_ATECC508A 5279 word32 keySz; 5280 #ifdef WOLFSSL_ATECC508A 5281 byte sigRS[ATECC_KEY_SIZE*2]; 5282 #elif !defined(WOLFSSL_SP_MATH) 4129 5283 int did_init = 0; 4130 5284 ecc_point *mG = NULL, *mQ = NULL; 4131 mp_int v; 4132 mp_int w; 4133 mp_int u1; 4134 mp_int u2; 4135 mp_int e; 4136 DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT) 4137 #else 4138 byte sigRS[ATECC_KEY_SIZE*2]; 5285 #ifdef WOLFSSL_SMALL_STACK 5286 mp_int* v = NULL; 5287 mp_int* w = NULL; 5288 mp_int* u1 = NULL; 5289 mp_int* u2 = NULL; 5290 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) 5291 mp_int* e_lcl = NULL; 5292 #endif 5293 #else /* WOLFSSL_SMALL_STACK */ 5294 mp_int v[1]; 5295 mp_int w[1]; 5296 mp_int u1[1]; 5297 mp_int u2[1]; 5298 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) 5299 mp_int e_lcl[1]; 5300 #endif 5301 #endif /* WOLFSSL_SMALL_STACK */ 5302 mp_int* e; 5303 DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); 4139 5304 #endif 4140 5305 … … 4149 5314 return ECC_BAD_ARG_E; 4150 5315 } 5316 5317 keySz = key->dp->size; 4151 5318 4152 5319 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ … … 4172 5339 return err; 4173 5340 } 4174 err = mp_to_unsigned_bin(s, &sigRS[ ATECC_KEY_SIZE]);5341 err = mp_to_unsigned_bin(s, &sigRS[keySz]); 4175 5342 if (err != MP_OKAY) { 4176 5343 return err; 4177 5344 } 4178 5345 4179 err = atcatls_verify(hash, sigRS, key->pubkey, (bool*)res); 4180 if (err != ATCA_SUCCESS) { 4181 return BAD_COND_E; 4182 } 5346 err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res); 5347 if (err != 0) { 5348 return err; 5349 } 5350 (void)hashlen; 4183 5351 4184 5352 #else 4185 4186 5353 /* checking if private key with no public part */ 4187 5354 if (key->type == ECC_PRIVATEKEY_ONLY) { … … 4194 5361 } 4195 5362 5363 #ifdef WOLFSSL_SP_MATH 5364 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 5365 return sp_ecc_verify_256(hash, hashlen, key->pubkey.x, key->pubkey.y, 5366 key->pubkey.z, r, s, res, key->heap); 5367 } 5368 else 5369 return WC_KEY_SIZE_E; 5370 #else 4196 5371 #ifdef WOLFSSL_HAVE_SP_ECC 4197 5372 #ifndef WOLFSSL_SP_NO_256 … … 4205 5380 key->pubkey.z,r, s, res, key->heap); 4206 5381 } 4207 #endif 4208 #endif 4209 4210 err = mp_init(&e); 5382 #endif /* WOLFSSL_SP_NO_256 */ 5383 #endif /* WOLFSSL_HAVE_SP_ECC */ 5384 5385 ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); 5386 5387 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V) 5388 err = wc_ecc_alloc_mpint(key, &key->e); 5389 if (err != 0) { 5390 FREE_CURVE_SPECS(); 5391 return err; 5392 } 5393 e = key->e; 5394 #else 5395 #ifdef WOLFSSL_SMALL_STACK 5396 e_lcl = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5397 if (e_lcl == NULL) { 5398 FREE_CURVE_SPECS(); 5399 return MEMORY_E; 5400 } 5401 #endif 5402 e = e_lcl; 5403 #endif 5404 5405 err = mp_init(e); 4211 5406 if (err != MP_OKAY) 4212 5407 return MEMORY_E; … … 4232 5427 if ( (WOLFSSL_BIT_SIZE * hashlen) > orderBits) 4233 5428 hashlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE; 4234 err = mp_read_unsigned_bin( &e, hash, hashlen);5429 err = mp_read_unsigned_bin(e, hash, hashlen); 4235 5430 4236 5431 /* may still need bit truncation too */ 4237 5432 if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * hashlen) > orderBits) 4238 mp_rshb( &e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));5433 mp_rshb(e, WOLFSSL_BIT_SIZE - (orderBits & 0x7)); 4239 5434 } 4240 5435 … … 4242 5437 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) 4243 5438 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { 4244 #ifdef HAVE_CAVIUM 4245 /* TODO: Not implemented */ 4246 #elif defined(HAVE_INTEL_QA) 4247 err = wc_mp_to_bigint(&e, &e.raw); 5439 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) 5440 #ifdef HAVE_CAVIUM_V 5441 if (NitroxEccIsCurveSupported(key)) 5442 #endif 5443 { 5444 err = wc_mp_to_bigint_sz(e, &e->raw, keySz); 4248 5445 if (err == MP_OKAY) 4249 err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw);5446 err = wc_mp_to_bigint_sz(key->pubkey.x, &key->pubkey.x->raw, keySz); 4250 5447 if (err == MP_OKAY) 4251 err = wc_mp_to_bigint(key->pubkey.y, &key->pubkey.y->raw);5448 err = wc_mp_to_bigint_sz(key->pubkey.y, &key->pubkey.y->raw, keySz); 4252 5449 if (err == MP_OKAY) 4253 err = IntelQaEcdsaVerify(&key->asyncDev, &e.raw, &key->pubkey.x->raw, 5450 #ifdef HAVE_CAVIUM_V 5451 err = NitroxEcdsaVerify(key, &e->raw, &key->pubkey.x->raw, 5452 &key->pubkey.y->raw, &r->raw, &s->raw, 5453 &curve->prime->raw, &curve->order->raw, res); 5454 #else 5455 err = IntelQaEcdsaVerify(&key->asyncDev, &e->raw, &key->pubkey.x->raw, 4254 5456 &key->pubkey.y->raw, &r->raw, &s->raw, &curve->Af->raw, 4255 5457 &curve->Bf->raw, &curve->prime->raw, &curve->order->raw, 4256 5458 &curve->Gx->raw, &curve->Gy->raw, res); 4257 4258 mp_clear(&e); 4259 5459 #endif 5460 5461 #ifndef HAVE_CAVIUM_V 5462 mp_clear(e); 5463 #endif 4260 5464 wc_ecc_curve_free(curve); 5465 FREE_CURVE_SPECS(); 4261 5466 4262 5467 return err; 4263 #endif 5468 } 5469 #endif /* HAVE_CAVIUM_V || HAVE_INTEL_QA */ 4264 5470 } 4265 5471 #endif /* WOLFSSL_ASYNC_CRYPT */ 5472 5473 #ifdef WOLFSSL_SMALL_STACK 5474 if (err == MP_OKAY) { 5475 v = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5476 if (v == NULL) 5477 err = MEMORY_E; 5478 } 5479 if (err == MP_OKAY) { 5480 w = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5481 if (w == NULL) 5482 err = MEMORY_E; 5483 } 5484 if (err == MP_OKAY) { 5485 u1 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5486 if (u1 == NULL) 5487 err = MEMORY_E; 5488 } 5489 if (err == MP_OKAY) { 5490 u2 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 5491 if (u2 == NULL) 5492 err = MEMORY_E; 5493 } 5494 #endif 4266 5495 4267 5496 /* allocate ints */ 4268 5497 if (err == MP_OKAY) { 4269 if ((err = mp_init_multi( &v, &w, &u1, &u2, NULL, NULL)) != MP_OKAY) {5498 if ((err = mp_init_multi(v, w, u1, u2, NULL, NULL)) != MP_OKAY) { 4270 5499 err = MEMORY_E; 4271 5500 } … … 4283 5512 /* w = s^-1 mod n */ 4284 5513 if (err == MP_OKAY) 4285 err = mp_invmod(s, curve->order, &w);5514 err = mp_invmod(s, curve->order, w); 4286 5515 4287 5516 /* u1 = ew */ 4288 5517 if (err == MP_OKAY) 4289 err = mp_mulmod( &e, &w, curve->order, &u1);5518 err = mp_mulmod(e, w, curve->order, u1); 4290 5519 4291 5520 /* u2 = rw */ 4292 5521 if (err == MP_OKAY) 4293 err = mp_mulmod(r, &w, curve->order, &u2);5522 err = mp_mulmod(r, w, curve->order, u2); 4294 5523 4295 5524 /* find mG and mQ */ … … 4311 5540 /* use PKHA to compute u1*mG + u2*mQ */ 4312 5541 if (err == MP_OKAY) 4313 err = wc_ecc_mulmod_ex( &u1, mG, mG, curve->Af, curve->prime, 0, key->heap);4314 if (err == MP_OKAY) 4315 err = wc_ecc_mulmod_ex( &u2, mQ, mQ, curve->Af, curve->prime, 0, key->heap);5542 err = wc_ecc_mulmod_ex(u1, mG, mG, curve->Af, curve->prime, 0, key->heap); 5543 if (err == MP_OKAY) 5544 err = wc_ecc_mulmod_ex(u2, mQ, mQ, curve->Af, curve->prime, 0, key->heap); 4316 5545 if (err == MP_OKAY) 4317 5546 err = wc_ecc_point_add(mG, mQ, mG, curve->prime); 4318 #else /* FREESCALE_LTC_ECC */5547 #else 4319 5548 #ifndef ECC_SHAMIR 4320 5549 { 4321 mp_digit mp;5550 mp_digit mp = 0; 4322 5551 4323 5552 /* compute u1*mG + u2*mQ = mG */ 4324 5553 if (err == MP_OKAY) { 4325 err = wc_ecc_mulmod_ex( &u1, mG, mG, curve->Af, curve->prime, 0,5554 err = wc_ecc_mulmod_ex(u1, mG, mG, curve->Af, curve->prime, 0, 4326 5555 key->heap); 4327 5556 } 4328 5557 if (err == MP_OKAY) { 4329 err = wc_ecc_mulmod_ex( &u2, mQ, mQ, curve->Af, curve->prime, 0,5558 err = wc_ecc_mulmod_ex(u2, mQ, mQ, curve->Af, curve->prime, 0, 4330 5559 key->heap); 4331 5560 } … … 4347 5576 /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */ 4348 5577 if (err == MP_OKAY) { 4349 err = ecc_mul2add(mG, &u1, mQ, &u2, mG, curve->Af, curve->prime,5578 err = ecc_mul2add(mG, u1, mQ, u2, mG, curve->Af, curve->prime, 4350 5579 key->heap); 4351 5580 } … … 4354 5583 /* v = X_x1 mod n */ 4355 5584 if (err == MP_OKAY) 4356 err = mp_mod(mG->x, curve->order, &v);5585 err = mp_mod(mG->x, curve->order, v); 4357 5586 4358 5587 /* does v == r */ 4359 5588 if (err == MP_OKAY) { 4360 if (mp_cmp( &v, r) == MP_EQ)5589 if (mp_cmp(v, r) == MP_EQ) 4361 5590 *res = 1; 4362 5591 } … … 4366 5595 wc_ecc_del_point_h(mQ, key->heap); 4367 5596 4368 mp_clear( &e);5597 mp_clear(e); 4369 5598 if (did_init) { 4370 mp_clear(&v); 4371 mp_clear(&w); 4372 mp_clear(&u1); 4373 mp_clear(&u2); 4374 } 5599 mp_clear(v); 5600 mp_clear(w); 5601 mp_clear(u1); 5602 mp_clear(u2); 5603 } 5604 #ifdef WOLFSSL_SMALL_STACK 5605 XFREE(u2, key->heap, DYNAMIC_TYPE_ECC); 5606 XFREE(u1, key->heap, DYNAMIC_TYPE_ECC); 5607 XFREE(w, key->heap, DYNAMIC_TYPE_ECC); 5608 XFREE(v, key->heap, DYNAMIC_TYPE_ECC); 5609 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) 5610 XFREE(e_lcl, key->heap, DYNAMIC_TYPE_ECC); 5611 #endif 5612 #endif 4375 5613 4376 5614 wc_ecc_curve_free(curve); 4377 5615 FREE_CURVE_SPECS(); 5616 5617 #endif /* WOLFSSL_SP_MATH */ 4378 5618 #endif /* WOLFSSL_ATECC508A */ 4379 5619 5620 (void)keySz; 5621 (void)hashlen; 5622 4380 5623 return err; 4381 5624 } … … 4383 5626 4384 5627 #ifdef HAVE_ECC_KEY_IMPORT 4385 #ifndef WOLFSSL_ATECC508A4386 5628 /* import point from der */ 4387 5629 int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, … … 4390 5632 int err = 0; 4391 5633 int compressed = 0; 5634 int keysize; 5635 byte pointType; 4392 5636 4393 5637 if (in == NULL || point == NULL || (curve_idx < 0) || … … 4414 5658 return MEMORY_E; 4415 5659 4416 /* check for 4, 2, or 3 */ 4417 if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) { 5660 /* check for point type (4, 2, or 3) */ 5661 pointType = in[0]; 5662 if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN && 5663 pointType != ECC_POINT_COMP_ODD) { 4418 5664 err = ASN_PARSE_E; 4419 5665 } 4420 5666 4421 if ( in[0] == 0x02 || in[0] == 0x03) {5667 if (pointType == ECC_POINT_COMP_EVEN || pointType == ECC_POINT_COMP_ODD) { 4422 5668 #ifdef HAVE_COMP_KEY 4423 5669 compressed = 1; … … 4427 5673 } 4428 5674 5675 /* adjust to skip first byte */ 5676 inLen -= 1; 5677 in += 1; 5678 5679 /* calculate key size based on inLen / 2 */ 5680 keysize = inLen>>1; 5681 4429 5682 /* read data */ 4430 5683 if (err == MP_OKAY) 4431 err = mp_read_unsigned_bin(point->x, (byte*)in +1, (inLen-1)>>1);5684 err = mp_read_unsigned_bin(point->x, (byte*)in, keysize); 4432 5685 4433 5686 #ifdef HAVE_COMP_KEY 4434 5687 if (err == MP_OKAY && compressed == 1) { /* build y */ 5688 #ifndef WOLFSSL_SP_MATH 4435 5689 int did_init = 0; 4436 5690 mp_int t1, t2; 4437 DECLARE_CURVE_SPECS(3) 5691 DECLARE_CURVE_SPECS(curve, 3); 5692 5693 ALLOC_CURVE_SPECS(3); 4438 5694 4439 5695 if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) … … 4470 5726 /* adjust y */ 4471 5727 if (err == MP_OKAY) { 4472 if ((mp_isodd(&t2) == MP_YES && in[0] == 0x03) ||4473 (mp_isodd(&t2) == MP_NO && in[0] == 0x02)) {5728 if ((mp_isodd(&t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || 5729 (mp_isodd(&t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { 4474 5730 err = mp_mod(&t2, curve->prime, point->y); 4475 5731 } … … 4485 5741 4486 5742 wc_ecc_curve_free(curve); 5743 FREE_CURVE_SPECS(); 5744 #else 5745 sp_ecc_uncompress_256(point->x, pointType, point->y); 5746 #endif 4487 5747 } 4488 5748 #endif 4489 5749 4490 5750 if (err == MP_OKAY && compressed == 0) 4491 err = mp_read_unsigned_bin(point->y, 4492 (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1); 5751 err = mp_read_unsigned_bin(point->y, (byte*)in + keysize, keysize); 4493 5752 if (err == MP_OKAY) 4494 5753 err = mp_set(point->z, 1); … … 4502 5761 return err; 4503 5762 } 4504 #endif /* !WOLFSSL_ATECC508A */4505 5763 #endif /* HAVE_ECC_KEY_IMPORT */ 4506 5764 … … 4512 5770 int ret = MP_OKAY; 4513 5771 word32 numlen; 4514 #ifndef WOLFSSL_ATECC508A4515 5772 #ifdef WOLFSSL_SMALL_STACK 4516 5773 byte* buf; … … 4518 5775 byte buf[ECC_BUFSIZE]; 4519 5776 #endif 4520 #endif /* !WOLFSSL_ATECC508A */4521 5777 4522 5778 if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0)) … … 4540 5796 } 4541 5797 4542 #ifdef WOLFSSL_ATECC508A 4543 /* TODO: Implement equiv call to ATECC508A */ 4544 ret = BAD_COND_E; 4545 4546 #else 4547 4548 /* store byte 0x04 */ 4549 out[0] = 0x04; 5798 /* store byte point type */ 5799 out[0] = ECC_POINT_UNCOMP; 4550 5800 4551 5801 #ifdef WOLFSSL_SMALL_STACK … … 4577 5827 XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); 4578 5828 #endif 4579 #endif /* WOLFSSL_ATECC508A */4580 5829 4581 5830 return ret; … … 4588 5837 int ret = MP_OKAY; 4589 5838 word32 numlen; 4590 #ifndef WOLFSSL_ATECC508A4591 5839 #ifdef WOLFSSL_SMALL_STACK 4592 5840 byte* buf; … … 4595 5843 #endif 4596 5844 word32 pubxlen, pubylen; 4597 #endif /* WOLFSSL_ATECC508A */4598 5845 4599 5846 /* return length needed only */ … … 4620 5867 return BUFFER_E; 4621 5868 } 4622 4623 #ifdef WOLFSSL_ATECC508A4624 /* TODO: Implement equiv call to ATECC508A */4625 ret = BAD_COND_E;4626 4627 #else4628 5869 4629 5870 /* verify public key length is less than key size */ … … 4635 5876 } 4636 5877 4637 /* store byte 0x04*/4638 out[0] = 0x04;5878 /* store byte point type */ 5879 out[0] = ECC_POINT_UNCOMP; 4639 5880 4640 5881 #ifdef WOLFSSL_SMALL_STACK … … 4664 5905 XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); 4665 5906 #endif 4666 #endif /* WOLFSSL_ATECC508A */4667 5907 4668 5908 return ret; … … 4692 5932 int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) 4693 5933 { 5934 #ifndef WOLFSSL_SP_MATH 4694 5935 int err; 4695 mp_int t1, t2; 4696 4697 if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 5936 #ifdef WOLFSSL_SMALL_STACK 5937 mp_int* t1 = NULL; 5938 mp_int* t2 = NULL; 5939 #else 5940 mp_int t1[1], t2[1]; 5941 #endif 5942 5943 #ifdef WOLFSSL_SMALL_STACK 5944 t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 5945 if (t1 == NULL) 5946 return MEMORY_E; 5947 t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 5948 if (t2 == NULL) { 5949 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 5950 return MEMORY_E; 5951 } 5952 #endif 5953 5954 if ((err = mp_init_multi(t1, t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { 5955 #ifdef WOLFSSL_SMALL_STACK 5956 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 5957 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 5958 #endif 4698 5959 return err; 4699 5960 } … … 4701 5962 /* compute y^2 */ 4702 5963 if (err == MP_OKAY) 4703 err = mp_sqr(ecp->y, &t1);5964 err = mp_sqr(ecp->y, t1); 4704 5965 4705 5966 /* compute x^3 */ 4706 5967 if (err == MP_OKAY) 4707 err = mp_sqr(ecp->x, &t2);4708 if (err == MP_OKAY) 4709 err = mp_mod( &t2, prime, &t2);4710 if (err == MP_OKAY) 4711 err = mp_mul(ecp->x, &t2, &t2);5968 err = mp_sqr(ecp->x, t2); 5969 if (err == MP_OKAY) 5970 err = mp_mod(t2, prime, t2); 5971 if (err == MP_OKAY) 5972 err = mp_mul(ecp->x, t2, t2); 4712 5973 4713 5974 /* compute y^2 - x^3 */ 4714 5975 if (err == MP_OKAY) 4715 err = mp_sub( &t1, &t2, &t1);5976 err = mp_sub(t1, t2, t1); 4716 5977 4717 5978 /* Determine if curve "a" should be used in calc */ … … 4719 5980 if (err == MP_OKAY) { 4720 5981 /* Use a and prime to determine if a == 3 */ 4721 err = mp_set( &t2, 0);5982 err = mp_set(t2, 0); 4722 5983 if (err == MP_OKAY) 4723 err = mp_submod(prime, a, prime, &t2);4724 } 4725 if (err == MP_OKAY && mp_cmp_d( &t2, 3) != MP_EQ) {5984 err = mp_submod(prime, a, prime, t2); 5985 } 5986 if (err == MP_OKAY && mp_cmp_d(t2, 3) != MP_EQ) { 4726 5987 /* compute y^2 - x^3 + a*x */ 4727 5988 if (err == MP_OKAY) 4728 err = mp_mulmod( &t2, ecp->x, prime, &t2);5989 err = mp_mulmod(t2, ecp->x, prime, t2); 4729 5990 if (err == MP_OKAY) 4730 err = mp_addmod( &t1, &t2, prime, &t1);5991 err = mp_addmod(t1, t2, prime, t1); 4731 5992 } 4732 5993 else … … 4738 5999 /* compute y^2 - x^3 + 3x */ 4739 6000 if (err == MP_OKAY) 4740 err = mp_add( &t1, ecp->x, &t1);6001 err = mp_add(t1, ecp->x, t1); 4741 6002 if (err == MP_OKAY) 4742 err = mp_add( &t1, ecp->x, &t1);6003 err = mp_add(t1, ecp->x, t1); 4743 6004 if (err == MP_OKAY) 4744 err = mp_add( &t1, ecp->x, &t1);6005 err = mp_add(t1, ecp->x, t1); 4745 6006 if (err == MP_OKAY) 4746 err = mp_mod( &t1, prime, &t1);6007 err = mp_mod(t1, prime, t1); 4747 6008 } 4748 6009 4749 6010 /* adjust range (0, prime) */ 4750 while (err == MP_OKAY && mp_isneg( &t1)) {4751 err = mp_add( &t1, prime, &t1);4752 } 4753 while (err == MP_OKAY && mp_cmp( &t1, prime) != MP_LT) {4754 err = mp_sub( &t1, prime, &t1);6011 while (err == MP_OKAY && mp_isneg(t1)) { 6012 err = mp_add(t1, prime, t1); 6013 } 6014 while (err == MP_OKAY && mp_cmp(t1, prime) != MP_LT) { 6015 err = mp_sub(t1, prime, t1); 4755 6016 } 4756 6017 4757 6018 /* compare to b */ 4758 6019 if (err == MP_OKAY) { 4759 if (mp_cmp( &t1, b) != MP_EQ) {6020 if (mp_cmp(t1, b) != MP_EQ) { 4760 6021 err = MP_VAL; 4761 6022 } else { … … 4764 6025 } 4765 6026 4766 mp_clear(&t1); 4767 mp_clear(&t2); 6027 mp_clear(t1); 6028 mp_clear(t2); 6029 #ifdef WOLFSSL_SMALL_STACK 6030 XFREE(t2, NULL, DYNAMIC_TYPE_ECC); 6031 XFREE(t1, NULL, DYNAMIC_TYPE_ECC); 6032 #endif 4768 6033 4769 6034 return err; 4770 } 4771 4772 6035 #else 6036 (void)a; 6037 (void)b; 6038 (void)prime; 6039 6040 return sp_ecc_is_point_256(ecp->x, ecp->y); 6041 #endif 6042 } 6043 6044 #ifndef WOLFSSL_SP_MATH 4773 6045 /* validate privkey * generator == pubkey, 0 on success */ 4774 6046 static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) … … 4777 6049 ecc_point* base = NULL; 4778 6050 ecc_point* res = NULL; 4779 DECLARE_CURVE_SPECS( 2)6051 DECLARE_CURVE_SPECS(curve, 2); 4780 6052 4781 6053 if (key == NULL) 4782 6054 return BAD_FUNC_ARG; 6055 6056 ALLOC_CURVE_SPECS(2); 4783 6057 4784 6058 res = wc_ecc_new_point_h(key->heap); … … 4831 6105 wc_ecc_del_point_h(res, key->heap); 4832 6106 wc_ecc_del_point_h(base, key->heap); 6107 FREE_CURVE_SPECS(); 4833 6108 4834 6109 return err; 4835 6110 } 6111 #endif 4836 6112 4837 6113 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT … … 4842 6118 int err; 4843 6119 #ifndef WOLFSSL_ATECC508A 4844 DECLARE_CURVE_SPECS( 2)6120 DECLARE_CURVE_SPECS(curve, 2); 4845 6121 #endif 4846 6122 … … 4849 6125 4850 6126 #ifdef WOLFSSL_ATECC508A 4851 /* TODO: Implement equiv call to ATECC508A*/4852 err = BAD_COND_E;6127 /* Hardware based private key, so this operation is not supported */ 6128 err = MP_OKAY; /* just report success */ 4853 6129 4854 6130 #else 6131 ALLOC_CURVE_SPECS(2); 4855 6132 4856 6133 /* load curve info */ … … 4862 6139 4863 6140 wc_ecc_curve_free(curve); 6141 FREE_CURVE_SPECS(); 4864 6142 4865 6143 #endif /* WOLFSSL_ATECC508A */ … … 4871 6149 4872 6150 6151 #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH) 4873 6152 /* validate order * pubkey = point at infinity, 0 on success */ 4874 6153 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, … … 4894 6173 #endif 4895 6174 #endif 6175 #ifndef WOLFSSL_SP_MATH 4896 6176 err = wc_ecc_mulmod_ex(order, pubkey, inf, a, prime, 1, key->heap); 4897 6177 if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf)) 4898 6178 err = ECC_INF_E; 6179 #else 6180 (void)a; 6181 (void)prime; 6182 6183 err = WC_KEY_SIZE_E; 6184 #endif 4899 6185 } 4900 6186 … … 4903 6189 return err; 4904 6190 } 4905 6191 #endif 4906 6192 #endif /* !WOLFSSL_ATECC508A */ 4907 6193 … … 4911 6197 { 4912 6198 int err; 6199 #ifndef WOLFSSL_SP_MATH 4913 6200 #ifndef WOLFSSL_ATECC508A 4914 mp_int* b ;6201 mp_int* b = NULL; 4915 6202 #ifdef USE_ECC_B_PARAM 4916 DECLARE_CURVE_SPECS( 4)6203 DECLARE_CURVE_SPECS(curve, 4); 4917 6204 #else 6205 #ifndef WOLFSSL_SMALL_STACK 4918 6206 mp_int b_lcl; 4919 DECLARE_CURVE_SPECS(3) 4920 b = &b_lcl; 4921 XMEMSET(b, 0, sizeof(mp_int)); 4922 #endif 6207 #endif 6208 DECLARE_CURVE_SPECS(curve, 3); 6209 #endif /* USE_ECC_B_PARAM */ 4923 6210 #endif /* WOLFSSL_ATECC508A */ 4924 6211 … … 4928 6215 #ifdef WOLFSSL_ATECC508A 4929 6216 4930 if (key->slot == ATECC_INVALID_SLOT) 4931 return ECC_BAD_ARG_E; 4932 4933 err = 0; /* consider key check success on ECC508A */ 6217 err = 0; /* consider key check success on ATECC508A */ 4934 6218 4935 6219 #else 4936 6220 #ifdef USE_ECC_B_PARAM 6221 ALLOC_CURVE_SPECS(4); 6222 #else 6223 ALLOC_CURVE_SPECS(3); 6224 #ifndef WOLFSSL_SMALL_STACK 6225 b = &b_lcl; 6226 #else 6227 b = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); 6228 if (b == NULL) { 6229 FREE_CURVE_SPECS(); 6230 return MEMORY_E; 6231 } 6232 #endif 6233 XMEMSET(b, 0, sizeof(mp_int)); 6234 #endif 6235 6236 /* SP 800-56Ar3, section 5.6.2.3.3, process step 1 */ 4937 6237 /* pubkey point cannot be at infinity */ 4938 if (wc_ecc_point_is_at_infinity(&key->pubkey)) 6238 if (wc_ecc_point_is_at_infinity(&key->pubkey)) { 6239 #ifdef WOLFSSL_SMALL_STACK 6240 XFREE(b, key->heap, DYNAMIC_TYPE_ECC); 6241 #endif 6242 FREE_CURVE_SPECS(); 4939 6243 return ECC_INF_E; 6244 } 4940 6245 4941 6246 /* load curve info */ … … 4952 6257 err = mp_init(b); 4953 6258 if (err == MP_OKAY) 4954 err = mp_read_radix(b, key->dp->Bf, 16);6259 err = mp_read_radix(b, key->dp->Bf, MP_RADIX_HEX); 4955 6260 #else 4956 6261 b = curve->Bf; 4957 6262 #endif 4958 6263 6264 /* SP 800-56Ar3, section 5.6.2.3.3, process step 2 */ 4959 6265 /* Qx must be in the range [0, p-1] */ 4960 6266 if (mp_cmp(key->pubkey.x, curve->prime) != MP_LT) … … 4965 6271 err = ECC_OUT_OF_RANGE_E; 4966 6272 6273 /* SP 800-56Ar3, section 5.6.2.3.3, process steps 3 */ 4967 6274 /* make sure point is actually on curve */ 4968 6275 if (err == MP_OKAY) 4969 6276 err = wc_ecc_is_point(&key->pubkey, curve->Af, b, curve->prime); 4970 6277 6278 /* SP 800-56Ar3, section 5.6.2.3.3, process steps 4 */ 4971 6279 /* pubkey * order must be at infinity */ 4972 6280 if (err == MP_OKAY) … … 4974 6282 curve->order); 4975 6283 6284 /* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */ 4976 6285 /* private * base generator must equal pubkey */ 4977 6286 if (err == MP_OKAY && key->type == ECC_PRIVATEKEY) … … 4982 6291 #ifndef USE_ECC_B_PARAM 4983 6292 mp_clear(b); 4984 #endif 6293 #ifdef WOLFSSL_SMALL_STACK 6294 XFREE(b, key->heap, DYNAMIC_TYPE_ECC); 6295 #endif 6296 #endif 6297 6298 FREE_CURVE_SPECS(); 4985 6299 4986 6300 #endif /* WOLFSSL_ATECC508A */ 6301 #else 6302 if (key == NULL) 6303 return BAD_FUNC_ARG; 6304 6305 /* pubkey point cannot be at infinity */ 6306 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { 6307 err = sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y, &key->k, 6308 key->heap); 6309 } 6310 else 6311 err = WC_KEY_SIZE_E; 6312 #endif 4987 6313 4988 6314 return err; … … 4995 6321 { 4996 6322 int err = MP_OKAY; 4997 #ifndef WOLFSSL_ATECC508A4998 6323 int compressed = 0; 4999 #endif /* !WOLFSSL_ATECC508A */ 6324 int keysize = 0; 6325 byte pointType; 5000 6326 5001 6327 if (in == NULL || key == NULL) … … 5009 6335 /* make sure required variables are reset */ 5010 6336 wc_ecc_reset(key); 5011 5012 #ifdef WOLFSSL_ATECC508A5013 /* TODO: Implement equiv call to ATECC508A */5014 err = BAD_COND_E;5015 5016 #else5017 6337 5018 6338 /* init key */ … … 5032 6352 return MEMORY_E; 5033 6353 5034 /* check for 4, 2, or 3 */ 5035 if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) { 6354 /* check for point type (4, 2, or 3) */ 6355 pointType = in[0]; 6356 if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN && 6357 pointType != ECC_POINT_COMP_ODD) { 5036 6358 err = ASN_PARSE_E; 5037 6359 } 5038 6360 5039 if ( in[0] == 0x02 || in[0] == 0x03) {6361 if (pointType == ECC_POINT_COMP_EVEN || pointType == ECC_POINT_COMP_ODD) { 5040 6362 #ifdef HAVE_COMP_KEY 5041 6363 compressed = 1; … … 5045 6367 } 5046 6368 6369 /* adjust to skip first byte */ 6370 inLen -= 1; 6371 in += 1; 6372 6373 #ifdef WOLFSSL_ATECC508A 6374 /* For SECP256R1 only save raw public key for hardware */ 6375 if (curve_id == ECC_SECP256R1 && !compressed && 6376 inLen <= sizeof(key->pubkey_raw)) { 6377 XMEMCPY(key->pubkey_raw, (byte*)in, inLen); 6378 } 6379 #endif 6380 5047 6381 if (err == MP_OKAY) { 5048 int keysize;5049 6382 #ifdef HAVE_COMP_KEY 5050 6383 /* adjust inLen if compressed */ 5051 6384 if (compressed) 5052 inLen = (inLen-1)*2 + 1; /* used uncompressed len */6385 inLen = inLen*2 + 1; /* used uncompressed len */ 5053 6386 #endif 5054 6387 5055 6388 /* determine key size */ 5056 keysize = ( (inLen-1)>>1);6389 keysize = (inLen>>1); 5057 6390 err = wc_ecc_set_curve(key, keysize, curve_id); 5058 6391 key->type = ECC_PUBLICKEY; … … 5061 6394 /* read data */ 5062 6395 if (err == MP_OKAY) 5063 err = mp_read_unsigned_bin(key->pubkey.x, (byte*)in +1, (inLen-1)>>1);6396 err = mp_read_unsigned_bin(key->pubkey.x, (byte*)in, keysize); 5064 6397 5065 6398 #ifdef HAVE_COMP_KEY 5066 6399 if (err == MP_OKAY && compressed == 1) { /* build y */ 6400 #ifndef WOLFSSL_SP_MATH 5067 6401 mp_int t1, t2; 5068 6402 int did_init = 0; 5069 6403 5070 DECLARE_CURVE_SPECS(3) 6404 DECLARE_CURVE_SPECS(curve, 3); 6405 ALLOC_CURVE_SPECS(3); 5071 6406 5072 6407 if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) … … 5103 6438 /* adjust y */ 5104 6439 if (err == MP_OKAY) { 5105 if ((mp_isodd(&t2) == MP_YES && in[0] == 0x03) ||5106 (mp_isodd(&t2) == MP_NO && in[0] == 0x02)) {6440 if ((mp_isodd(&t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || 6441 (mp_isodd(&t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { 5107 6442 err = mp_mod(&t2, curve->prime, &t2); 5108 6443 } … … 5120 6455 5121 6456 wc_ecc_curve_free(curve); 6457 FREE_CURVE_SPECS(); 6458 #else 6459 sp_ecc_uncompress_256(key->pubkey.x, pointType, key->pubkey.y); 6460 #endif 5122 6461 } 5123 6462 #endif /* HAVE_COMP_KEY */ 5124 6463 5125 6464 if (err == MP_OKAY && compressed == 0) 5126 err = mp_read_unsigned_bin(key->pubkey.y, (byte*)in+1+((inLen-1)>>1), 5127 (inLen-1)>>1); 6465 err = mp_read_unsigned_bin(key->pubkey.y, (byte*)in + keysize, keysize); 5128 6466 if (err == MP_OKAY) 5129 6467 err = mp_set(key->pubkey.z, 1); … … 5140 6478 mp_clear(&key->k); 5141 6479 } 5142 #endif /* WOLFSSL_ATECC508A */5143 6480 5144 6481 return err; 5145 }6482 } 5146 6483 5147 6484 int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key) … … 5152 6489 5153 6490 #ifdef HAVE_ECC_KEY_EXPORT 5154 /* export ecc private key only raw, outLen is in/out size 6491 6492 /* export ecc key to component form, d is optional if only exporting public 6493 * encType is WC_TYPE_UNSIGNED_BIN or WC_TYPE_HEX_STR 6494 * return MP_OKAY on success */ 6495 int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, 6496 byte* qy, word32* qyLen, byte* d, word32* dLen, int encType) 6497 { 6498 int err = 0; 6499 word32 keySz; 6500 6501 if (key == NULL) { 6502 return BAD_FUNC_ARG; 6503 } 6504 6505 if (wc_ecc_is_valid_idx(key->idx) == 0) { 6506 return ECC_BAD_ARG_E; 6507 } 6508 keySz = key->dp->size; 6509 6510 /* private key, d */ 6511 if (d != NULL) { 6512 if (dLen == NULL || 6513 (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY)) 6514 return BAD_FUNC_ARG; 6515 6516 #ifdef WOLFSSL_ATECC508A 6517 /* Hardware cannot export private portion */ 6518 return NOT_COMPILED_IN; 6519 #else 6520 err = wc_export_int(&key->k, d, dLen, keySz, encType); 6521 if (err != MP_OKAY) 6522 return err; 6523 #endif 6524 } 6525 6526 /* public x component */ 6527 if (qx != NULL) { 6528 if (qxLen == NULL || key->type == ECC_PRIVATEKEY_ONLY) 6529 return BAD_FUNC_ARG; 6530 6531 err = wc_export_int(key->pubkey.x, qx, qxLen, keySz, encType); 6532 if (err != MP_OKAY) 6533 return err; 6534 } 6535 6536 /* public y component */ 6537 if (qy != NULL) { 6538 if (qyLen == NULL || key->type == ECC_PRIVATEKEY_ONLY) 6539 return BAD_FUNC_ARG; 6540 6541 err = wc_export_int(key->pubkey.y, qy, qyLen, keySz, encType); 6542 if (err != MP_OKAY) 6543 return err; 6544 } 6545 6546 return err; 6547 } 6548 6549 6550 /* export ecc private key only raw, outLen is in/out size as unsigned bin 5155 6551 return MP_OKAY on success */ 5156 6552 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen) 5157 6553 { 5158 word32 numlen; 5159 5160 if (key == NULL || out == NULL || outLen == NULL) { 6554 if (out == NULL || outLen == NULL) { 5161 6555 return BAD_FUNC_ARG; 5162 } 5163 5164 if (wc_ecc_is_valid_idx(key->idx) == 0) { 5165 return ECC_BAD_ARG_E; 5166 } 5167 numlen = key->dp->size; 5168 5169 if (*outLen < numlen) { 5170 *outLen = numlen; 5171 return BUFFER_E; 5172 } 5173 *outLen = numlen; 5174 XMEMSET(out, 0, *outLen); 5175 5176 #ifdef WOLFSSL_ATECC508A 5177 /* TODO: Implement equiv call to ATECC508A */ 5178 return BAD_COND_E; 5179 5180 #else 5181 5182 return mp_to_unsigned_bin(&key->k, out + (numlen - 5183 mp_unsigned_bin_size(&key->k))); 5184 #endif /* WOLFSSL_ATECC508A */ 5185 } 5186 5187 5188 /* export ecc key to component form, d is optional if only exporting public 5189 * return MP_OKAY on success */ 5190 static int wc_ecc_export_raw(ecc_key* key, byte* qx, word32* qxLen, 5191 byte* qy, word32* qyLen, byte* d, word32* dLen) 5192 { 5193 int err; 5194 byte exportPriv = 0; 5195 word32 numLen; 5196 5197 if (key == NULL || qx == NULL || qxLen == NULL || qy == NULL || 5198 qyLen == NULL) { 5199 return BAD_FUNC_ARG; 5200 } 5201 5202 if (key->type == ECC_PRIVATEKEY_ONLY) { 5203 return ECC_PRIVATEONLY_E; 5204 } 5205 5206 if (wc_ecc_is_valid_idx(key->idx) == 0) { 5207 return ECC_BAD_ARG_E; 5208 } 5209 numLen = key->dp->size; 5210 5211 if (d != NULL) { 5212 if (dLen == NULL || key->type != ECC_PRIVATEKEY) 5213 return BAD_FUNC_ARG; 5214 exportPriv = 1; 5215 } 5216 5217 /* check public buffer sizes */ 5218 if ((*qxLen < numLen) || (*qyLen < numLen)) { 5219 *qxLen = numLen; 5220 *qyLen = numLen; 5221 return BUFFER_E; 5222 } 5223 5224 *qxLen = numLen; 5225 *qyLen = numLen; 5226 5227 XMEMSET(qx, 0, *qxLen); 5228 XMEMSET(qy, 0, *qyLen); 5229 5230 /* private d component */ 5231 if (exportPriv == 1) { 5232 5233 /* check private buffer size */ 5234 if (*dLen < numLen) { 5235 *dLen = numLen; 5236 return BUFFER_E; 5237 } 5238 5239 *dLen = numLen; 5240 XMEMSET(d, 0, *dLen); 5241 5242 #ifdef WOLFSSL_ATECC508A 5243 /* TODO: Implement equiv call to ATECC508A */ 5244 return BAD_COND_E; 5245 5246 #else 5247 5248 /* private key, d */ 5249 err = mp_to_unsigned_bin(&key->k, d + 5250 (numLen - mp_unsigned_bin_size(&key->k))); 5251 if (err != MP_OKAY) 5252 return err; 5253 #endif /* WOLFSSL_ATECC508A */ 5254 } 5255 5256 #ifdef WOLFSSL_ATECC508A 5257 /* TODO: Implement equiv call to ATECC508A */ 5258 return BAD_COND_E; 5259 5260 #else 5261 5262 /* public x component */ 5263 err = mp_to_unsigned_bin(key->pubkey.x, qx + 5264 (numLen - mp_unsigned_bin_size(key->pubkey.x))); 5265 if (err != MP_OKAY) 5266 return err; 5267 5268 /* public y component */ 5269 err = mp_to_unsigned_bin(key->pubkey.y, qy + 5270 (numLen - mp_unsigned_bin_size(key->pubkey.y))); 5271 if (err != MP_OKAY) 5272 return err; 5273 5274 return 0; 5275 #endif /* WOLFSSL_ATECC508A */ 5276 } 5277 5278 5279 /* export public key to raw elements including public (Qx,Qy) 6556 } 6557 6558 return wc_ecc_export_ex(key, NULL, NULL, NULL, NULL, out, outLen, 6559 WC_TYPE_UNSIGNED_BIN); 6560 } 6561 6562 /* export public key to raw elements including public (Qx,Qy) as unsigned bin 5280 6563 * return MP_OKAY on success, negative on error */ 5281 6564 int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, 5282 6565 byte* qy, word32* qyLen) 5283 6566 { 5284 return wc_ecc_export_raw(key, qx, qxLen, qy, qyLen, NULL, NULL); 5285 } 5286 5287 5288 /* export ecc key to raw elements including public (Qx,Qy) and private (d) 6567 if (qx == NULL || qxLen == NULL || qy == NULL || qyLen == NULL) { 6568 return BAD_FUNC_ARG; 6569 } 6570 6571 return wc_ecc_export_ex(key, qx, qxLen, qy, qyLen, NULL, NULL, 6572 WC_TYPE_UNSIGNED_BIN); 6573 } 6574 6575 /* export ecc key to raw elements including public (Qx,Qy) and 6576 * private (d) as unsigned bin 5289 6577 * return MP_OKAY on success, negative on error */ 5290 6578 int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, 5291 6579 byte* qy, word32* qyLen, byte* d, word32* dLen) 5292 6580 { 5293 /* sanitize d and dLen, other args are checked later */ 5294 if (d == NULL || dLen == NULL) 5295 return BAD_FUNC_ARG; 5296 5297 return wc_ecc_export_raw(key, qx, qxLen, qy, qyLen, d, dLen); 6581 return wc_ecc_export_ex(key, qx, qxLen, qy, qyLen, d, dLen, 6582 WC_TYPE_UNSIGNED_BIN); 5298 6583 } 5299 6584 … … 5307 6592 { 5308 6593 int ret; 6594 word32 idx = 0; 6595 6596 if (key == NULL || priv == NULL) 6597 return BAD_FUNC_ARG; 5309 6598 5310 6599 /* public optional, NULL if only importing private */ 5311 6600 if (pub != NULL) { 5312 6601 ret = wc_ecc_import_x963_ex(pub, pubSz, key, curve_id); 6602 if (ret < 0) 6603 ret = wc_EccPublicKeyDecode(pub, &idx, key, pubSz); 5313 6604 key->type = ECC_PRIVATEKEY; 5314 6605 } 5315 6606 else { 5316 if (key == NULL || priv == NULL)5317 return BAD_FUNC_ARG;5318 5319 6607 /* make sure required variables are reset */ 5320 6608 wc_ecc_reset(key); … … 5328 6616 return ret; 5329 6617 5330 5331 6618 #ifdef WOLFSSL_ATECC508A 5332 /* TODO: Implement equiv call to ATECC508A*/5333 return BAD_COND_E;6619 /* Hardware does not support loading private keys */ 6620 return NOT_COMPILED_IN; 5334 6621 5335 6622 #else 5336 6623 5337 6624 ret = mp_read_unsigned_bin(&key->k, priv, privSz); 6625 #ifdef HAVE_WOLF_BIGINT 6626 if (ret == 0 && 6627 wc_bigint_from_unsigned_bin(&key->k.raw, priv, privSz) != 0) { 6628 mp_clear(&key->k); 6629 ret = ASN_GETINT_E; 6630 } 6631 #endif /* HAVE_WOLF_BIGINT */ 6632 5338 6633 5339 6634 #endif /* WOLFSSL_ATECC508A */ … … 5369 6664 { 5370 6665 int err; 5371 mp_int rtmp; 5372 mp_int stmp; 6666 #ifdef WOLFSSL_SMALL_STACK 6667 mp_int* rtmp = NULL; 6668 mp_int* stmp = NULL; 6669 #else 6670 mp_int rtmp[1]; 6671 mp_int stmp[1]; 6672 #endif 5373 6673 5374 6674 if (r == NULL || s == NULL || out == NULL || outlen == NULL) 5375 6675 return ECC_BAD_ARG_E; 5376 6676 5377 err = mp_init_multi(&rtmp, &stmp, NULL, NULL, NULL, NULL); 5378 if (err != MP_OKAY) 6677 #ifdef WOLFSSL_SMALL_STACK 6678 rtmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6679 if (rtmp == NULL) 6680 return MEMORY_E; 6681 stmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6682 if (stmp == NULL) { 6683 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6684 return MEMORY_E; 6685 } 6686 #endif 6687 6688 err = mp_init_multi(rtmp, stmp, NULL, NULL, NULL, NULL); 6689 if (err != MP_OKAY) { 6690 #ifdef WOLFSSL_SMALL_STACK 6691 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 6692 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6693 #endif 5379 6694 return err; 5380 5381 err = mp_read_radix(&rtmp, r, 16); 6695 } 6696 6697 err = mp_read_radix(rtmp, r, MP_RADIX_HEX); 5382 6698 if (err == MP_OKAY) 5383 err = mp_read_radix( &stmp, s, 16);6699 err = mp_read_radix(stmp, s, MP_RADIX_HEX); 5384 6700 5385 6701 /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ 5386 6702 if (err == MP_OKAY) 5387 err = StoreECC_DSA_Sig(out, outlen, &rtmp, &stmp);6703 err = StoreECC_DSA_Sig(out, outlen, rtmp, stmp); 5388 6704 5389 6705 if (err == MP_OKAY) { 5390 if (mp_iszero( &rtmp) == MP_YES || mp_iszero(&stmp) == MP_YES)6706 if (mp_iszero(rtmp) == MP_YES || mp_iszero(stmp) == MP_YES) 5391 6707 err = MP_ZERO_E; 5392 6708 } 5393 6709 5394 mp_clear(&rtmp); 5395 mp_clear(&stmp); 6710 mp_clear(rtmp); 6711 mp_clear(stmp); 6712 #ifdef WOLFSSL_SMALL_STACK 6713 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 6714 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6715 #endif 5396 6716 5397 6717 return err; 5398 6718 } 5399 6719 6720 /** 6721 Convert ECC R,S raw unsigned bin to signature 6722 r R component of signature 6723 rSz R size 6724 s S component of signature 6725 sSz S size 6726 out DER-encoded ECDSA signature 6727 outlen [in/out] output buffer size, output signature size 6728 return MP_OKAY on success 6729 */ 6730 int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, 6731 byte* out, word32* outlen) 6732 { 6733 int err; 6734 #ifdef WOLFSSL_SMALL_STACK 6735 mp_int* rtmp = NULL; 6736 mp_int* stmp = NULL; 6737 #else 6738 mp_int rtmp[1]; 6739 mp_int stmp[1]; 6740 #endif 6741 6742 if (r == NULL || s == NULL || out == NULL || outlen == NULL) 6743 return ECC_BAD_ARG_E; 6744 6745 #ifdef WOLFSSL_SMALL_STACK 6746 rtmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6747 if (rtmp == NULL) 6748 return MEMORY_E; 6749 stmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6750 if (stmp == NULL) { 6751 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6752 return MEMORY_E; 6753 } 6754 #endif 6755 6756 err = mp_init_multi(rtmp, stmp, NULL, NULL, NULL, NULL); 6757 if (err != MP_OKAY) { 6758 #ifdef WOLFSSL_SMALL_STACK 6759 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 6760 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6761 #endif 6762 return err; 6763 } 6764 6765 err = mp_read_unsigned_bin(rtmp, r, rSz); 6766 if (err == MP_OKAY) 6767 err = mp_read_unsigned_bin(stmp, s, sSz); 6768 6769 /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ 6770 if (err == MP_OKAY) 6771 err = StoreECC_DSA_Sig(out, outlen, rtmp, stmp); 6772 6773 if (err == MP_OKAY) { 6774 if (mp_iszero(rtmp) == MP_YES || mp_iszero(stmp) == MP_YES) 6775 err = MP_ZERO_E; 6776 } 6777 6778 mp_clear(rtmp); 6779 mp_clear(stmp); 6780 #ifdef WOLFSSL_SMALL_STACK 6781 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 6782 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6783 #endif 6784 6785 return err; 6786 } 5400 6787 5401 6788 /** … … 5414 6801 int err; 5415 6802 word32 x = 0; 5416 mp_int rtmp; 5417 mp_int stmp; 6803 #ifdef WOLFSSL_SMALL_STACK 6804 mp_int* rtmp = NULL; 6805 mp_int* stmp = NULL; 6806 #else 6807 mp_int rtmp[1]; 6808 mp_int stmp[1]; 6809 #endif 5418 6810 5419 6811 if (sig == NULL || r == NULL || rLen == NULL || s == NULL || sLen == NULL) 5420 6812 return ECC_BAD_ARG_E; 5421 6813 5422 err = DecodeECC_DSA_Sig(sig, sigLen, &rtmp, &stmp); 6814 #ifdef WOLFSSL_SMALL_STACK 6815 rtmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6816 if (rtmp == NULL) 6817 return MEMORY_E; 6818 stmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); 6819 if (stmp == NULL) { 6820 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6821 return MEMORY_E; 6822 } 6823 #endif 6824 6825 err = DecodeECC_DSA_Sig(sig, sigLen, rtmp, stmp); 5423 6826 5424 6827 /* extract r */ 5425 6828 if (err == MP_OKAY) { 5426 x = mp_unsigned_bin_size( &rtmp);6829 x = mp_unsigned_bin_size(rtmp); 5427 6830 if (*rLen < x) 5428 6831 err = BUFFER_E; … … 5430 6833 if (err == MP_OKAY) { 5431 6834 *rLen = x; 5432 err = mp_to_unsigned_bin( &rtmp, r);6835 err = mp_to_unsigned_bin(rtmp, r); 5433 6836 } 5434 6837 } … … 5436 6839 /* extract s */ 5437 6840 if (err == MP_OKAY) { 5438 x = mp_unsigned_bin_size( &stmp);6841 x = mp_unsigned_bin_size(stmp); 5439 6842 if (*sLen < x) 5440 6843 err = BUFFER_E; … … 5442 6845 if (err == MP_OKAY) { 5443 6846 *sLen = x; 5444 err = mp_to_unsigned_bin( &stmp, s);6847 err = mp_to_unsigned_bin(stmp, s); 5445 6848 } 5446 6849 } 5447 6850 5448 mp_clear(&rtmp); 5449 mp_clear(&stmp); 6851 mp_clear(rtmp); 6852 mp_clear(stmp); 6853 #ifdef WOLFSSL_SMALL_STACK 6854 XFREE(stmp, NULL, DYNAMIC_TYPE_ECC); 6855 XFREE(rtmp, NULL, DYNAMIC_TYPE_ECC); 6856 #endif 5450 6857 5451 6858 return err; … … 5455 6862 #ifdef HAVE_ECC_KEY_IMPORT 5456 6863 static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, 5457 const char* qy, const char* d, int curve_id )6864 const char* qy, const char* d, int curve_id, int encType) 5458 6865 { 5459 6866 int err = MP_OKAY; … … 5472 6879 return err; 5473 6880 } 5474 5475 #ifdef WOLFSSL_ATECC508A5476 /* TODO: Implement equiv call to ATECC508A */5477 err = BAD_COND_E;5478 5479 #else5480 6881 5481 6882 /* init key */ … … 5496 6897 5497 6898 /* read Qx */ 5498 if (err == MP_OKAY) 5499 err = mp_read_radix(key->pubkey.x, qx, 16); 6899 if (err == MP_OKAY) { 6900 if (encType == WC_TYPE_HEX_STR) 6901 err = mp_read_radix(key->pubkey.x, qx, MP_RADIX_HEX); 6902 else 6903 err = mp_read_unsigned_bin(key->pubkey.x, (const byte*)qx, 6904 key->dp->size); 6905 } 5500 6906 5501 6907 /* read Qy */ 5502 if (err == MP_OKAY) 5503 err = mp_read_radix(key->pubkey.y, qy, 16); 6908 if (err == MP_OKAY) { 6909 if (encType == WC_TYPE_HEX_STR) 6910 err = mp_read_radix(key->pubkey.y, qy, MP_RADIX_HEX); 6911 else 6912 err = mp_read_unsigned_bin(key->pubkey.y, (const byte*)qy, 6913 key->dp->size); 6914 6915 } 5504 6916 5505 6917 if (err == MP_OKAY) 5506 6918 err = mp_set(key->pubkey.z, 1); 6919 6920 #ifdef WOLFSSL_ATECC508A 6921 /* For SECP256R1 only save raw public key for hardware */ 6922 if (err == MP_OKAY && curve_id == ECC_SECP256R1) { 6923 word32 keySz = key->dp->size; 6924 err = wc_export_int(key->pubkey.x, key->pubkey_raw, 6925 &keySz, keySz, WC_TYPE_UNSIGNED_BIN); 6926 if (err == MP_OKAY) 6927 err = wc_export_int(key->pubkey.y, &key->pubkey_raw[keySz], 6928 &keySz, keySz, WC_TYPE_UNSIGNED_BIN); 6929 } 6930 #endif 5507 6931 5508 6932 /* import private key */ 5509 6933 if (err == MP_OKAY) { 5510 6934 if (d != NULL) { 6935 #ifdef WOLFSSL_ATECC508A 6936 /* Hardware doesn't support loading private key */ 6937 err = NOT_COMPILED_IN; 6938 #else 5511 6939 key->type = ECC_PRIVATEKEY; 5512 err = mp_read_radix(&key->k, d, 16); 6940 6941 if (encType == WC_TYPE_HEX_STR) 6942 err = mp_read_radix(&key->k, d, MP_RADIX_HEX); 6943 else 6944 err = mp_read_unsigned_bin(&key->k, (const byte*)d, 6945 key->dp->size); 6946 #endif /* WOLFSSL_ATECC508A */ 5513 6947 } else { 5514 6948 key->type = ECC_PUBLICKEY; … … 5527 6961 mp_clear(&key->k); 5528 6962 } 5529 #endif /* WOLFSSL_ATECC508A */5530 6963 5531 6964 return err; … … 5545 6978 const char* d, int curve_id) 5546 6979 { 5547 return wc_ecc_import_raw_private(key, qx, qy, d, curve_id); 5548 6980 return wc_ecc_import_raw_private(key, qx, qy, d, curve_id, 6981 WC_TYPE_HEX_STR); 6982 6983 } 6984 6985 /* Import x, y and optional private (d) as unsigned binary */ 6986 int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, 6987 byte* d, int curve_id) 6988 { 6989 return wc_ecc_import_raw_private(key, (const char*)qx, (const char*)qy, 6990 (const char*)d, curve_id, WC_TYPE_UNSIGNED_BIN); 5549 6991 } 5550 6992 … … 5581 7023 err = ASN_PARSE_E; 5582 7024 } else { 5583 return wc_ecc_import_raw_private(key, qx, qy, d, ecc_sets[x].id); 7025 return wc_ecc_import_raw_private(key, qx, qy, d, ecc_sets[x].id, 7026 WC_TYPE_HEX_STR); 5584 7027 } 5585 7028 … … 5596 7039 } 5597 7040 7041 int wc_ecc_sig_size_calc(int sz) 7042 { 7043 return (sz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ; 7044 } 5598 7045 5599 7046 /* worst case estimate, check actual return from wc_ecc_sign_hash for actual … … 5605 7052 return sz; 5606 7053 5607 return (sz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ;7054 return wc_ecc_sig_size_calc(sz); 5608 7055 } 5609 7056 … … 5633 7080 #endif 5634 7081 7082 7083 #ifndef WOLFSSL_SP_MATH 5635 7084 5636 7085 /** Our FP cache */ … … 6182 7631 }; 6183 7632 7633 6184 7634 /* find a hole and free as required, return -1 if no hole found */ 6185 7635 static int find_hole(void) … … 6271 7721 return MP_OKAY; 6272 7722 } 6273 7723 #endif 7724 7725 #ifndef WOLFSSL_SP_MATH 6274 7726 /* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart 6275 7727 * … … 6441 7893 if (y == 66) --x; 6442 7894 6443 if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { 7895 if ((err = mp_read_radix(&order, ecc_sets[x].order, 7896 MP_RADIX_HEX)) != MP_OKAY) { 6444 7897 goto done; 6445 7898 } … … 6492 7945 6493 7946 while ((unsigned)x < y) { 6494 z = kb[x]; kb[x] = kb[y]; kb[y] = z;7947 z = kb[x]; kb[x] = kb[y]; kb[y] = (byte)z; 6495 7948 ++x; --y; 6496 7949 } … … 6559 8012 return err; 6560 8013 } 8014 #endif 6561 8015 6562 8016 #ifdef ECC_SHAMIR 8017 #ifndef WOLFSSL_SP_MATH 6563 8018 /* perform a fixed point ECC mulmod */ 6564 8019 static int accel_fp_mul2add(int idx1, int idx2, … … 6592 8047 if (y == 66) --x; 6593 8048 6594 if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { 8049 if ((err = mp_read_radix(&order, ecc_sets[x].order, 8050 MP_RADIX_HEX)) != MP_OKAY) { 6595 8051 goto done; 6596 8052 } … … 6623 8079 if (y == 66) --x; 6624 8080 6625 if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) { 8081 if ((err = mp_read_radix(&order, ecc_sets[x].order, 8082 MP_RADIX_HEX)) != MP_OKAY) { 6626 8083 goto done; 6627 8084 } … … 6678 8135 mp_clear(&tka); 6679 8136 while ((unsigned)x < y) { 6680 z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;8137 z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = (byte)z; 6681 8138 ++x; --y; 6682 8139 } … … 6699 8156 6700 8157 while ((unsigned)x < y) { 6701 z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z;8158 z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = (byte)z; 6702 8159 ++x; --y; 6703 8160 } … … 6919 8376 return err; 6920 8377 } 8378 #endif 6921 8379 #endif /* ECC_SHAMIR */ 6922 8380 … … 6934 8392 mp_int* modulus, int map, void* heap) 6935 8393 { 8394 #ifndef WOLFSSL_SP_MATH 6936 8395 int idx, err = MP_OKAY; 6937 8396 mp_digit mp; 6938 8397 mp_int mu; 6939 8398 int mpSetup = 0; 8399 8400 if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) { 8401 return ECC_BAD_ARG_E; 8402 } 6940 8403 6941 8404 if (mp_init(&mu) != MP_OKAY) … … 7006 8469 7007 8470 return err; 7008 } 7009 8471 #else 8472 if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) { 8473 return ECC_BAD_ARG_E; 8474 } 8475 8476 return sp_ecc_mulmod_256(k, G, R, map, heap); 8477 #endif 8478 } 8479 8480 #ifndef WOLFSSL_SP_MATH 7010 8481 /* helper function for freeing the cache ... 7011 8482 must be called with the cache mutex locked */ … … 7027 8498 } 7028 8499 } 8500 #endif 7029 8501 7030 8502 /** Free the Fixed Point cache */ 7031 8503 void wc_ecc_fp_free(void) 7032 8504 { 8505 #ifndef WOLFSSL_SP_MATH 7033 8506 #ifndef HAVE_THREAD_LS 7034 8507 if (initMutex == 0) { … … 7048 8521 } 7049 8522 #endif /* HAVE_THREAD_LS */ 8523 #endif 7050 8524 } 7051 8525 … … 7407 8881 { 7408 8882 Aes aes; 8883 ret = wc_AesInit(&aes, NULL, INVALID_DEVID); 8884 if (ret == 0) { 7409 8885 ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv, 7410 8886 AES_ENCRYPTION); 7411 if (ret != 0) 7412 break; 8887 if (ret == 0) { 7413 8888 ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz); 7414 8889 #if defined(WOLFSSL_ASYNC_CRYPT) 7415 ret = wc_AsyncWait(ret, &aes.asyncDev, WC_ASYNC_FLAG_NONE); 8890 ret = wc_AsyncWait(ret, &aes.asyncDev, 8891 WC_ASYNC_FLAG_NONE); 7416 8892 #endif 8893 } 8894 wc_AesFree(&aes); 8895 } 8896 if (ret != 0) 8897 break; 7417 8898 } 7418 8899 break; … … 7637 9118 #ifndef WOLFSSL_ATECC508A 7638 9119 9120 #ifndef WOLFSSL_SP_MATH 7639 9121 int do_mp_jacobi(mp_int* a, mp_int* n, int* c); 7640 9122 … … 7760 9242 int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret) 7761 9243 { 9244 #ifdef SQRTMOD_USE_MOD_EXP 9245 int res; 9246 9247 mp_int e; 9248 9249 res = mp_init(&e); 9250 if (res == MP_OKAY) 9251 res = mp_add_d(prime, 1, &e); 9252 if (res == MP_OKAY) 9253 res = mp_div_2d(&e, 2, &e, NULL); 9254 if (res == MP_OKAY) 9255 res = mp_exptmod(n, &e, prime, ret); 9256 9257 mp_clear(&e); 9258 9259 return res; 9260 #else 7762 9261 int res, legendre, done = 0; 7763 9262 mp_int t1, C, Q, S, Z, M, T, R, two; … … 7938 9437 7939 9438 return res; 7940 } 9439 #endif 9440 } 9441 #endif 7941 9442 #endif /* !WOLFSSL_ATECC508A */ 7942 9443 … … 7961 9462 } 7962 9463 7963 #ifdef WOLFSSL_ATECC508A7964 /* TODO: Implement equiv call to ATECC508A */7965 ret = BAD_COND_E;7966 7967 #else7968 7969 9464 /* store first byte */ 7970 out[0] = mp_isodd(key->pubkey.y) == MP_YES ? 0x03 : 0x02;9465 out[0] = mp_isodd(key->pubkey.y) == MP_YES ? ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN; 7971 9466 7972 9467 /* pad and store x */ … … 7975 9470 out+1 + (numlen - mp_unsigned_bin_size(key->pubkey.x))); 7976 9471 *outLen = 1 + numlen; 7977 7978 #endif /* WOLFSSL_ATECC508A */7979 9472 7980 9473 return ret; … … 8045 9538 #ifdef HAVE_X963_KDF 8046 9539 8047 static INLINE void IncrementX963KdfCounter(byte* inOutCtr)9540 static WC_INLINE void IncrementX963KdfCounter(byte* inOutCtr) 8048 9541 { 8049 9542 int i; … … 8110 9603 ret = wc_HashUpdate(hash, type, secret, secretSz); 8111 9604 if (ret != 0) { 8112 #ifdef WOLFSSL_SMALL_STACK 8113 XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); 8114 #endif 8115 return ret; 9605 break; 8116 9606 } 8117 9607 8118 9608 ret = wc_HashUpdate(hash, type, counter, sizeof(counter)); 8119 9609 if (ret != 0) { 8120 #ifdef WOLFSSL_SMALL_STACK 8121 XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); 8122 #endif 8123 return ret; 9610 break; 8124 9611 } 8125 9612 … … 8127 9614 ret = wc_HashUpdate(hash, type, sinfo, sinfoSz); 8128 9615 if (ret != 0) { 8129 #ifdef WOLFSSL_SMALL_STACK 8130 XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); 8131 #endif 8132 return ret; 9616 break; 8133 9617 } 8134 9618 } … … 8136 9620 ret = wc_HashFinal(hash, type, tmp); 8137 9621 if (ret != 0) { 8138 #ifdef WOLFSSL_SMALL_STACK 8139 XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); 8140 #endif 8141 return ret; 9622 break; 8142 9623 } 8143 9624 … … 8149 9630 } 8150 9631 9632 wc_HashFree(hash, type); 9633 8151 9634 #ifdef WOLFSSL_SMALL_STACK 8152 9635 XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); 8153 9636 #endif 8154 9637 8155 return 0;9638 return ret; 8156 9639 } 8157 9640 #endif /* HAVE_X963_KDF */
Note:
See TracChangeset
for help on using the changeset viewer.