From 599e4e309cf8e9ea33602911acf235f1fc923393 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 20 Mar 2026 08:37:15 +1000 Subject: [PATCH] SP int: fixes from AI review Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to unit.test. sp_int.c: Fixes to comments. Added more define build options documentation to top of file. Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined. Fixes for when a->used is 0 and no underflow - not actually a problem but cleaner code. sp_sub has different checks on a->used when values are only positive. sp_dic_2d missing check for e less than zero. sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i to int to handle a->used of 0 and make code tidier. Configuration testing fixes. Fix formatting in test.c. Added 128-bit types word128 and sword128 for cleaner PKCS#12 code. --- .wolfssl_known_macro_extras | 2 +- tests/api.c | 2 +- tests/api/test_pkcs12.c | 121 +++++++++ tests/api/test_pkcs12.h | 6 +- wolfcrypt/benchmark/benchmark.c | 43 ++-- wolfcrypt/src/dh.c | 2 + wolfcrypt/src/pwdbased.c | 159 ++++++++++++ wolfcrypt/src/sp_int.c | 427 +++++++++++++++++++------------- wolfcrypt/src/wolfmath.c | 9 +- wolfcrypt/test/test.c | 44 ++-- wolfssl/wolfcrypt/types.h | 10 + wolfssl/wolfcrypt/wolfmath.h | 9 +- 12 files changed, 622 insertions(+), 212 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 931d8da31ca..e8a037e9d25 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -647,6 +647,7 @@ WC_NO_RNG_SIMPLE WC_NO_STATIC_ASSERT WC_NO_VERBOSE_RNG WC_PKCS11_FIND_WITH_ID_ONLY +WC_PKCS12_PBKDF_USING_MP_API WC_PROTECT_ENCRYPTED_MEM WC_RNG_BLOCKING WC_RSA_NONBLOCK @@ -805,7 +806,6 @@ WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NEW_PRIME_CHECK -WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API WOLFSSL_NO_BIO_ADDR_IN diff --git a/tests/api.c b/tests/api.c index 30041130a14..2ef1029cd90 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23455,7 +23455,7 @@ static int test_wolfSSL_X509_print(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(XSNPRINTF) + !defined(NO_RSA) && defined(XSNPRINTF) && !defined(WC_DISABLE_RADIX_ZERO_PAD) X509 *x509 = NULL; BIO *bio = NULL; #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c index a2cc3d69b4c..ac9406a9398 100644 --- a/tests/api/test_pkcs12.c +++ b/tests/api/test_pkcs12.c @@ -29,6 +29,7 @@ #endif #include +#include #include #include #include @@ -196,6 +197,126 @@ int test_wc_PKCS12_create(void) return EXPECT_RESULT(); } +int test_wc_PKCS12_PBKDF(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256) + /* Test vectors from RFC 7292 Appendix B (SHA-256 based) */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + static const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + byte derived[24]; + + /* bad args */ + ExpectIntNE(wc_PKCS12_PBKDF(NULL, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, 0, + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, 0, 1, 24, WC_SHA256, 1), 0); + + /* 1 iteration */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); + + /* 1000 iterations */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0); + + /* iterations <= 0 treated as 1 */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256) + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + static const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + byte derived[24]; + byte derived2[24]; + + /* bad args */ + ExpectIntNE(wc_PKCS12_PBKDF_ex(NULL, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, 0, + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, 0, 1, 24, WC_SHA256, 1, NULL), 0); + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0); + + /* _ex and non-_ex produce identical output */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived2, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, derived2, 24), 0); + + /* id 2 (IV) and id 3 (MAC) also accepted */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 2, NULL), 0); + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0); +#endif + return EXPECT_RESULT(); +} + int test_wc_d2i_PKCS12_bad_mac_salt(void) { EXPECT_DECLS; diff --git a/tests/api/test_pkcs12.h b/tests/api/test_pkcs12.h index 3a7e18c3795..81ca5f5c303 100644 --- a/tests/api/test_pkcs12.h +++ b/tests/api/test_pkcs12.h @@ -27,10 +27,14 @@ int test_wc_i2d_PKCS12(void); int test_wc_PKCS12_create(void); int test_wc_d2i_PKCS12_bad_mac_salt(void); +int test_wc_PKCS12_PBKDF(void); +int test_wc_PKCS12_PBKDF_ex(void); #define TEST_PKCS12_DECLS \ TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \ TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create), \ - TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt) + TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex) #endif /* WOLFCRYPT_TEST_PKCS12_H */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index f514faf39f5..bcd7f5554ac 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1517,12 +1517,13 @@ static const char* bench_result_words1[][5] = { #endif }; -#if !defined(NO_RSA) || \ - defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ - defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ - defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) +#if ((!defined(NO_RSA) || \ + defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ + defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ + defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM)) && !defined(WC_NO_RNG)) || \ + defined(WOLFSSL_HAVE_MLKEM) static const char* bench_desc_words[][15] = { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 */ @@ -2057,11 +2058,11 @@ static const char* bench_result_words3[][5] = { #endif #if defined(BENCH_ASYM) -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ - defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ - defined(WOLFSSL_HAVE_LMS) +#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \ + !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM) static const char* bench_result_words2[][6] = { #ifdef BENCH_MICROSECOND { "ops took", "μsec" , "avg" , "ops/μsec", "cycles/op", @@ -3201,11 +3202,11 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, } /* bench_stats_sym_finish */ #ifdef BENCH_ASYM -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ - defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ - defined(WOLFSSL_HAVE_LMS) +#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \ + !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM) static void bench_stats_asym_finish_ex(const char* algo, int strength, const char* desc, const char* desc_extra, int useDeviceID, int count, double start, int ret) @@ -4567,7 +4568,7 @@ static void* benchmarks_do(void* args) if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN)) bench_falconKeySign(5); #endif -#ifdef HAVE_DILITHIUM +#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG) #ifndef WOLFSSL_NO_ML_DSA_44 if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN)) bench_dilithiumKeySign(2); @@ -9643,7 +9644,7 @@ void bench_srtpkdf(void) } #endif -#ifndef NO_RSA +#if !defined(NO_RSA) && !defined(WC_NO_RNG) #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) @@ -10285,7 +10286,7 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz) } } #endif /* WOLFSSL_KEY_GEN */ -#endif /* !NO_RSA */ +#endif /* !NO_RSA && !WC_NO_RNG */ #if !defined(NO_DH) && !defined(WC_NO_RNG) @@ -14329,7 +14330,7 @@ void bench_falconKeySign(byte level) } #endif /* HAVE_FALCON */ -#ifdef HAVE_DILITHIUM +#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG) #if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -15675,7 +15676,7 @@ void bench_dilithiumKeySign(byte level) #endif #endif } -#endif /* HAVE_DILITHIUM */ +#endif /* HAVE_DILITHIUM && !WC_NO_RNG */ #ifdef HAVE_SPHINCS void bench_sphincsKeySign(byte level, byte optim) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 69fa1152a91..b2d49467a0a 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2227,8 +2227,10 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #endif XFREE(y, key->heap, DYNAMIC_TYPE_DH); #elif defined(WOLFSSL_CHECK_MEM_ZERO) +#if !defined(WOLFSSL_SP_MATH) mp_memzero_check(x); mp_memzero_check(z); +#endif #endif return ret; diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 68e3ab16355..66c8c9c3e73 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -368,6 +368,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen, } +#ifdef WC_PKCS12_PBKDF_USING_MP_API /* extended API that allows a heap hint to be used */ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, const byte* salt, int saltLen, int iterations, int kLen, @@ -566,6 +567,164 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, return ret; } +#else + +#if defined(WC_64BIT_CPU) && defined(HAVE___UINT128_T) && \ + !defined(NO_INT128) + #define PKCS12_DWORD word128 + #define PKCS12_WORD word64 + #define PKCS12_ByteReverseWords ByteReverseWords64 +#elif defined(WC_32BIT_CPU) || defined(WC_64BIT_CPU) + #define PKCS12_DWORD word64 + #define PKCS12_WORD word32 + #define PKCS12_ByteReverseWords ByteReverseWords +#else + #define PKCS12_DWORD word16 + #define PKCS12_WORD word8 + /* No need to byte reverse when handling 1 byte at a time. */ + #define PKCS12_ByteReverseWords(r, a, n) WC_DO_NOTHING +#endif + +/* extended API that allows a heap hint to be used */ +int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap) +{ + /* nwc: v / sizeof(PKCS12_WORD) - words per v-byte block + * (v is always a multiple of sizeof(PKCS12_WORD)) + * nBlocks: iLen / v - number of v-byte blocks in I */ + word32 u, v, pLen, iLen, sLen, totalLen; + word32 nwc, nBlocks; + int ret = 0; + word32 i, k, blk; + byte* I; + PKCS12_WORD* Bw; +#ifdef WOLFSSL_SMALL_STACK + byte staticBuffer[1]; /* force dynamic usage */ + byte* B = NULL; +#else + ALIGN8 byte staticBuffer[1024]; + ALIGN8 byte B[WC_MAX_BLOCK_SIZE]; +#endif + byte* buffer = staticBuffer; + enum wc_HashType hashT; + + (void)heap; + + if (output == NULL || passLen <= 0 || saltLen <= 0 || kLen < 0) + return BAD_FUNC_ARG; + + if (iterations <= 0) + iterations = 1; + + hashT = wc_HashTypeConvert(hashType); + ret = wc_HashGetDigestSize(hashT); + if (ret < 0) + return ret; + if (ret == 0) + return BAD_STATE_E; + u = (word32)ret; + + ret = wc_HashGetBlockSize(hashT); + if (ret < 0) + return ret; + if (ret == 0) + return BAD_STATE_E; + v = (word32)ret; + ret = 0; + +#ifdef WOLFSSL_SMALL_STACK + B = (byte*)XMALLOC(WC_MAX_BLOCK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (B == NULL) + return MEMORY_E; +#endif + + /* RFC 7292 B.2 step 2: S = salt repeated to ceil(saltLen/v)*v bytes */ + sLen = v * (((word32)saltLen + v - 1) / v); + /* RFC 7292 B.2 step 3: P = password repeated to ceil(passLen/v)*v bytes */ + pLen = v * (((word32)passLen + v - 1) / v); + /* RFC 7292 B.2 step 4: I = S || P */ + iLen = sLen + pLen; + totalLen = v + iLen; + + nwc = v / (word32)sizeof(PKCS12_WORD); + nBlocks = iLen / v; + Bw = (PKCS12_WORD*)B; + + if (totalLen > sizeof(staticBuffer)) { + buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY); + if (buffer == NULL) { + WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + } + + /* RFC 7292 B.2 step 1: D = v bytes each set to ID */ + /* RFC 7292 B.2 step 4: I = S || P; buffer = D || I */ + I = buffer + v; + XMEMSET(buffer, id, v); + for (i = 0; i < sLen; i++) + I[i] = salt[i % (word32)saltLen]; + for (i = 0; i < pLen; i++) + I[sLen + i] = passwd[i % (word32)passLen]; + + while (ret == 0 && kLen > 0) { + /* RFC 7292 B.2 step 6a: A_i = H^r(D || I) */ + ret = DoPKCS12Hash(hashType, buffer, totalLen, B, u, iterations); + if (ret < 0) + break; + + /* RFC 7292 B.2 step 7: output A_i bytes (up to kLen) */ + i = min((word32)kLen, u); + XMEMCPY(output, B, i); + output += i; + kLen -= (int)i; + if (kLen == 0) + break; + + /* RFC 7292 B.2 step 6b: B = A_i repeated to length v */ + for (i = u; i < v; i++) + B[i] = B[i % u]; + + /* RFC 7292 B.2 step 6c: I_j = (I_j + B + 1) mod 2^(8v). + * Increment B by 1 first, then add to each I_j block. */ +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords(Bw, Bw, v); +#endif + k = nwc; + while (k-- > 0 && (++Bw[k] == 0)) + ; + + for (blk = 0; blk < nBlocks; blk++) { + PKCS12_DWORD c = 0; + PKCS12_WORD* Iw = (PKCS12_WORD*)(I + blk * v); +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords(Iw, Iw, v); +#endif + for (k = nwc; k-- > 0; ) { + c += (PKCS12_DWORD)Iw[k]; + c += (PKCS12_DWORD)Bw[k]; + Iw[k] = (PKCS12_WORD)c; + c >>= 8 * sizeof(PKCS12_WORD); + } +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords(Iw, Iw, v); +#endif + } + } + + WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buffer != staticBuffer) + XFREE(buffer, heap, DYNAMIC_TYPE_KEY); + + return ret; +} + +#undef PKCS12_DWORD +#undef PKCS12_WORD +#undef PKCS12_ByteReverseWords + +#endif #endif /* HAVE_PKCS12 */ diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 328f02a8418..a3fe98ff3b2 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -89,6 +89,96 @@ This library provides single precision (SP) integer math functions. * Dynamic arrays used when not small stack. * WOLFSSL_SP_FAST_MODEXP Allow fast mod_exp with small C code * WOLFSSL_SP_LOW_MEM Use algorithms that use less memory. + * WOLFSSL_SMALL_STACK: Use heap for large structures to reduce + * stack usage + * WOLFSSL_KEY_GEN: Key generation support enabled + * WOLFSSL_RSA_PUBLIC_ONLY: Only RSA public operations compiled in + * WOLFSSL_RSA_VERIFY_ONLY: Only RSA verify operations compiled in + * NO_RSA: RSA support disabled + * NO_DH: DH support disabled + * NO_DSA: DSA support disabled + * NO_INLINE: sp_int.c includes misc.c directly instead of + * inlining + * HAVE_ECC: ECC support enabled, enables ECC-related SP + * functions + * HAVE_FIPS: FIPS mode enabled + * HAVE_WOLF_BIGINT: wolfBigInt support, enables bigint conversion + * functions + * FREESCALE_LTC_TFM: Freescale LTC hardware acceleration replaces SP + * modular exponentiation + * OPENSSL_EXTRA: OpenSSL API compatibility enabled + * OPENSSL_ALL: Full OpenSSL API compatibility enabled + * WC_NO_HARDEN: Disable timing attack resistance + * WC_NO_CACHE_RESISTANT: Disable cache-resistant (constant-address) + * operations + * WC_NO_RNG: No RNG available, disables functions needing + * random numbers + * WC_PROTECT_ENCRYPTED_MEM: Enable protection of encrypted memory + * operations + * WC_DISABLE_RADIX_ZERO_PAD: Disable zero padding when converting to a + * radix string + * WOLFSSL_NO_CT_OPS: Disable constant-time operations + * WOLFSSL_CHECK_MEM_ZERO: Enable checking that sensitive memory is + * zeroed on free + * WOLFSSL_SP_MILLER_RABIN_CNT: Number of Miller-Rabin rounds for prime + * testing (default: 8) + * WOLFSSL_NO_ASM: Disable all assembly implementations + * WOLFSSL_KEIL: Keil compiler in use, affects inline assembly + * syntax + * WOLFSSL_USE_SAVE_VECTOR_REGISTERS: Save/restore vector registers around + * SP ASM calls + * WOLFSSL_SP_INT_LARGE_COMBA: Enable large Comba multiplication and + * squaring + * WOLFSSL_SP_INT_SQR_VOLATILE: Declare squaring intermediate variables as + * volatile + * SP_INT_NO_ASM: Disable use of SP ASM even when + * SP_INT_ASM_AVAILABLE is set + * SP_MATH_NEED_ADD_OFF: Enable sp_add variant with an offset into + * the result + * + * The following are not user settable but are set in settings.h or sp_int.h + * based on other defines and platform: + * BIG_ENDIAN_ORDER: (Auto) Set in types.h when WORDS_BIGENDIAN + * is defined by the platform or build system + * LITTLE_ENDIAN_ORDER: (Auto) Set in types.h when BIG_ENDIAN_ORDER + * is not defined; the default byte ordering + * WOLFSSL_SP_DYN_STACK: (Auto) Set in sp_int.h when C99 and + * conditions allow a dynamic stack sp_int + * WOLFSSL_SP_DIV_WORD_HALF: (Auto) Set in sp_int.h/settings.h when + * platform lacks a native double-word type + * WOLFSSL_ARM_ARCH: (Auto) Set in sp_int.h as alias for + * WOLFSSL_SP_ARM_ARCH; use WOLFSSL_SP_ARM_ARCH to configure + * WOLFSSL_SP_ADD_D: (Auto) Set in settings.h; enables sp_add_d + * based on which algorithms are active + * WOLFSSL_SP_SUB_D: (Auto) Set in settings.h; enables sp_sub_d + * based on which algorithms are active + * WOLFSSL_SP_MUL_D: (Auto) Set in settings.h; enables sp_mul_d + * based on which algorithms are active + * WOLFSSL_SP_DIV_D: (Auto) Set in sp_int.c; enables sp_div_d + * based on which algorithms are active + * WOLFSSL_SP_MOD_D: (Auto) Set in sp_int.c; enables sp_mod_d + * based on which algorithms are active + * WOLFSSL_SP_INVMOD: (Auto) Set in settings.h; enables + * sp_invmod based on which algorithms are active + * WOLFSSL_SP_INVMOD_MONT_CT: (Auto) Set in settings.h; enables + * constant-time Montgomery inverse when needed + * WOLFSSL_SP_PRIME_GEN: (Auto) Set in settings.h; enables prime + * generation based on which algorithms are active + * WOLFSSL_SP_READ_RADIX_16: (Auto) Set in settings.h; enables reading + * base-16 strings based on which algorithms are active + * WOLFSSL_SP_READ_RADIX_10: (Auto) Set in settings.h; enables reading + * base-10 strings based on which algorithms are active + * + * SP_ALLOC: (Internal) Heap allocation in use for SP + * variables in exptmod + * SP_ALLOC_PREDEFINED: (Internal) Set when SP_ALLOC was defined + * before this file + * SP_INT_ASM_AVAILABLE: (Internal) Set when a platform ASM + * implementation is present + * SP_ASM_DIV_WORD: (Internal) Platform macro: hardware + * double-word division available + * SP_WORD_OVERFLOW: (Internal) Set in sp_int.h when mul/sqr + * partial sums can overflow sp_int_word */ /* TODO: WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */ @@ -5360,8 +5450,8 @@ int sp_copy(const sp_int* a, sp_int* r) } #endif -#if ((defined(WOLFSSL_SP_MATH_ALL) && ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH))) || \ +#if ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ defined(OPENSSL_ALL)) && defined(WC_PROTECT_ENCRYPTED_MEM) /* Copy 2 numbers into two results based on y. Copy a fixed number of digits. @@ -5485,11 +5575,11 @@ int sp_exch(sp_int* a, sp_int* b) !defined(WC_NO_CACHE_RESISTANT) /* Conditional swap of SP int values in constant time. * - * @param [in] a First SP int to conditionally swap. - * @param [in] b Second SP int to conditionally swap. - * @param [in] cnt Count of words to copy. - * @param [in] swap When value is 1 then swap. - * @param [in] t Temporary SP int to use in swap. + * @param [in, out] a First SP int to conditionally swap. + * @param [in, out] b Second SP int to conditionally swap. + * @param [in] cnt Count of words to copy. + * @param [in] swap When value is 1 then swap. + * @param [in, out] t Temporary SP int to use in swap. * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. */ @@ -5521,7 +5611,7 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t) /* XOR temporary - when mask set then result will be a. */ b->used ^= t->used; #ifdef WOLFSSL_SP_INT_NEGATIVE - b->sign ^= b->sign; + b->sign ^= t->sign; #endif for (i = 0; i < (unsigned int)cnt; i++) { b->dp[i] ^= t->dp[i]; @@ -5607,7 +5697,7 @@ static int _sp_cmp_abs(const sp_int* a, const sp_int* b) /* Starting from most significant word, compare words. * Stop when different and set comparison return. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { if (a->dp[i] > b->dp[i]) { ret = MP_GT; break; @@ -5945,7 +6035,7 @@ static const int sp_lnz[SP_LNZ_CNT] = { /* Count the number of least significant zero bits. * - * When a is not NULL, result is 0. + * When a is NULL, result is 0. * * @param [in] a SP integer to use. * @@ -6498,8 +6588,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ defined(WOLFSSL_SP_MUL_D) -/* Multiply a by digit n and put result into r shifting up o digits. - * r = (a * n) << (o * SP_WORD_SIZE) +/* Multiply a by digit d and put result into r shifting up o digits. + * r = (a * d) << (o * SP_WORD_SIZE) * * @param [in] a SP integer to be multiplied. * @param [in] d SP digit to multiply by. @@ -6821,7 +6911,7 @@ static void _sp_div_3(const sp_int* a, sp_int* r, sp_int_digit* rem) int i; /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6882,7 +6972,7 @@ static void _sp_div_10(const sp_int* a, sp_int* r, sp_int_digit* rem) /* Check whether only mod value needed. */ if (r == NULL) { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6908,7 +6998,7 @@ static void _sp_div_10(const sp_int* a, sp_int* r, sp_int_digit* rem) /* At least result needed - remainder is calculated anyway. */ else { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6972,7 +7062,7 @@ static void _sp_div_small(const sp_int* a, sp_int_digit d, sp_int* r, /* Check whether only mod value needed. */ if (r == NULL) { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6999,7 +7089,7 @@ static void _sp_div_small(const sp_int* a, sp_int_digit d, sp_int* r, #endif /* !WOLFSSL_SP_SMALL */ { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -7071,7 +7161,7 @@ static void _sp_div_d(const sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit t; /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word and divide. */ t = sp_div_word((sp_int_digit)w, a->dp[i], d); @@ -7186,7 +7276,7 @@ static void _sp_mod_d(const sp_int* a, const sp_int_digit d, sp_int_digit* r) #endif /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word and divide. */ sp_int_digit t = sp_div_word((sp_int_digit)w, a->dp[i], d); @@ -7268,7 +7358,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r) } #ifdef WOLFSSL_SP_INT_NEGATIVE - if (a->sign == MP_NEG) { + if ((a->sign == MP_NEG) && (*r != 0)) { *r = d - *r; } #endif @@ -7444,7 +7534,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) ************************/ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD) -/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZEOF)) +/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZE)) * * @param [in] a SP integer to add to. * @param [in] b SP integer to add. @@ -7588,7 +7678,7 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) || \ !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY)) -/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZEOF)) +/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZE)) * a must be greater than b. * * When using offset, r == a is faster. @@ -7619,7 +7709,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, else { i = o; } - /* Index to add at is the offset now. */ + /* Index to sub at is the offset now. */ for (j = 0; (i < a->used) && (j < b->used); i++, j++) { #ifndef SQR_MUL_ASM @@ -7748,10 +7838,17 @@ int sp_sub(const sp_int* a, const sp_int* b, sp_int* r) if ((a == NULL) || (b == NULL) || (r == NULL)) { err = MP_VAL; } +#ifdef WOLFSSL_SP_INT_NEGATIVE /* Check that r is as big as a and b plus one word. */ if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) { err = MP_VAL; } +#else + /* Check that r is as big as a and b. */ + if ((err == MP_OKAY) && ((a->used > r->size) || (b->used > r->size))) { + err = MP_VAL; + } +#endif if (err == MP_OKAY) { #ifndef WOLFSSL_SP_INT_NEGATIVE @@ -8209,12 +8306,11 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) * Assumes a, b, m and r are not NULL. * m and r must not be the same pointer. * - * @param [in] a SP integer to subtract from. - * @param [in] b SP integer to subtract. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. - * - * @return MP_OKAY on success. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [in] m SP integer that is the modulus. + * @param [in] max_size Maximum number of digits in a and b to use. + * @param [out] r SP integer to hold result. */ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, unsigned int max_size, sp_int* r) @@ -8331,7 +8427,7 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) { int err = MP_OKAY; - /* Check result is as big as modulus plus one digit. */ + /* Check result is as big as modulus. */ if (m->used > r->size) { err = MP_VAL; } @@ -8360,6 +8456,15 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) && \ defined(WOLFSSL_ECC_BLIND_K) +/* XOR a and b into r in constant time. r = a ^ b. + * + * Assumes a, b and r have len bytes. + * + * @param [in] a First SP integer to XOR. + * @param [in] b Second SP integer to XOR. + * @param [in] len Number of bytes to XOR. + * @param [out] r SP integer to hold result. + */ void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r) { if ((a != NULL) && (b != NULL) && (r != NULL)) { @@ -8488,7 +8593,7 @@ static int sp_lshb(sp_int* a, int n) * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ #ifdef WOLFSSL_SP_MATH_ALL -/* Shift a right by c digits: a = a >> (n * SP_WORD_SIZE) +/* Shift a right by c digits: a = a >> (c * SP_WORD_SIZE) * * @param [in, out] a SP integer to shift. * @param [in] c Number of digits to shift. @@ -8800,8 +8905,8 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) * * @param [in] a SP integer to be divided. * @param [in] d SP integer to divide by. - * @param [out] r SP integer that is the quotient. - * @param [out] rem SP integer that is the remainder. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. * @param [in] used Number of digits in temporaries to use. * * @return MP_OKAY on success. @@ -8976,8 +9081,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, * * @param [in] a SP integer to be divided. * @param [in] d SP integer to divide by. - * @param [out] r SP integer that is the quotient. - * @param [out] rem SP integer that is the remainder. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. * * @return MP_OKAY on success. * @return MP_VAL when a or d is NULL, r and rem are NULL, or d is 0. @@ -8997,7 +9102,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem) err = MP_VAL; } /* Ensure quotient result has enough memory. */ - if ((err == MP_OKAY) && (r != NULL) && (r->size < a->used - d->used + 2)) { + if ((err == MP_OKAY) && (r != NULL) && (r->size + d->used < a->used + 2)) { err = MP_VAL; } if ((err == MP_OKAY) && (rem != NULL)) { @@ -12270,18 +12375,18 @@ int sp_mulmod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) * 2.2.2. c = (c / 2) mod m * 2.3. Else if u >= v * 2.3.1. u -= v - * 2.3.2. b = (c - b) mod m + * 2.3.2. b = (b - c) mod m * 2.4. Else (v > u) * 2.4.1. v -= u - * 2.4.2. c = (b - c) mod m + * 2.4.2. c = (c - b) mod m * 3. NO_INVERSE if u == 0 * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer that is the modulus. - * @param [in] u SP integer to use in calculation. - * @param [in] v SP integer to use in calculation. - * @param [in] b SP integer to use in calculation. - * @param [out] c SP integer that is the inverse. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [in, out] u SP integer to use in calculation. + * @param [in, out] v SP integer to use in calculation. + * @param [in, out] b SP integer to use in calculation. + * @param [in, out] c SP integer that is the inverse. * * @return MP_OKAY on success. * @return MP_VAL when no inverse. @@ -12325,7 +12430,7 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u, else if (_sp_cmp_abs(u, v) != MP_LT) { /* 2.3.1. u -= v */ _sp_sub_off(u, v, u, 0); - /* 2.3.2. b = (c - b) mod m */ + /* 2.3.2. b = (b - c) mod m */ if (_sp_cmp_abs(b, c) == MP_LT) { _sp_add_off(b, m, b, 0); } @@ -12335,7 +12440,7 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u, else { /* 2.4.1. v -= u */ _sp_sub_off(v, u, v, 0); - /* 2.4.2. c = (b - c) mod m */ + /* 2.4.2. c = (c - b) mod m */ if (_sp_cmp_abs(c, b) == MP_LT) { _sp_add_off(c, m, c, 0); } @@ -12368,13 +12473,13 @@ static int _sp_invmod_bin(const sp_int* a, const sp_int* m, sp_int* u, * 4. If c < 0 then c += m * 5. inv = c * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer that is the modulus. - * @param [in] u SP integer to use in calculation. - * @param [in] v SP integer to use in calculation. - * @param [in] b SP integer to use in calculation. - * @param [in] c SP integer to use in calculation. - * @param [out] inv SP integer that is the inverse. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [in, out] x SP integer to use in calculation. + * @param [in, out] y SP integer to use in calculation. + * @param [in, out] b SP integer to use in calculation. + * @param [in, out] c SP integer to use in calculation. + * @param [out] inv SP integer that is the inverse. * * @return MP_OKAY on success. * @return MP_VAL when no inverse. @@ -12705,8 +12810,8 @@ int sp_invmod(const sp_int* a, const sp_int* m, sp_int* r) * e = exponent * Pre-calc: * 1. pre[0] = 2^0 * a mod m - * 2. For i in 2..CT_INV_MOD_PRE_CNT - * 2.1. pre[i-1] = ((pre[i-2] ^ 2) * a) mod m + * 2. For i in 1..CT_INV_MOD_PRE_CNT-1 + * 2.1. pre[i] = ((pre[i-1] ^ 2) * a) mod m * Calc inverse: * 1. e = m - 2 * 2. j = Count leading 1's up to CT_INV_MOD_PRE_CNT @@ -12773,11 +12878,11 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, * Start with 1.a = a. */ _sp_copy(a, pre[0]); - /* 2. For i in 2..CT_INV_MOD_PRE_CNT + /* 2. For i in 1..CT_INV_MOD_PRE_CNT-1 * For rest of entries in table. */ for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) { - /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */ + /* 2.1 pre[i] = ((pre[i-1] ^ 2) * a) mod m */ /* Previous value ..1 -> ..10 */ _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1)); err = sp_sqr(pre[i-1], pre[i]); @@ -12973,12 +13078,12 @@ int sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, * 4.5. t[j] = t[j] * b * 5. r = t[1] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13109,12 +13214,12 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, * 3.4. t[y] = t[3], t[y^1] = t[2] * 4. r = t[0] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13217,12 +13322,12 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, * 7. t[1] = FromMont(t[1]) * 8. r = t[1] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13359,12 +13464,12 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, * 5. t[0] = FromMont(t[0]) * 6. r = t[0] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13482,20 +13587,20 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, * 4.1 if i[0] == 0 then t[i] = t[i/2] ^ 2 * 4.2 if i[0] == 1 then t[i] = t[i-1] * t[1] * 5. cb = w * (bits / w) - * 5. tr = t[e / (2 ^ cb)] - * 6. For i in cb..w - * 6.1. y = e[(i-1)..(i-w)] - * 6.2. tr = tr ^ (2 * w) - * 6.3. tr = tr * t[y] - * 7. tr = FromMont(tr) - * 8. r = tr - * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * 6. tr = t[e / (2 ^ cb)] + * 7. For i in cb..w + * 7.1. y = e[(i-1)..(i-w)] + * 7.2. tr = tr ^ (2 ^ w) + * 7.3. tr = tr * t[y] + * 8. tr = FromMont(tr) + * 9. r = tr + * + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13620,17 +13725,17 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, c -= winBits; } - /* 5. tr = t[e / (2 ^ cb)] */ + /* 6. tr = t[e / (2 ^ cb)] */ y = (int)(n >> c); n <<= SP_WORD_SIZE - c; - /* 5. Copy table value for first window. */ + /* Copy table value for first window. */ _sp_copy(t[y], tr); - /* 6. For i in cb..w */ + /* 7. For i in cb..w */ for (; (i >= 0) || (c >= winBits); ) { int j; - /* 6.1. y = e[(i-1)..(i-w)] */ + /* 7.1. y = e[(i-1)..(i-w)] */ if (c == 0) { /* Bits up to end of digit */ n = e->dp[i--]; @@ -13654,7 +13759,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, c -= winBits; } - /* 6.2. tr = tr ^ (2 * w) */ + /* 7.2. tr = tr ^ (2 ^ w) */ for (j = 0; (j < winBits) && (err == MP_OKAY); j++) { err = sp_sqr(tr, tr); if (err == MP_OKAY) { @@ -13662,7 +13767,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, } } - /* 6.3. tr = tr * t[y] */ + /* 7.3. tr = tr * t[y] */ if (err == MP_OKAY) { err = sp_mul(tr, t[y], tr); } @@ -13673,13 +13778,13 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, } if (err == MP_OKAY) { - /* 7. tr = FromMont(tr) */ + /* 8. tr = FromMont(tr) */ err = _sp_mont_red(tr, m, mp, 0); /* Reduction implementation returns number to range: 0..m-1. */ } } if ((!done) && (err == MP_OKAY)) { - /* 8. r = tr */ + /* 9. r = tr */ _sp_copy(tr, r); } @@ -13717,27 +13822,27 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, * WC_NO_HARDEN defined or modulus fits in one word. * * Algorithm: - * b: base, e: exponent, m: modulus, r: result, bits: #bits to use + * b: base, e: exponent, m: modulus, r: result, digits: #digits to use * w: window size based on #bits in word. * 1. if Words(m) > 1 then tr = MontNorm(m) = ToMont(1) * else tr = 1 * 2. if Words(m) > 1 and HARDEN then a = m * (2 ^ (2^w)) * else a = 0 - * 3. cb = w * (bits / w) + * 3. cb = w * ((digits * SP_WORD_SIZE) / w) * 4. y = e / (2 ^ cb) * 5. tr = (tr * (2 ^ y) + a) mod m * 6. For i in cb..w * 6.1. y = e[(i-1)..(i-w)] - * 6.2. tr = tr ^ (2 * w) + * 6.2. tr = tr ^ (2 ^ w) * 6.3. tr = ((tr * (2 ^ y) + a) mod m * 7. if Words(m) > 1 then tr = FromMont(tr) * 8. r = tr * - * @param [in] e SP integer that is the exponent. - * @param [in] digits Number of digits in exponent to use. May be greater than - * count of digits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] e SP integer that is the exponent. + * @param [in] digits Number of digits in exponent to use. May be greater than + * count of digits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13816,7 +13921,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, #endif if (err == MP_OKAY) { - /* 3. cb = w * (bits / w) */ + /* 3. cb = w * ((digits * SP_WORD_SIZE) / w) */ i = digits - 1; n = e->dp[i--]; c = SP_WORD_SIZE; @@ -13878,7 +13983,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, c -= EXP2_WINSIZE; } - /* 6.2. tr = tr ^ (2 * w) */ + /* 6.2. tr = tr ^ (2 ^ w) */ for (j = 0; (j < EXP2_WINSIZE) && (err == MP_OKAY); j++) { err = sp_sqr(tr, tr); if (err == MP_OKAY) { @@ -13937,12 +14042,12 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, * * Error returned when parameters r == e or r == m and base >= modulus. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] digits Number of digits in exponent to use. May be greater - * than count of digits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] digits Number of digits in exponent to use. May be greater + * than count of digits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when b, e, m or r is NULL, digits is negative, or m <= 0 or @@ -14174,12 +14279,10 @@ int sp_exptmod(const sp_int* b, const sp_int* e, const sp_int* m, sp_int* r) * 5.2.1. Montgomery multiply result by Montgomery form of base. * 6. Convert result back from Montgomery form. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -14665,18 +14768,17 @@ int sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, sp_int* r) * * @param [in] a SP integer to divide. * @param [in] e Exponent bits (dividing by 2^e). - * @param [in] m SP integer that is the modulus. * @param [out] r SP integer to hold result. * @param [out] rem SP integer to hold remainder. * * @return MP_OKAY on success. - * @return MP_VAL when a is NULL or e is negative. + * @return MP_VAL when a or r is NULL or e is negative. */ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem) { int err = MP_OKAY; - if ((a == NULL) || (e < 0)) { + if ((a == NULL) || (r == NULL) || (e < 0)) { err = MP_VAL; } @@ -17388,7 +17490,7 @@ int sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r) * 2.3. a += mu * DigitMask(m, 0) * 2.4. For j = 1 up to NumDigits(m)-2 * 2.4.1 a += mu * DigitMask(m, j) - * 2.5 a += mu * DigitMask(m, NumDigits(m)-1)) + * 2.5 a += mu * DigitMask(m, NumDigits(m)-1) * 3. a >>= NumBits(m) * 4. a = a % m * @@ -17419,9 +17521,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) #ifndef WOLFSSL_NO_CT_OPS if (ct) { for (i = 0; i < (unsigned int)m->used * 2; i++) { - a->dp[i] &= - (sp_int_digit) - (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); + a->dp[i] &= (sp_int_digit) + (sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i); } } else @@ -17446,7 +17547,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) w >>= SP_WORD_SIZE; a->dp[2] = (sp_int_digit)w; a->used = 3; - /* mp is SP_WORD_SIZE */ + /* bits is SP_WORD_SIZE */ bits = SP_WORD_SIZE; } else { @@ -17486,7 +17587,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) w += o; w += a->dp[i + j]; o = (sp_int_digit)(w >> SP_WORD_SIZE); - /* 2.5 a += mu * DigitMask(m, NumDigits(m)-1)) */ + /* 2.5 a += mu * DigitMask(m, NumDigits(m)-1) */ w = ((sp_int_word)mu * m->dp[j]) + (sp_int_digit)w; a->dp[i + j] = (sp_int_digit)w; w >>= SP_WORD_SIZE; @@ -17547,9 +17648,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) #ifndef WOLFSSL_NO_CT_OPS if (ct) { for (i = 0; i < (unsigned int)m->used * 2; i++) { - a->dp[i] &= - (sp_int_digit) - (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); + a->dp[i] &= (sp_int_digit) + (sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i); } } else @@ -17577,7 +17677,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) a->dp[1] = l; a->dp[2] = h; a->used = (sp_size_t)(m->used * 2 + 1); - /* mp is SP_WORD_SIZE */ + /* bits is SP_WORD_SIZE */ bits = SP_WORD_SIZE; } #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) @@ -17901,8 +18001,8 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) * Jeffrey Hurchalla's method. * https://arxiv.org/pdf/2204.04342.pdf * - * @param [in] m SP integer that is the modulus. - * @param [out] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] m SP integer that is the modulus. + * @param [out] rho SP integer digit that is the bottom digit of inv(-m). */ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho) { @@ -17930,8 +18030,8 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho) * * Used when performing Montgomery Reduction. * - * @param [in] m SP integer that is the modulus. - * @param [out] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] m SP integer that is the modulus. + * @param [out] rho SP integer digit that is the bottom digit of inv(-m). * * @return MP_OKAY on success. * @return MP_VAL when m or rho is NULL. @@ -18023,7 +18123,7 @@ int sp_mont_norm(sp_int* norm, const sp_int* m) /* Calculate the number of 8-bit values required to represent the * multi-precision number. * - * When a is NULL, return s 0. + * When a is NULL, returns 0. * * @param [in] a SP integer. * @@ -18279,19 +18379,16 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) } } #else - if ((err == MP_OKAY) && ((unsigned int)outSz < a->used)) { - err = MP_VAL; - } if (err == MP_OKAY) { - unsigned int i; + int i; int j; volatile sp_int_digit mask = (sp_int_digit)-1; i = 0; for (j = outSz - 1; j >= 0; j--) { out[j] = a->dp[i] & mask; - mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); - i += (unsigned int)(1 & mask); + mask &= (sp_int_digit)0 - (i < (int)a->used - 1); + i += 1 & mask; } } #endif @@ -18338,8 +18435,7 @@ int sp_to_unsigned_bin_at_pos(int o, const sp_int* a, unsigned char* out) * @param [in] in NUL terminated string. * * @return MP_OKAY on success. - * @return MP_VAL when radix is not supported, value is negative, or a - * character is not valid. + * @return MP_VAL when a character is not valid or not enough space in a. */ static int _sp_read_radix_16(sp_int* a, const char* in) { @@ -18414,8 +18510,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in) * @param [in] in NUL terminated string. * * @return MP_OKAY on success. - * @return MP_VAL when radix is not supported, value is negative, or a - * character is not valid. + * @return MP_VAL when a character is not valid. */ static int _sp_read_radix_10(sp_int* a, const char* in) { @@ -18644,7 +18739,7 @@ int sp_tohex(const sp_int* a, char* str) * Use sp_radix_size() to calculate required length. * * @param [in] a SP integer to convert. - * @param [out] str String to hold hex string result. + * @param [out] str String to hold decimal string result. * * @return MP_OKAY on success. * @return MP_VAL when a or str is NULL. @@ -18721,7 +18816,7 @@ int sp_todecimal(const sp_int* a, char* str) /* Put the string version, big-endian, of a in str using the given radix. * * @param [in] a SP integer to convert. - * @param [out] str String to hold hex string result. + * @param [out] str String to hold radix based string result. * @param [in] radix Base of character. * Valid values: MP_RADIX_HEX, MP_RADIX_DEC. * @@ -19024,12 +19119,12 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) * * a is assumed to be odd. * - * @param [in] a SP integer to check. - * @param [in] b SP integer that is a small prime. - * @param [out] result MP_YES when number is likely prime. - * MP_NO otherwise. - * @param [in] n1 SP integer temporary. - * @param [in] r SP integer temporary. + * @param [in] a SP integer to check. + * @param [in, out] b SP integer that is a small prime or random value. + * @param [out] result MP_YES when number is likely prime. + * MP_NO otherwise. + * @param [out] n1 SP integer temporary. + * @param [out] r SP integer temporary. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -19440,7 +19535,7 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result, sp_clamp(b); } - /* Can't use random value it is: 0, 1, a-2, a-1, >= a */ + /* Can't use random value it is: 0, 1, 2, a-2, a-1, >= a */ if ((sp_cmp_d(b, 2) != MP_GT) || (_sp_cmp(b, c) != MP_LT)) { continue; } @@ -19558,9 +19653,9 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng) * Euclidean Algorithm: * 1. If a > b then a = b, b = a * 2. u = a - * 3. v = b % a + * 3. v = b mod a * 4. While v != 0 - * 4.1. t = u % v + * 4.1. t = u mod v * 4.2. u <= v, v <= t, t <= u * 5. r = u * @@ -19604,7 +19699,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r) a = b; b = tmp; } - /* 2. u = a, v = b mod a */ + /* 2. u = a */ _sp_copy(a, u); /* 3. v = b mod a */ if (a->used == 1) { @@ -19816,7 +19911,7 @@ int sp_lcm(const sp_int* a, const sp_int* b, sp_int* r) } #ifdef WOLFSSL_SP_INT_NEGATIVE /* Ensure a and b are positive. */ - else if ((a->sign == MP_NEG) || (b->sign >= MP_NEG)) { + else if ((a->sign == MP_NEG) || (b->sign == MP_NEG)) { err = MP_VAL; } #endif diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index 3e0a7d2b7ab..e0990fdf4ea 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -43,9 +43,12 @@ #if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) -#if !defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) +#if (!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) /* all off / all on pointer addresses for constant calculations */ /* ecc.c uses same table */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 80866209c5f..6eae5000bd1 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -30358,15 +30358,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void) #if defined(HAVE_PKCS12) && !defined(NO_SHA256) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) { - WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, - 0x00, 0x00 }; - WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; - - WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, - 0x00, 0x67, 0x00, 0x00 }; - WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; - byte derived[64]; + WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, @@ -30379,6 +30385,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C }; + byte derived[64]; int id = 1; int kLen = 24; int iterations = 1; @@ -30395,12 +30402,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) iterations = 1000; ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id); + iterations, kLen, WC_SHA256, id); if (ret < 0) return WC_TEST_RET_ENC_EC(ret); ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id, HEAP_HINT); + iterations, kLen, WC_SHA256, id, HEAP_HINT); if (ret < 0) return WC_TEST_RET_ENC_EC(ret); @@ -34028,8 +34035,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif -#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \ - (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \ +#if defined(HAVE_ECC_SIGN) && !defined(WC_NO_RNG) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K) tmpSz = ECC_BUFSIZE; ret = 0; @@ -34357,11 +34363,11 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); word32 y; #endif +#ifndef WC_NO_RNG #ifdef HAVE_ECC_KEY_EXPORT #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32) WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); #endif - word32 x = 0; #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ defined(HAVE_ECC_SIGN) @@ -34372,6 +34378,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif int verify; #endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_SIGN */ +#endif /* WC_NO_RNG */ wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -34385,6 +34392,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif #ifndef WC_NO_RNG int curveSize; #endif + word32 x = 0; #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) @@ -34662,7 +34670,6 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif #endif /* HAVE_COMP_KEY */ #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */ -#endif /* !WC_NO_RNG */ #endif /* HAVE_ECC_KEY_IMPORT */ #endif /* HAVE_ECC_KEY_EXPORT */ @@ -34759,6 +34766,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif #elif defined(HAVE_ECC_KEY_EXPORT) (void)exportBuf; #endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* !WC_NO_RNG */ done: @@ -38377,8 +38385,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) ecc_key tmpKey[1]; #endif WC_RNG rng; - word32 idx = 0; wc_test_ret_t ret; + word32 idx = 0; +#ifndef WC_NO_RNG /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ byte in[] = "Everyone gets Friday off. ecc p"; word32 inLen = (word32)XSTRLEN((char*)in); @@ -38387,6 +38396,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) int verify = 0; word32 x; WOLFSSL_ENTER("ecc_test_buffers"); +#endif XMEMSET(&rng, 0, sizeof(WC_RNG)); @@ -38448,7 +38458,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif -#endif /* !WC_NO_RNG */ +#endif #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \ defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) @@ -38476,6 +38486,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) } #endif +#ifndef WC_NO_RNG x = sizeof(out); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -38503,6 +38514,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) if (verify != 1) ERROR_OUT(WC_TEST_RET_ENC_NC, done); TEST_SLEEP(); +#endif #ifdef WOLFSSL_CERT_EXT idx = 0; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index b54a7c95b52..5956213bff0 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -255,6 +255,16 @@ typedef const char wcchar[]; #endif #endif +#if defined(HAVE___UINT128_T) && !defined(NO_INT128) + #ifdef __SIZEOF_INT128__ + typedef __uint128_t word128; + typedef __int128_t sword128; + #else + typedef unsigned long word128 __attribute__ ((mode(TI))); + typedef long sword128 __attribute__ ((mode(TI))); + #endif +#endif + #if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \ (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ defined(__BCPLUSPLUS__) || \ diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index 9a9bed1ae2e..f6563299790 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -74,9 +74,12 @@ This library provides big integer math functions. #endif /* timing resistance array */ -#if !defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) +#if (!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) extern const wc_ptr_t wc_off_on_addr[2]; #endif