ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size.

2016-05-10 15:05:11 -07:00 · 2016-05-10 15:05:11 -07:00 · 5703e5eadb
parent bb17bac018
commit 5703e5eadb
7 changed files with 634 additions and 394 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -16527,7 +16527,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
                         const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
                         const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
 {
-    mp_int prime;
+    mp_int a, prime;

    (void)ctx;
    (void)n;
@ -16549,25 +16549,29 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
        }
    }

-    /* compute the prime value of the curve */
-    if (mp_init(&prime) != MP_OKAY) {
-        WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed");
+    /* read the curve prime and a */
+    if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul init 'prime/A' failed");
        return SSL_FAILURE;
    }
-
    if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY){
-        WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed");
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul read 'prime' curve value failed");
+        return SSL_FAILURE;
+    }
+    if (mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16) != MP_OKAY){
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul read 'A' curve value failed");
        return SSL_FAILURE;
    }

    /* r = q * m % prime */
    if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
-                      (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
+                      (ecc_point*)r->internal, &a, &prime, 1) != MP_OKAY) {
        WOLFSSL_MSG("ecc_mulmod failure");
        mp_clear(&prime);
        return SSL_FAILURE;
    }

+    mp_clear(&a);
    mp_clear(&prime);

    /* set the external value for the computed point */
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@ -2643,16 +2643,56 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
    return res;
  }

-  if ((res = mp_mul (a, b, &t)) != MP_OKAY) {
-    mp_clear (&t);
-    return res;
+  res = mp_mul (a, b, &t);
+  if (res == MP_OKAY) {
+      res = mp_mod (&t, c, d);
  }
-  res = mp_mod (&t, c, d);
+
  mp_clear (&t);
  return res;
 }


+/* d = a - b (mod c) */
+int mp_submod(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
+{
+  int     res;
+  mp_int  t;
+
+  if ((res = mp_init (&t)) != MP_OKAY) {
+    return res;
+  }
+
+  res = mp_sub (a, b, &t);
+  if (res == MP_OKAY) {
+      res = mp_mod (&t, c, d);
+  }
+
+  mp_clear (&t);
+
+  return res;
+}
+
+/* d = a + b (mod c) */
+int mp_addmod(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
+{
+   int     res;
+   mp_int  t;
+
+   if ((res = mp_init (&t)) != MP_OKAY) {
+     return res;
+   }
+
+   res = mp_add (a, b, &t);
+   if (res == MP_OKAY) {
+       res = mp_mod (&t, c, d);
+   }
+
+   mp_clear (&t);
+
+   return res;
+}
+
 /* computes b = a*a */
 int mp_sqr (mp_int * a, mp_int * b)
 {
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@ -984,10 +984,46 @@ top:
 /* d = a * b (mod c) */
 int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
 {
-  fp_int tmp;
-  fp_init(&tmp);
-  fp_mul(a, b, &tmp);
-  return fp_mod(&tmp, c, d);
+  int err;
+  fp_int t;
+
+  fp_init(&t);
+  fp_mul(a, b, &t);
+  err = fp_mod(&t, c, &t);
+  fp_copy(&t, d);
+  fp_clear(&t);
+
+  return err;
+}
+
+/* d = a - b (mod c) */
+int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
+{
+  int err;
+  fp_int t;
+
+  fp_init(&t);
+  fp_sub(a, b, &t);
+  err = fp_mod(&t, c, &t);
+  fp_copy(&t, d);
+  fp_clear(&t);
+
+  return err;
+}
+
+/* d = a + b (mod c) */
+int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
+{
+  int err;
+  fp_int t;
+
+  fp_init(&t);
+  fp_add(a, b, &t);
+  err = fp_mod(&t, c, &t);
+  fp_copy(&t, d);
+  fp_clear(&t);
+
+  return err;
 }

 #ifdef TFM_TIMING_RESISTANT
@ -2148,6 +2184,18 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
  return fp_mulmod(a, b, c, d);
 }

+/* d = a - b (mod c) */
+int mp_submod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
+{
+  return fp_submod(a, b, c, d);
+}
+
+/* d = a + b (mod c) */
+int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
+{
+  return fp_addmod(a, b, c, d);
+}
+
 /* c = a mod b, 0 <= c < b */
 int mp_mod (mp_int * a, mp_int * b, mp_int * c)
 {
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@ -233,11 +233,11 @@ WOLFSSL_API
 int wc_ecc_is_valid_idx(int n);
 WOLFSSL_API
 int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
-                  mp_int* modulus, int map);
+                  mp_int* a, mp_int* modulus, int map);

 WOLFSSL_LOCAL
 int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
-                  mp_int* modulus, int map, void* heap);
+                  mp_int* a, mp_int* modulus, int map, void* heap);
 #ifdef HAVE_ECC_KEY_EXPORT
 /* ASN key helpers */
 WOLFSSL_API
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@ -296,6 +296,8 @@ int  mp_mul_2(mp_int * a, mp_int * b);
 int  mp_mul (mp_int * a, mp_int * b, mp_int * c);
 int  mp_sqr (mp_int * a, mp_int * b);
 int  mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+int  mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+int  mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
 int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
 int  mp_2expt (mp_int * a, int b);
 int  mp_set_bit (mp_int * a, int b);
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@ -481,6 +481,12 @@ void fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
 /* d = a * b (mod c) */
 int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);

+/* d = a - b (mod c) */
+int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* d = a + b (mod c) */
+int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
 /* c = a * a (mod b) */
 int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);

@ -621,6 +627,8 @@ int  mp_add_d (mp_int * a, mp_digit b, mp_int * c);

 int  mp_mul (mp_int * a, mp_int * b, mp_int * c);
 int  mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+int  mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+int  mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
 int  mp_mod(mp_int *a, mp_int *b, mp_int *c);
 int  mp_invmod(mp_int *a, mp_int *b, mp_int *c);
 int  mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);