Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
This commit is contained in:
David Garske
parent
5fa80a2667
commit
aa1a405dd1
13
configure.ac
13
configure.ac
@ -781,6 +781,19 @@ then
|
||||
fi
|
||||
|
||||
|
||||
# Compressed Key
|
||||
AC_ARG_ENABLE([compkey],
|
||||
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
|
||||
[ ENABLED_COMPKEY=$enableval ],
|
||||
[ ENABLED_COMPKEY=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_COMPKEY" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
|
||||
fi
|
||||
|
||||
|
||||
# for using memory optimization setting on both curve25519 and ed25519
|
||||
ENABLED_CURVED25519_SMALL=no
|
||||
|
||||
|
||||
@ -2746,7 +2746,7 @@ static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
|
||||
/* Determine if curve "a" should be used in calc */
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
/* compute y^2 - x^3 + a*x */
|
||||
mp_clear(&t2);
|
||||
mp_set(&t2, 0);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_submod(prime, &a, prime, &t2);
|
||||
if (err == MP_OKAY)
|
||||
@ -2894,7 +2894,7 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* a, mp_int* prime,
|
||||
}
|
||||
|
||||
|
||||
/* perform sanity checks on ec key validity, 0 on success */
|
||||
/* perform sanity checks on ecc key validity, 0 on success */
|
||||
int wc_ecc_check_key(ecc_key* key)
|
||||
{
|
||||
mp_int prime; /* used by multiple calls so let's cache */
|
||||
@ -5462,7 +5462,7 @@ int mp_jacobi(mp_int* a, mp_int* n, int* c)
|
||||
res = mp_jacobi (&p1, &a1, &r);
|
||||
|
||||
if (res == MP_OKAY)
|
||||
*c = s * r;
|
||||
*c = s * r;
|
||||
}
|
||||
}
|
||||
|
||||
@ -5474,25 +5474,39 @@ int mp_jacobi(mp_int* a, mp_int* n, int* c)
|
||||
}
|
||||
|
||||
|
||||
/* Solves the modular equation x^2 = n (mod p)
|
||||
* where prime number is greater than 2 (odd prime).
|
||||
* The result is returned in the third argument x
|
||||
* the function returns MP_OKAY on success, MP_VAL or another error on failure
|
||||
*/
|
||||
int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
{
|
||||
int res, legendre, done = 0;
|
||||
mp_int t1, C, Q, S, Z, M, T, R, two;
|
||||
mp_digit i;
|
||||
|
||||
/* first handle the simple cases */
|
||||
/* first handle the simple cases n = 0 or n = 1 */
|
||||
if (mp_cmp_d(n, 0) == MP_EQ) {
|
||||
mp_zero(ret);
|
||||
return MP_OKAY;
|
||||
}
|
||||
if (mp_cmp_d(n, 1) == MP_EQ) {
|
||||
mp_set(ret, 1);
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
/* prime must be odd */
|
||||
if (mp_cmp_d(prime, 2) == MP_EQ)
|
||||
if (mp_cmp_d(prime, 2) == MP_EQ) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
/* TAO removed
|
||||
if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) return res;
|
||||
if (legendre == -1) return MP_VAL; */ /* quadratic non-residue mod prime */
|
||||
/* is quadratic non-residue mod prime */
|
||||
if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) {
|
||||
return res;
|
||||
}
|
||||
if (legendre == -1) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
if ((res = mp_init_multi(&t1, &C, &Q, &S, &Z, &M)) != MP_OKAY)
|
||||
return res;
|
||||
@ -5587,6 +5601,8 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
|
||||
|
||||
while (res == MP_OKAY && done == 0) {
|
||||
res = mp_copy(&T, &t1);
|
||||
|
||||
/* reduce to 1 and count */
|
||||
i = 0;
|
||||
while (res == MP_OKAY) {
|
||||
if (mp_cmp_d(&t1, 1) == MP_EQ)
|
||||
|
||||
@ -4801,7 +4801,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose)
|
||||
char *buffer;
|
||||
int size = a->alloc;
|
||||
|
||||
buffer = (char*)XMALLOC(size * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buffer = (char*)XMALLOC(size * sizeof(mp_digit) * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buffer == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
@ -891,7 +891,7 @@ top:
|
||||
int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
|
||||
{
|
||||
fp_int x, y, u, v, B, D;
|
||||
int neg, loop_check = 0;
|
||||
int neg;
|
||||
|
||||
/* 2. [modified] b must be odd */
|
||||
if (fp_iseven (b) == FP_YES) {
|
||||
@ -955,8 +955,6 @@ top:
|
||||
|
||||
/* if not zero goto step 4 */
|
||||
if (fp_iszero (&u) == FP_NO) {
|
||||
if (++loop_check > 4096) /* bad input */
|
||||
return FP_VAL;
|
||||
goto top;
|
||||
}
|
||||
|
||||
@ -2968,8 +2966,7 @@ int mp_init_copy(fp_int * a, fp_int * b)
|
||||
|
||||
int mp_cnt_lsb(fp_int* a)
|
||||
{
|
||||
fp_cnt_lsb(a);
|
||||
return MP_OKAY;
|
||||
return fp_cnt_lsb(a);
|
||||
}
|
||||
|
||||
#endif /* HAVE_COMP_KEY */
|
||||
|
||||
@ -6675,7 +6675,7 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize)
|
||||
}
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
int testCompressedKey, const ecc_set_type* dp)
|
||||
const ecc_set_type* dp)
|
||||
{
|
||||
#ifdef BENCH_EMBEDDED
|
||||
byte sharedA[128]; /* Needs to be at least keySize */
|
||||
@ -6735,7 +6735,6 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
|
||||
#ifdef HAVE_ECC_KEY_EXPORT
|
||||
x = sizeof(exportBuf);
|
||||
|
||||
ret = wc_ecc_export_x963(&userA, exportBuf, &x);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-1006, done);
|
||||
@ -6755,11 +6754,9 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
ERROR_OUT(-1009, done);
|
||||
#endif /* HAVE_ECC_DHE */
|
||||
|
||||
if (testCompressedKey) {
|
||||
#ifdef HAVE_COMP_KEY
|
||||
/* try compressed export / import too */
|
||||
x = sizeof(exportBuf);
|
||||
|
||||
ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-1010, done);
|
||||
@ -6780,7 +6777,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
ERROR_OUT(-1013, done);
|
||||
#endif /* HAVE_ECC_DHE */
|
||||
#endif /* HAVE_COMP_KEY */
|
||||
}
|
||||
|
||||
#endif /* HAVE_ECC_KEY_IMPORT */
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
|
||||
@ -6850,15 +6847,9 @@ done:
|
||||
#define ECC_TEST_VERIFY_COUNT 2
|
||||
static int ecc_test_curve(WC_RNG* rng, int keySize)
|
||||
{
|
||||
int ret, testCompressedKey = 1;
|
||||
int ret;
|
||||
|
||||
/* At this time, ECC 224-bit does not work with compressed key */
|
||||
if (keySize == 28) {
|
||||
testCompressedKey = 0;
|
||||
}
|
||||
|
||||
ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
|
||||
testCompressedKey, NULL);
|
||||
ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, NULL);
|
||||
if (ret < 0) {
|
||||
printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
|
||||
return ret;
|
||||
@ -6936,7 +6927,7 @@ int ecc_test(void)
|
||||
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
|
||||
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
|
||||
};
|
||||
ret = ecc_test_curve_size(&rng, -1, ECC_TEST_VERIFY_COUNT, 0, &ecc_cust_dp);
|
||||
ret = ecc_test_curve_size(&rng, -1, ECC_TEST_VERIFY_COUNT, &ecc_cust_dp);
|
||||
if (ret < 0) {
|
||||
printf("ecc_test_curve_size custom failed!: %d\n", ret);
|
||||
goto done;
|
||||
|
||||
@ -347,9 +347,7 @@ typedef struct {
|
||||
#define TFM_SQR64
|
||||
#endif
|
||||
|
||||
/* do we want some overflow checks
|
||||
Not required if you make sure your numbers are within range (e.g. by default a modulus for fp_exptmod() can only be up to 2048 bits long)
|
||||
*/
|
||||
/* Optional math checks (enable WOLFSSL_DEBUG_MATH to print info) */
|
||||
/* #define TFM_CHECK */
|
||||
|
||||
/* Is the target a P4 Prescott
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user