DO-178 changes

This commit is contained in:
Tesfa Mael 2020-07-09 15:13:01 -07:00
parent 3381eb2094
commit cebb283822
24 changed files with 336 additions and 176 deletions

View File

@ -7486,11 +7486,9 @@ static int test_wc_Sha384Copy (void)
}
}
wc_Sha384Free(&sha384);
wc_Sha384Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
@ -9043,9 +9041,7 @@ static int test_wc_Sha3_GetFlags (void)
ret = 0;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
@ -9259,7 +9255,6 @@ static int test_wc_Shake256_Copy (void)
#endif
return ret;
} /* END test_wc_Shake256_Copy */
/*
* Unit test function for wc_Shake256Hash()
@ -13219,13 +13214,13 @@ static int test_wc_RsaPrivateKeyDecode (void)
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
if (ret == ASN_PARSE_E) {
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == ASN_PARSE_E) {
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
@ -27367,14 +27362,14 @@ static void test_wolfSSL_ERR_print_errors(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
ERR_put_error(0,SYS_F_BIND, -295, "asn.c", 100);
ERR_print_errors(bio);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
buf, 55), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
AssertIntEQ(XSTRNCMP("error:275:wolfSSL library:unknown error number:asn.c:100",
AssertIntEQ(XSTRNCMP("error:295:wolfSSL library:unknown error number:asn.c:100",
buf, 56), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);

View File

@ -19,7 +19,15 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interfaces to the Advanced Encryption Standard (AES)
for encrypting and decrypting data. AES is the standard known for a symmetric
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
192-bits, and 256-bits of key sizes.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

View File

@ -19,7 +19,14 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
ASN.1 is a standard interface description language for defining data structures
that can be serialized and deserialized in a cross-platform way.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -2581,7 +2588,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
{
int version, length;
if (inOutIdx == NULL) {
if (inOutIdx == NULL || input == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
if (GetSequence(input, inOutIdx, &length, inSz) < 0)

View File

@ -18,15 +18,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* based from
* chacha-ref.c version 20080118
* D. J. Bernstein
* Public domain.
*/
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher.
*/
#ifdef WOLFSSL_ARMASM
/* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
@ -112,25 +109,17 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
{
word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
#ifdef CHACHA_AEAD_TEST
word32 i;
printf("NONCE : ");
for (i = 0; i < CHACHA_IV_BYTES; i++) {
printf("%02x", inIv[i]);
}
printf("\n\n");
#endif
if (ctx == NULL)
if (ctx == NULL || inIv == NULL)
return BAD_FUNC_ARG;
XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
ctx->left = 0; /* resets state */
ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */
ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
ctx->X[CHACHA_IV_BYTES+2] = LITTLE32(temp[1]); /* counter from nonce */
ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+0] = counter; /* block counter */
ctx->X[CHACHA_MATRIX_CNT_IV+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+2] = LITTLE32(temp[1]); /* counter from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+3] = LITTLE32(temp[2]); /* counter from nonce */
return 0;
}
@ -152,7 +141,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
word32 alignKey[8];
#endif
if (ctx == NULL)
if (ctx == NULL || key == NULL)
return BAD_FUNC_ARG;
if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
@ -270,13 +259,13 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */
output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left;
for (i = 0; i < bytes && i < ctx->left; i++) {
c[i] = m[i] ^ output[i];
c[i] = (byte)(m[i] ^ output[i]);
}
ctx->left = ctx->left - i;
/* Used up all of the stream that was left, increment the counter */
if (ctx->left == 0) {
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
}
bytes = bytes - i;
c += i;
@ -286,9 +275,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
output = (byte*)temp;
while (bytes >= CHACHA_CHUNK_BYTES) {
wc_Chacha_wordtobyte(temp, ctx->X);
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) {
c[i] = m[i] ^ output[i];
c[i] = (byte)(m[i] ^ output[i]);
}
bytes -= CHACHA_CHUNK_BYTES;
c += CHACHA_CHUNK_BYTES;
@ -314,7 +303,7 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
word32 msglen)
{
if (ctx == NULL)
if (ctx == NULL || input == NULL || output == NULL)
return BAD_FUNC_ARG;
#ifdef USE_INTEL_CHACHA_SPEEDUP

View File

@ -18,8 +18,14 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher and
the Poly1305 authenticator, both as as combined-mode,
or Authenticated Encryption with Additional Data (AEAD) algorithm.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -141,7 +147,7 @@ int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
/* setup aead context */
XMEMSET(aead, 0, sizeof(ChaChaPoly_Aead));
XMEMSET(authKey, 0, sizeof(authKey));
aead->isEncrypt = isEncrypt;
aead->isEncrypt = (byte)isEncrypt;
/* Initialize the ChaCha20 context (key and iv) */
ret = wc_Chacha_SetKey(&aead->chacha, inKey,
@ -189,6 +195,8 @@ int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
aead->state != CHACHA20_POLY1305_STATE_AAD) {
return BAD_STATE_E;
}
if (inAADLen > CHACHA20_POLY1305_MAX - aead->aadLen)
return CHACHA_POLY_OVERFLOW;
if (inAAD && inAADLen > 0) {
ret = wc_Poly1305Update(&aead->poly, inAAD, inAADLen);
@ -215,6 +223,8 @@ int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
aead->state != CHACHA20_POLY1305_STATE_DATA) {
return BAD_STATE_E;
}
if (dataLen > CHACHA20_POLY1305_MAX - aead->dataLen)
return CHACHA_POLY_OVERFLOW;
/* Pad the AAD */
if (aead->state == CHACHA20_POLY1305_STATE_AAD) {
@ -261,7 +271,7 @@ int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
ret = wc_Poly1305_Pad(&aead->poly, aead->aadLen);
}
/* Pad the ciphertext to 16 bytes */
/* Pad the plaintext/ciphertext to 16 bytes */
if (ret == 0) {
ret = wc_Poly1305_Pad(&aead->poly, aead->dataLen);
}

View File

@ -512,6 +512,9 @@ const char* wc_GetErrorString(int error)
case PSS_SALTLEN_RECOVER_E:
return "PSS - Salt length unable to be recovered";
case CHACHA_POLY_OVERFLOW:
return "wolfcrypt - ChaCha20_Poly1305 limit overflow 4GB";
case ASN_SELF_SIGNED_E:
return "ASN self-signed certificate error";

View File

@ -18,8 +18,13 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This module implements the arithmetic-shift right, left, byte swapping, XOR,
masking and clearing memory logic.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -77,13 +82,14 @@
}
#else /* generic */
/* This routine performs a left circular arithmetic shift of <x> by <y> value. */
WC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
{
return (x << y) | (x >> (sizeof(y) * 8 - y));
}
/* This routine performs a right circular arithmetic shift of <x> by <y> value. */
WC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
{
return (x >> y) | (x << (sizeof(y) * 8 - y));
@ -91,7 +97,7 @@
#endif
/* This routine performs a byte swap of 32-bit word value. */
WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
{
#ifdef PPC_INTRINSICS
@ -114,8 +120,8 @@ WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
return rotlFixed(value, 16U);
#endif
}
#if defined(LITTLE_ENDIAN_ORDER)
/* This routine performs a byte swap of words array of a given count. */
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
word32 byteCount)
{
@ -125,7 +131,7 @@ WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
out[i] = ByteReverseWord32(in[i]);
}
#endif /* LITTLE_ENDIAN_ORDER */
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
@ -172,6 +178,8 @@ WC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
#ifndef WOLFSSL_NO_XOR_OPS
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */
WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
{
word32 i;
@ -179,6 +187,8 @@ WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32
for (i = 0; i < n; i++) r[i] ^= a[i];
}
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
counts, placing the result in <*buf>. */
WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
{
@ -196,7 +206,8 @@ WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
#endif
#ifndef WOLFSSL_NO_FORCE_ZERO
/* Make sure compiler doesn't skip */
/* This routine fills the first len bytes of the memory area pointed by mem
with zeros. It ensures compiler optimizations doesn't skip it */
WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
{
volatile byte* z = (volatile byte*)mem;
@ -242,6 +253,7 @@ WC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length
#if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
#define min min
#endif
/* returns the smaller of a and b */
WC_STATIC WC_INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
@ -323,7 +335,7 @@ WC_STATIC WC_INLINE word32 btoi(byte b)
/* Constant time - mask set when a > b. */
WC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
return ((byte)(((word32)a - b - 1) >> 31) - 1);
}
/* Constant time - mask set when a >= b. */
@ -356,16 +368,19 @@ WC_STATIC WC_INLINE byte ctMaskEq(int a, int b)
return (~ctMaskGT(a, b)) & (~ctMaskLT(a, b));
}
/* Constant time - sets 16 bit integer mask when a > b */
WC_STATIC WC_INLINE word16 ctMask16GT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
}
/* Constant time - sets 16 bit integer mask when a < b. */
WC_STATIC WC_INLINE word16 ctMask16LT(int a, int b)
{
return (((word32)b - a - 1) >> 31) - 1;
}
/* Constant time - sets 16 bit integer mask when a == b. */
WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b)
{
return (~ctMask16GT(a, b)) & (~ctMask16LT(a, b));

View File

@ -18,11 +18,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* Based off the public domain implementations by Andrew Moon
* and Daniel J. Bernstein
*/
DESCRIPTION
This library contains implementation for the Poly1305 authenticator.
*/
#ifdef HAVE_CONFIG_H
@ -228,11 +229,11 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
}
static void U32TO8(byte *p, word32 v) {
p[0] = (v ) & 0xff;
p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff;
}
p[0] = (byte)((v ) & 0xff);
p[1] = (byte)((v >> 8) & 0xff);
p[2] = (byte)((v >> 16) & 0xff);
p[3] = (byte)((v >> 24) & 0xff);
}
#endif
/* convert 32-bit unsigned to little endian 64 bit type as byte array */
@ -254,7 +255,11 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
/*
This local function operates on a message with a given number of bytes
with a given ctx pointer to a Poly1305 structure.
*/
static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes)
{
#ifdef USE_INTEL_SPEEDUP
@ -378,7 +383,11 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
#endif /* end of 64 bit cpu blocks or 32 bit cpu */
}
void poly1305_block(Poly1305* ctx, const unsigned char *m)
/*
This local function is used for the last call when a message with a given
number of bytes is less than the block size.
*/
static void poly1305_block(Poly1305* ctx, const unsigned char *m)
{
#ifdef USE_INTEL_SPEEDUP
/* No call to poly1305_block when AVX2, AVX2 does 4 blocks at a time. */
@ -494,7 +503,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
#endif
if (ctx == NULL)
if (ctx == NULL || mac == NULL)
return BAD_FUNC_ARG;
#ifdef USE_INTEL_SPEEDUP
@ -663,6 +672,13 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
{
size_t i;
if (ctx == NULL || (m == NULL && bytes > 0))
return BAD_FUNC_ARG;
if (bytes == 0) {
/* valid, but do nothing */
return 0;
}
#ifdef CHACHA_AEAD_TEST
word32 k;
printf("Raw input to poly:\n");
@ -673,8 +689,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
}
printf("\n");
#endif
if (ctx == NULL)
if (ctx == NULL || (m == NULL && bytes > 0))
return BAD_FUNC_ARG;
#ifdef USE_INTEL_SPEEDUP

View File

@ -19,7 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the random number generator.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -487,7 +492,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
if (i == (len-1)) {
len++;
}
drbg->matchCount = 1;
@ -511,6 +516,10 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
}
}
}
else {
/* wc_Sha256Update or wc_Sha256Final returned error */
break;
}
}
ForceZero(data, sizeof(data));
@ -614,7 +623,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret;
int ret = DRBG_FAILURE;
XMEMSET(drbg, 0, sizeof(DRBG));
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@ -645,9 +654,6 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
drbg->matchCount = 0;
ret = DRBG_SUCCESS;
}
else {
ret = DRBG_FAILURE;
}
return ret;
}
@ -674,7 +680,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
{
int ret = DRBG_SUCCESS;
int ret = 0;
/* Check the seed for duplicate words. */
word32 seedIdx = 0;
@ -700,7 +706,7 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret = RNG_FAILURE_E;
int ret = 0;
#ifdef HAVE_HASHDRBG
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
#endif
@ -773,6 +779,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
#else
/* compile-time validation of drbg_data size */
typedef char drbg_data_test[sizeof(rng->drbg_data) >=
@ -780,16 +790,14 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
(void)sizeof(drbg_data_test);
rng->drbg = (struct DRBG*)rng->drbg_data;
#endif
if (rng->drbg == NULL) {
ret = MEMORY_E;
}
else {
if (ret == 0) {
ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
if (ret != 0)
ret = DRBG_FAILURE;
else
if (ret == 0)
ret = wc_RNG_TestSeed(seed, seedSz);
else {
ret = DRBG_FAILURE;
rng->status = DRBG_FAILED;
}
if (ret == DRBG_SUCCESS)
ret = Hash_DRBG_Instantiate(rng->drbg,
@ -2350,7 +2358,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret;
@ -2358,7 +2366,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
while (sz > 0) {
uint32_t len = sizeof(buffer);
if (sz < len) {
len = sz;
}

View File

@ -19,7 +19,13 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interface to the RSA.
RSA keys can be used to encrypt, decrypt, sign and verify data.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -605,59 +611,61 @@ int wc_CheckRsaKey(RsaKey* key)
if (mp_set_int(k, 0x2342) != MP_OKAY)
ret = MP_READ_E;
}
#ifdef WOLFSSL_HAVE_SP_RSA
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->n) == 2048) {
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->n) == 3072) {
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#ifdef WOLFSSL_SP_4096
if (mp_count_bits(&key->n) == 4096) {
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#endif
#ifdef WOLFSSL_SP_MATH
{
ret = WC_KEY_SIZE_E;
}
#else
{
if (ret == 0) {
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0) {
switch (mp_count_bits(&key->n)) {
#ifndef WOLFSSL_SP_NO_2048
case 2048:
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_NO_2048 */
#ifndef WOLFSSL_SP_NO_3072
case 3072:
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_NO_3072 */
#ifdef WOLFSSL_SP_4096
case 4096:
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_4096 */
default:
ret = WC_KEY_SIZE_E;
}
}
#endif /* WOLFSSL_HAVE_SP_RSA */
#ifndef WOLFSSL_SP_MATH
if (ret == 0) {
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
if (ret == 0) {
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
if (ret == 0) {
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
#endif
#endif /* !WOLFSSL_SP_MATH */
if (ret == 0) {
if (mp_cmp(k, tmp) != MP_EQ)
@ -815,10 +823,10 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
XMEMCPY(tmp, seed, seedSz);
/* counter to byte array appended to tmp */
tmp[seedSz] = (counter >> 24) & 0xFF;
tmp[seedSz + 1] = (counter >> 16) & 0xFF;
tmp[seedSz + 2] = (counter >> 8) & 0xFF;
tmp[seedSz + 3] = (counter) & 0xFF;
tmp[seedSz] = (byte)((counter >> 24) & 0xFF);
tmp[seedSz + 1] = (byte)((counter >> 16) & 0xFF);
tmp[seedSz + 2] = (byte)((counter >> 8) & 0xFF);
tmp[seedSz + 3] = (byte)((counter) & 0xFF);
/* hash and append to existing output */
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
@ -1124,6 +1132,9 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
hiBits = (bits - 1) & 0x7;
if (hiBits == 0) {
/* Per RFC8017, set the leftmost 8emLen - emBits bits of the
leftmost octet in DB to zero.
*/
*(pkcsBlock++) = 0;
pkcsBlockLen--;
}
@ -1160,7 +1171,6 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
if ((int)pkcsBlockLen - hLen < saltLen + 2) {
return PSS_SALTLEN_E;
}
maskLen = pkcsBlockLen - 1 - hLen;
#if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER)
@ -1203,12 +1213,16 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
ret = wc_Hash(hType, s, (word32)(m - s), pkcsBlock + maskLen, hLen);
}
if (ret == 0) {
/* Set the last eight bits or trailer field to the octet 0xbc */
pkcsBlock[pkcsBlockLen - 1] = RSA_PSS_PAD_TERM;
ret = RsaMGF(mgf, pkcsBlock + maskLen, hLen, pkcsBlock, maskLen, heap);
}
if (ret == 0) {
pkcsBlock[0] &= (1 << hiBits) - 1;
/* Clear the first high bit when "8emLen - emBits" is non-zero.
where emBits = n modBits - 1 */
if (hiBits)
pkcsBlock[0] &= (1 << hiBits) - 1;
m = pkcsBlock + maskLen - saltLen - 1;
*(m++) ^= 0x01;
@ -1237,15 +1251,15 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
return BAD_FUNC_ARG;
}
if (pkcsBlockLen - RSA_MIN_PAD_SZ < inputLen) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1) {
if (pkcsBlockLen < inputLen + 2) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
/* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
@ -1255,12 +1269,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
/* pad with non-zero random bytes */
word32 padLen, i;
int ret;
if (pkcsBlockLen < inputLen + 1) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
padLen = pkcsBlockLen - inputLen - 1;
ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0) {
@ -1457,9 +1465,10 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
* saltLen Length of salt to put in padding.
* bits Length of key in bits.
* heap Used for dynamic memory allocation.
* returns 0 on success, PSS_SALTLEN_E when the salt length is invalid,
* BAD_PADDING_E when the padding is not valid, MEMORY_E when allocation fails
* and other negative values on error.
* returns the sum of salt length and SHA-256 digest size on success.
* Otherwise, PSS_SALTLEN_E for an incorrect salt length,
* WC_KEY_SIZE_E for an incorrect encoded message (EM) size
and other negative values on error.
*/
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, enum wc_HashType hType, int mgf,
@ -2659,7 +2668,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
#endif
if (mp_init(c) != MP_OKAY)
ret = MEMORY_E;
ret = MP_INIT_E;
if (ret == 0) {
if (mp_read_unsigned_bin(c, in, inLen) != 0)
ret = MP_READ_E;

View File

@ -19,6 +19,16 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* For more info on the algorithm, see https://tools.ietf.org/html/rfc6234 */
/*
DESCRIPTION
This library provides the interface to SHA-256 secure hash algorithms.
SHA-256 performs processing on message blocks to produce a final hash digest
output. It can be used to hash a message, M, having a length of L bits,
where 0 <= L < 2^64.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

View File

@ -21,6 +21,11 @@
/* Implementation by Sean Parkinson. */
/*
DESCRIPTION
This library provides single precision (SP) integer math functions.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -178,20 +183,23 @@ int sp_unsigned_bin_size(sp_int* a)
* a SP integer.
* in Array of bytes.
* inSz Number of data bytes in array.
* returns BAD_FUNC_ARG when the number is too big to fit in an SP and
* returns MP_VAL when the number is too big to fit in an SP and
MP_OKAY otherwise.
*/
int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
{
int err = MP_OKAY;
int i, j = 0, k;
/* Extra digit added to SP_INT_DIGITS to be used in calculations. */
if (inSz > (SP_INT_DIGITS - 1) * (int)sizeof(a->dp[0])) {
if (inSz > SP_INT_DIGITS * (int)sizeof(a->dp[0])) {
err = MP_VAL;
}
if (err == MP_OKAY) {
else if (inSz == 0) {
XMEMSET(a->dp, 0, a->size * sizeof(*a->dp));
a->used = 0;
}
else {
for (i = inSz-1; i >= (SP_WORD_SIZE/8); i -= (SP_WORD_SIZE/8), j++) {
a->dp[j] = (((sp_int_digit)in[i-0]) << (0*8))
| (((sp_int_digit)in[i-1]) << (1*8))
@ -212,9 +220,9 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
}
}
a->used = j + 1;
}
sp_clamp(a);
sp_clamp(a);
}
return err;
}
@ -1019,12 +1027,27 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
int i = 0;
sp_int_digit t;
if (a == NULL || r == NULL || a->used > SP_INT_DIGITS)
return BAD_FUNC_ARG;
r->used = a->used;
if (a->used == 0) {
r->used = d > 0;
if (d == 0) {
/*copy the content of <a> to <r>*/
for (; i < a->used; i++)
r->dp[i] = a->dp[i];
return MP_OKAY;
}
t = a->dp[0] + d;
if (t < a->dp[0]) {
if (a->used == 0) {
r->used = 1;
t = d;
}
else
t = a->dp[0] + d;
if (a->used != 0 && t < a->dp[0]) {
for (++i; i < a->used; i++) {
r->dp[i] = a->dp[i] + 1;
if (r->dp[i] != 0) {
@ -1033,19 +1056,20 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
}
if (i == a->used) {
r->used++;
r->dp[i] = 1;
if (i < SP_INT_DIGITS)
r->dp[i] = 1;
else
return MP_VAL;
}
}
r->dp[0] = t;
if (r != a) {
for (++i; i < a->used; i++) {
r->dp[i] = a->dp[i];
}
}
for (++i; i < a->used; i++)
r->dp[i] = a->dp[i];
return MP_OKAY;
}
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
/* Left shift the big number by a number of digits.

View File

@ -22,8 +22,15 @@
/*!
\file wolfssl/wolfcrypt/aes.h
*/
/*
DESCRIPTION
This library provides the interfaces to the Advanced Encryption Standard (AES)
for encrypting and decrypting data. AES is the standard known for a symmetric
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
192-bits, and 256-bits of key sizes.
*/
#ifndef WOLF_CRYPT_AES_H
#define WOLF_CRYPT_AES_H

View File

@ -23,6 +23,14 @@
\file wolfssl/wolfcrypt/asn.h
*/
/*
DESCRIPTION
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
ASN.1 is a standard interface description language for defining data structures
that can be serialized and deserialized in a cross-platform way.
*/
#ifndef WOLF_CRYPT_ASN_H
#define WOLF_CRYPT_ASN_H

View File

@ -23,6 +23,11 @@
\file wolfssl/wolfcrypt/asn_public.h
*/
/*
DESCRIPTION
This library defines the interface APIs for X509 certificates.
*/
#ifndef WOLF_CRYPT_ASN_PUBLIC_H
#define WOLF_CRYPT_ASN_PUBLIC_H

View File

@ -18,7 +18,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher.
*/
/*!
\file wolfssl/wolfcrypt/chacha.h
*/
@ -35,9 +40,21 @@
extern "C" {
#endif
/*
Initialization vector starts at 13 with zero being the index origin of a matrix.
Block counter is located at index 12.
0 1 2 3
4 5 6 7
8 9 10 11
12 13 14 15
*/
#define CHACHA_MATRIX_CNT_IV 12
/* Size of the IV */
#define CHACHA_IV_WORDS 3
#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32))
/* Size of IV in bytes*/
#define CHACHA_IV_BYTES 12
/* Size of ChaCha chunks */
#define CHACHA_CHUNK_WORDS 16

View File

@ -18,12 +18,14 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher and
the Poly1305 authenticator, both as as combined-mode,
or Authenticated Encryption with Additional Data (AEAD) algorithm.
/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
* and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
*/
*/
/*!
\file wolfssl/wolfcrypt/chacha20_poly1305.h
@ -45,6 +47,7 @@
#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
#define CHACHA20_POLY1305_MAX 4294967295U
enum {
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */

View File

@ -22,6 +22,11 @@
/*!
\file wolfssl/wolfcrypt/error-crypt.h
*/
/*
DESCRIPTION
This library defines error codes and contians routines for setting and examining
the error status.
*/
#ifndef WOLF_CRYPT_ERROR_H
#define WOLF_CRYPT_ERROR_H
@ -227,10 +232,10 @@ enum {
CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */
WC_LAST_E = -274, /* Update this to indicate last error */
WC_LAST_E = -275, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes

View File

@ -18,9 +18,13 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This module implements the arithmetic-shift right, left, byte swapping, XOR,
masking and clearing memory logic.
*/
#ifndef WOLF_CRYPT_MISC_H
#define WOLF_CRYPT_MISC_H

View File

@ -119,9 +119,6 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
byte* input, word32 sz, byte* tag, word32 tagSz);
void poly1305_block(Poly1305* ctx, const unsigned char *m);
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes);
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -23,7 +23,13 @@
\file wolfssl/wolfcrypt/rsa.h
*/
/*
DESCRIPTION
This library provides the interface to the RSA.
RSA keys can be used to encrypt, decrypt, sign and verify data.
*/
#ifndef WOLF_CRYPT_RSA_H
#define WOLF_CRYPT_RSA_H
@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key);
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#endif
#ifdef WC_RSA_BLINDING
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);

View File

@ -19,7 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides single precision (SP) integer math functions.
*/
#ifndef WOLF_CRYPT_SP_INT_H
#define WOLF_CRYPT_SP_INT_H
@ -187,7 +191,7 @@ MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d,
sp_int* e, sp_int* f);
MP_API void sp_clear(sp_int* a);
MP_API int sp_unsigned_bin_size(sp_int* a);
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz);
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz);
MP_API int sp_read_radix(sp_int* a, const char* in, int radix);
MP_API int sp_cmp(sp_int* a, sp_int* b);
MP_API int sp_count_bits(sp_int* a);

View File

@ -22,7 +22,12 @@
/*!
\file wolfssl/wolfcrypt/types.h
*/
/*
DESCRIPTION
This library defines the primitive data types and abstraction macros to
decouple library dependencies with standard string, memory and so on.
*/
#ifndef WOLF_CRYPT_TYPES_H
#define WOLF_CRYPT_TYPES_H

View File

@ -19,6 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides big integer math functions.
*/
#ifndef __WOLFMATH_H__
#define __WOLFMATH_H__