len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-10-16 17:57:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update wolfSSL to the latest version(v.4.5.0) (#303)

Browse source 
* deleted old version wolfSSL before updating

* updated wolfSSL to the latest version(v4.4.0)

* updated wolfSSL to the latest version(v4.4.0)

* added macros for timing resistance

* Add wolfSSL-FIPS-Ready to Demo and Source

* Add wolfSSL-FIPS-Ready to Demo and Source

* Update README_wolfSSL_FIPS_Ready.md

* Remove unused files

* Update to wolfSSL-4.5.0-FIPS-Ready

* Increase FIPS version number for the default

* Update wolfSSL to the latest version(v.4.5.0)

* Fix version number

* Fix comments from github

Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Co-authored-by: Ming Yue <mingyue86010@gmail.com>
Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Co-authored-by: Alfred Gedeon <alfred2g@hotmail.com>
This commit is contained in:
TakayukiMatsuo 2020-10-24 11:35:06 +09:00 committed by GitHub
parent ee588710dd
commit c44794cd11
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
471 changed files with 792175 additions and 60158 deletions
Download patch file Download diff file Expand all files Collapse all files

559
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/aes.c
View file

@ -19,7 +19,15 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interfaces to the Advanced Encryption Standard (AES)
for encrypting and decrypting data. AES is the standard known for a symmetric
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
192-bits, and 256-bits of key sizes.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -288,7 +296,7 @@
/* Define AES implementation includes and functions */
#if defined(STM32_CRYPTO)
/* STM32F2/F4/F7/L4 hardware AES support for ECB, CBC, CTR and GCM modes */
/* STM32F2/F4/F7/L4/L5/H7/WB55 hardware AES support for ECB, CBC, CTR and GCM modes */
#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
@ -307,21 +315,21 @@
if (ret != 0)
return ret;
#ifdef STM32_CRYPTO_AES_ONLY
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_ECB;
#elif defined(STM32_CRYPTO_AES_ONLY)
hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB;
hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_ECB;
#endif
HAL_CRYP_Init(&hcryp);
#ifdef STM32_CRYPTO_AES_ONLY
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
#elif defined(STM32_HAL_V2)
#if defined(STM32_HAL_V2)
ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
(uint32_t*)outBlock, STM32_HAL_TIMEOUT);
#elif defined(STM32_CRYPTO_AES_ONLY)
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
@ -331,7 +339,7 @@
}
HAL_CRYP_DeInit(&hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
if (ret != 0)
return ret;
@ -391,21 +399,21 @@
if (ret != 0)
return ret;
#ifdef STM32_CRYPTO_AES_ONLY
hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT;
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_ECB;
#elif defined(STM32_CRYPTO_AES_ONLY)
hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT;
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB;
hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_ECB;
#endif
HAL_CRYP_Init(&hcryp);
#ifdef STM32_CRYPTO_AES_ONLY
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
#elif defined(STM32_HAL_V2)
#if defined(STM32_HAL_V2)
ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
(uint32_t*)outBlock, STM32_HAL_TIMEOUT);
#elif defined(STM32_CRYPTO_AES_ONLY)
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
outBlock, STM32_HAL_TIMEOUT);
@ -415,7 +423,7 @@
}
HAL_CRYP_DeInit(&hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
if (ret != 0)
return ret;
@ -926,7 +934,7 @@
#ifdef NEED_AES_TABLES
static const word32 rcon[] = {
static const FLASH_QUALIFIER word32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000,
@ -934,7 +942,7 @@ static const word32 rcon[] = {
};
#ifndef WOLFSSL_AES_SMALL_TABLES
static const word32 Te[4][256] = {
static const FLASH_QUALIFIER word32 Te[4][256] = {
{
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@ -1202,7 +1210,7 @@ static const word32 Te[4][256] = {
};
#ifdef HAVE_AES_DECRYPT
static const word32 Td[4][256] = {
static const FLASH_QUALIFIER word32 Td[4][256] = {
{
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@ -1474,8 +1482,8 @@ static const word32 Td[4][256] = {
#ifdef HAVE_AES_DECRYPT
#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
|| defined(WOLFSSL_AES_DIRECT)
static const byte Td4[256] =
|| defined(WOLFSSL_AES_DIRECT)
static const FLASH_QUALIFIER byte Td4[256] =
{
0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
@ -1561,6 +1569,7 @@ static word32 col_mul(word32 t, int i2, int i3, int ia, int ib)
return GETBYTE(t, ia) ^ GETBYTE(t, ib) ^ t3 ^ tm;
}
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
static word32 inv_col_mul(word32 t, int i9, int ib, int id, int ie)
{
byte t9 = GETBYTE(t, i9);
@ -1571,8 +1580,10 @@ static word32 inv_col_mul(word32 t, int i9, int ib, int id, int ie)
return t0 ^ AES_XTIME(AES_XTIME(AES_XTIME(t0 ^ te) ^ td ^ te) ^ tb ^ te);
}
#endif
#endif
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || \
defined(HAVE_AESCCM) || defined(HAVE_AESGCM)
#ifndef WC_CACHE_LINE_SZ
#if defined(__x86_64__) || defined(_M_X64) || \
@ -2388,6 +2399,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
aes->keylen = keylen;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, userKey, keylen);
ret = nrf51_aes_set_key(userKey);
#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
@ -2963,41 +2975,34 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
return ret;
}
#ifdef STM32_CRYPTO_AES_ONLY
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CBC;
ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
#elif defined(STM32_CRYPTO_AES_ONLY)
hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC;
hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CBC;
ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
#endif
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
HAL_CRYP_Init(&hcryp);
while (blocks--) {
#ifdef STM32_CRYPTO_AES_ONLY
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#elif defined(STM32_HAL_V2)
ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,
(uint32_t*)out, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#endif
if (ret != HAL_OK) {
ret = WC_TIMEOUT_E;
break;
}
/* store iv for next call */
XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
sz -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
#if defined(STM32_HAL_V2)
ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
(uint32_t*)out, STM32_HAL_TIMEOUT);
#elif defined(STM32_CRYPTO_AES_ONLY)
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#endif
if (ret != HAL_OK) {
ret = WC_TIMEOUT_E;
}
/* store iv for next call */
XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
HAL_CRYP_DeInit(&hcryp);
wolfSSL_CryptHwMutexUnLock();
@ -3023,41 +3028,35 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* if input and output same will overwrite input iv */
XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
#ifdef STM32_CRYPTO_AES_ONLY
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CBC;
ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
#elif defined(STM32_CRYPTO_AES_ONLY)
hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT;
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC;
hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CBC;
ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
#endif
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
HAL_CRYP_Init(&hcryp);
while (blocks--) {
#ifdef STM32_CRYPTO_AES_ONLY
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#elif defined(STM32_HAL_V2)
ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,
(uint32_t*)out, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#endif
if (ret != HAL_OK) {
ret = WC_TIMEOUT_E;
break;
}
/* store iv for next call */
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
#if defined(STM32_HAL_V2)
ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
(uint32_t*)out, STM32_HAL_TIMEOUT);
#elif defined(STM32_CRYPTO_AES_ONLY)
ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#endif
if (ret != HAL_OK) {
ret = WC_TIMEOUT_E;
}
/* store iv for next call */
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
HAL_CRYP_DeInit(&hcryp);
wolfSSL_CryptHwMutexUnLock();
@ -3065,7 +3064,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
#endif /* HAVE_AES_DECRYPT */
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
int ret;
@ -3740,38 +3739,37 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
CRYP_IVInitTypeDef ivInit;
#endif
#ifdef WOLFSSL_STM32_CUBEMX
ret = wc_Stm32_Aes_Init(aes, &hcryp);
if (ret != 0) {
return ret;
}
ret = wolfSSL_CryptHwMutexLock();
if (ret != 0) {
return ret;
}
#ifdef WOLFSSL_STM32_CUBEMX
ret = wc_Stm32_Aes_Init(aes, &hcryp);
if (ret != 0) {
wolfSSL_CryptHwMutexUnLock();
return ret;
}
#ifdef STM32_CRYPTO_AES_ONLY
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CTR;
ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE);
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv;
#elif defined(STM32_CRYPTO_AES_ONLY)
hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR;
hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_CTR;
ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE);
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv;
#else
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
#endif
HAL_CRYP_Init(&hcryp);
#ifdef STM32_CRYPTO_AES_ONLY
ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#elif defined(STM32_HAL_V2)
#if defined(STM32_HAL_V2)
ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,
(uint32_t*)out, STM32_HAL_TIMEOUT);
#elif defined(STM32_CRYPTO_AES_ONLY)
ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
#else
ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE,
out, STM32_HAL_TIMEOUT);
@ -3781,10 +3779,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
HAL_CRYP_DeInit(&hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
if (ret != 0) {
wolfSSL_CryptHwMutexUnLock();
return ret;
}
ret = wolfSSL_CryptHwMutexLock();
if (ret != 0) {
return ret;
}
@ -3829,7 +3831,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* disable crypto processor */
CRYP_Cmd(DISABLE);
#endif /* WOLFSSL_STM32_CUBEMX */
wolfSSL_CryptHwMutexUnLock();
@ -4009,9 +4010,6 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
#if defined(HAVE_COLDFIRE_SEC)
#error "Coldfire SEC doesn't currently support AES-GCM mode"
#elif defined(WOLFSSL_NRF51_AES)
#error "nRF51 doesn't currently support AES-GCM mode"
#endif
#ifdef WOLFSSL_ARMASM
@ -4036,18 +4034,6 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
return;
}
}
#ifdef STM32_CRYPTO_AES_GCM
static WC_INLINE void DecrementGcmCounter(byte* inOutCtr)
{
int i;
/* in network byte order so start at end and work back */
for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
if (--inOutCtr[i] != 0xFF) /* we're done unless we underflow */
return;
}
}
#endif /* STM32_CRYPTO_AES_GCM */
#endif /* !FREESCALE_LTC_AES_GCM */
#if defined(GCM_SMALL) || defined(GCM_TABLE)
@ -4157,7 +4143,11 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
#if !defined(FREESCALE_LTC_AES_GCM)
if (ret == 0) {
wc_AesEncrypt(aes, iv, aes->H);
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
wc_AesEncrypt(aes, iv, aes->H);
wolfSSL_CryptHwMutexUnLock();
}
#ifdef GCM_TABLE
GenerateM0(aes);
#endif /* GCM_TABLE */
@ -5927,14 +5917,20 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)];
#endif
word32 keySize;
#ifdef WOLFSSL_STM32_CUBEMX
int status = HAL_OK;
word32 blocks = sz / AES_BLOCK_SIZE;
word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
#else
int status = SUCCESS;
#endif
word32 partial = sz % AES_BLOCK_SIZE;
byte tag[AES_BLOCK_SIZE];
byte partialBlock[AES_BLOCK_SIZE];
byte ctr[AES_BLOCK_SIZE];
word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
byte* authInPadded = NULL;
int authPadSz;
int authPadSz, wasAlloc = 0;
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0)
@ -5953,23 +5949,30 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
XMEMSET(ctr, 0, AES_BLOCK_SIZE);
if (ivSz == GCM_NONCE_MID_SZ) {
byte* pCtr = (byte*)ctr;
XMEMCPY(ctr, iv, ivSz);
ctr[AES_BLOCK_SIZE - 1] = 1;
pCtr[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, ctr, AES_BLOCK_SIZE);
GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
}
/* Hardware requires counter + 1 */
IncrementGcmCounter(ctr);
XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
if (authInSz == 0 || (authInSz % AES_BLOCK_SIZE) != 0) {
/* Need to pad the AAD to a full block with zeros. */
authPadSz = ((authInSz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
authInPadded = (byte*)XMALLOC(authPadSz, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (authInPadded == NULL) {
wolfSSL_CryptHwMutexUnLock();
return MEMORY_E;
/* Authentication buffer - must be 4-byte multiple zero padded */
authPadSz = authInSz % sizeof(word32);
if (authPadSz != 0) {
authPadSz = authInSz + sizeof(word32) - authPadSz;
if (authPadSz <= sizeof(authhdr)) {
authInPadded = (byte*)authhdr;
}
else {
authInPadded = (byte*)XMALLOC(authPadSz, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (authInPadded == NULL) {
wolfSSL_CryptHwMutexUnLock();
return MEMORY_E;
}
wasAlloc = 1;
}
XMEMSET(authInPadded, 0, authPadSz);
XMEMCPY(authInPadded, authIn, authInSz);
@ -5978,49 +5981,17 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
authInPadded = (byte*)authIn;
}
/* Hardware requires counter + 1 */
IncrementGcmCounter((byte*)ctr);
#ifdef WOLFSSL_STM32_CUBEMX
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded;
hcryp.Init.HeaderSize = authInSz;
#ifdef STM32_CRYPTO_AES_ONLY
/* Set the CRYP parameters */
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC;
hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE;
HAL_CRYP_Init(&hcryp);
/* GCM init phase */
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, 0, NULL, STM32_HAL_TIMEOUT);
if (status == HAL_OK) {
/* GCM header phase */
hcryp.Init.GCMCMACPhase = CRYP_HEADER_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, 0, NULL, STM32_HAL_TIMEOUT);
}
if (status == HAL_OK) {
/* GCM payload phase - blocks */
hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
if (blocks) {
status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
(blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
}
}
if (status == HAL_OK && (partial != 0 || blocks == 0)) {
/* GCM payload phase - partial remainder */
XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYPEx_AES_Auth(&hcryp, partialBlock, partial,
partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
/* GCM final phase */
hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT);
}
#elif defined(STM32_HAL_V2)
#if defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_GCM;
ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE);
hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE);
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock;
HAL_CRYP_Init(&hcryp);
@ -6032,7 +6003,46 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag,
STM32_HAL_TIMEOUT);
}
#elif defined(STM32_CRYPTO_AES_ONLY)
/* Set the CRYP parameters */
hcryp.Init.HeaderSize = authPadSz;
if (authPadSz == 0)
hcryp.Init.Header = NULL; /* cannot pass pointer here when authIn == 0 */
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC;
hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE;
HAL_CRYP_Init(&hcryp);
/* GCM init phase */
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, 0, NULL, STM32_HAL_TIMEOUT);
if (status == HAL_OK) {
/* GCM header phase */
hcryp.Init.GCMCMACPhase = CRYP_HEADER_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, 0, NULL, STM32_HAL_TIMEOUT);
}
if (status == HAL_OK) {
/* GCM payload phase - blocks */
hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
if (blocks) {
status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
(blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
}
}
if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
/* GCM payload phase - partial remainder */
XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial,
(uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
/* GCM final phase */
hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT);
}
#else
hcryp.Init.HeaderSize = authPadSz;
HAL_CRYP_Init(&hcryp);
if (blocks) {
/* GCM payload phase - blocks */
@ -6043,13 +6053,13 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
/* GCM payload phase - partial remainder */
XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, partialBlock, partial,
partialBlock, STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial,
(uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, tag, STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT);
}
#endif
@ -6057,13 +6067,13 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
ret = AES_GCM_AUTH_E;
HAL_CRYP_DeInit(&hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
ByteReverseWords(keyCopy, (word32*)aes->key, keySize);
status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)ctr,
(uint8_t*)keyCopy, keySize * 8,
(uint8_t*)in, sz,
(uint8_t*)authInPadded, authInSz,
(uint8_t*)out, tag);
(uint8_t*)out, (uint8_t*)tag);
if (status != SUCCESS)
ret = AES_GCM_AUTH_E;
#endif /* WOLFSSL_STM32_CUBEMX */
@ -6071,12 +6081,10 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
if (ret == 0) {
/* return authTag */
if (authTag) {
/* STM32 GCM won't compute Auth correctly for partial or
when IV != 12, so use software here */
/* For STM32 GCM fallback to software if partial AES block or IV != 12 */
if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
wc_AesEncrypt(aes, ctr, tag);
wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)tag);
xorbuf(authTag, tag, authTagSz);
}
else {
@ -6085,8 +6093,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
}
}
/* Free memory if not a multiple of AES_BLOCK_SZ */
if (authInPadded != authIn) {
/* Free memory */
if (wasAlloc) {
XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
@ -6269,15 +6277,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef STM32_CRYPTO_AES_GCM
/* The STM standard peripheral library API's doesn't support partial blocks */
#ifdef STD_PERI_LIB
if (partial == 0)
#endif
{
return wc_AesGcmEncrypt_STM32(
aes, out, in, sz, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}
return wc_AesGcmEncrypt_STM32(
aes, out, in, sz, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
#endif /* STM32_CRYPTO_AES_GCM */
#ifdef WOLFSSL_AESNI
@ -6358,19 +6360,22 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
{
int ret;
#ifdef WOLFSSL_STM32_CUBEMX
int status = HAL_OK;
CRYP_HandleTypeDef hcryp;
word32 blocks = sz / AES_BLOCK_SIZE;
#else
int status = SUCCESS;
word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)];
#endif
word32 keySize;
int status = HAL_OK;
word32 blocks = sz / AES_BLOCK_SIZE;
word32 partial = sz % AES_BLOCK_SIZE;
byte tag[AES_BLOCK_SIZE];
byte partialBlock[AES_BLOCK_SIZE];
byte ctr[AES_BLOCK_SIZE];
word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
byte* authInPadded = NULL;
int authPadSz;
int authPadSz, wasAlloc = 0;
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0)
@ -6389,23 +6394,30 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
XMEMSET(ctr, 0, AES_BLOCK_SIZE);
if (ivSz == GCM_NONCE_MID_SZ) {
byte* pCtr = (byte*)ctr;
XMEMCPY(ctr, iv, ivSz);
ctr[AES_BLOCK_SIZE - 1] = 1;
pCtr[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, ctr, AES_BLOCK_SIZE);
GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
}
/* Hardware requires counter + 1 */
IncrementGcmCounter(ctr);
XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
if (authInSz == 0 || (authInSz % AES_BLOCK_SIZE) != 0) {
/* Need to pad the AAD to a full block with zeros. */
authPadSz = ((authInSz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
authInPadded = (byte*)XMALLOC(authPadSz, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (authInPadded == NULL) {
wolfSSL_CryptHwMutexUnLock();
return MEMORY_E;
/* Authentication buffer - must be 4-byte multiple zero padded */
authPadSz = authInSz % sizeof(word32);
if (authPadSz != 0) {
authPadSz = authInSz + sizeof(word32) - authPadSz;
if (authPadSz <= sizeof(authhdr)) {
authInPadded = (byte*)authhdr;
}
else {
authInPadded = (byte*)XMALLOC(authPadSz, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (authInPadded == NULL) {
wolfSSL_CryptHwMutexUnLock();
return MEMORY_E;
}
wasAlloc = 1;
}
XMEMSET(authInPadded, 0, authPadSz);
XMEMCPY(authInPadded, authIn, authInSz);
@ -6414,13 +6426,33 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
authInPadded = (byte*)authIn;
}
/* Hardware requires counter + 1 */
IncrementGcmCounter((byte*)ctr);
#ifdef WOLFSSL_STM32_CUBEMX
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded;
hcryp.Init.HeaderSize = authInSz;
#ifdef STM32_CRYPTO_AES_ONLY
#if defined(STM32_HAL_V2)
hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
hcryp.Init.Algorithm = CRYP_AES_GCM;
ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE);
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock;
HAL_CRYP_Init(&hcryp);
/* GCM payload phase - can handle partial blocks */
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
(blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
if (status == HAL_OK) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag,
STM32_HAL_TIMEOUT);
}
#elif defined(STM32_CRYPTO_AES_ONLY)
/* Set the CRYP parameters */
hcryp.Init.HeaderSize = authPadSz;
if (authPadSz == 0)
hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */
hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC;
hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT;
hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE;
@ -6435,40 +6467,27 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
}
if (status == HAL_OK) {
/* GCM payload phase - blocks */
hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
if (blocks) {
status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
(blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
}
}
if (status == HAL_OK && (partial != 0 || blocks == 0)) {
if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
/* GCM payload phase - partial remainder */
XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYPEx_AES_Auth(&hcryp, partialBlock, partial,
partialBlock, STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial,
(byte*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
/* GCM final phase */
hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT);
}
#elif defined(STM32_HAL_V2)
hcryp.Init.Algorithm = CRYP_AES_GCM;
ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE);
hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock;
HAL_CRYP_Init(&hcryp);
/* GCM payload phase - can handle partial blocks */
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
(blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
if (status == HAL_OK) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag,
STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT);
}
#else
hcryp.Init.HeaderSize = authPadSz;
HAL_CRYP_Init(&hcryp);
if (blocks) {
/* GCM payload phase - blocks */
@ -6479,13 +6498,13 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
/* GCM payload phase - partial remainder */
XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, partialBlock, partial,
partialBlock, STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)partialBlock, partial,
(byte*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, tag, STM32_HAL_TIMEOUT);
status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT);
}
#endif
@ -6494,7 +6513,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
HAL_CRYP_DeInit(&hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
ByteReverseWords(keyCopy, (word32*)aes->key, aes->keylen);
/* Input size and auth size need to be the actual sizes, even though
@ -6504,25 +6523,25 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
(uint8_t*)keyCopy, keySize * 8,
(uint8_t*)in, sz,
(uint8_t*)authInPadded, authInSz,
(uint8_t*)out, tag);
(uint8_t*)out, (uint8_t*)tag);
if (status != SUCCESS)
ret = AES_GCM_AUTH_E;
#endif /* WOLFSSL_STM32_CUBEMX */
/* STM32 GCM hardware only supports IV of 12 bytes, so use software for auth */
if (sz == 0 || ivSz != GCM_NONCE_MID_SZ) {
DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */
GHASH(aes, authIn, authInSz, in, sz, tag, sizeof(tag));
wc_AesEncrypt(aes, ctr, partialBlock);
/* For STM32 GCM fallback to software if partial AES block or IV != 12 */
if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag));
wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)partialBlock);
xorbuf(tag, partialBlock, sizeof(tag));
}
if (ConstantCompare(authTag, tag, authTagSz) != 0) {
/* Check authentication tag */
if (ConstantCompare(authTag, (byte*)tag, authTagSz) != 0) {
ret = AES_GCM_AUTH_E;
}
/* Free memory if not a multiple of AES_BLOCK_SZ */
if (authInPadded != authIn) {
/* Free memory */
if (wasAlloc) {
XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
@ -6717,14 +6736,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#ifdef STM32_CRYPTO_AES_GCM
/* The STM standard peripheral library API's doesn't support partial blocks */
#ifdef STD_PERI_LIB
if (partial == 0)
#endif
{
return wc_AesGcmDecrypt_STM32(
aes, out, in, sz, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}
return wc_AesGcmDecrypt_STM32(
aes, out, in, sz, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
#endif /* STM32_CRYPTO_AES_GCM */
#ifdef WOLFSSL_AESNI
@ -6970,6 +6984,21 @@ int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
return wc_AesSetKey(aes, key, keySz, NULL, AES_ENCRYPTION);
}
/* Checks if the tag size is an accepted value based on RFC 3610 section 2
* returns 0 if tag size is ok
*/
int wc_AesCcmCheckTagSize(int sz)
{
/* values here are from RFC 3610 section 2 */
if (sz != 4 && sz != 6 && sz != 8 && sz != 10 && sz != 12 && sz != 14
&& sz != 16) {
WOLFSSL_MSG("Bad auth tag size AES-CCM");
return BAD_FUNC_ARG;
}
return 0;
}
#ifdef WOLFSSL_ARMASM
/* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */
@ -6996,6 +7025,10 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
return BAD_FUNC_ARG;
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
return BAD_FUNC_ARG;
}
key = (byte*)aes->key;
status = wc_AesGetKeySize(aes, &keySize);
@ -7130,20 +7163,20 @@ static WC_INLINE void AesCcmCtrIncSet4(byte* B, word32 lenSz)
XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2);
for (i = 0; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 1 - 1 - i] != 0) break;
if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
}
B[AES_BLOCK_SIZE * 2 - 1] += 2;
if (B[AES_BLOCK_SIZE * 2 - 1] < 2) {
for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
}
}
B[AES_BLOCK_SIZE * 3 - 1] += 3;
if (B[AES_BLOCK_SIZE * 3 - 1] < 3) {
B[AES_BLOCK_SIZE * 3 - 1] += 2;
if (B[AES_BLOCK_SIZE * 3 - 1] < 2) {
for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
}
}
B[AES_BLOCK_SIZE * 4 - 1] += 3;
if (B[AES_BLOCK_SIZE * 4 - 1] < 3) {
for (i = 1; i < lenSz; i++) {
if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
}
}
}
static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz)
@ -7184,6 +7217,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
/* sanity check on tag size */
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
return BAD_FUNC_ARG;
}
XMEMSET(A, 0, sizeof(A));
XMEMCPY(B+1, nonce, nonceSz);
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
@ -7225,9 +7263,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
in += AES_BLOCK_SIZE * 4;
out += AES_BLOCK_SIZE * 4;
if (inSz < AES_BLOCK_SIZE * 4) {
AesCcmCtrInc4(B, lenSz);
}
AesCcmCtrInc4(B, lenSz);
}
}
#endif
@ -7280,6 +7316,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
/* sanity check on tag size */
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
return BAD_FUNC_ARG;
}
o = out;
oSz = inSz;
XMEMCPY(B+1, nonce, nonceSz);
@ -7304,9 +7345,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
in += AES_BLOCK_SIZE * 4;
o += AES_BLOCK_SIZE * 4;
if (oSz < AES_BLOCK_SIZE * 4) {
AesCcmCtrInc4(B, lenSz);
}
AesCcmCtrInc4(B, lenSz);
}
}
#endif

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/aes_gcm_asm.S
View file

@ -8731,3 +8731,7 @@ L_AES_GCM_decrypt_avx2_cmp_tag_done:
.size AES_GCM_decrypt_avx2,.-AES_GCM_decrypt_avx2
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

803
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/asn.c
View file

File diff suppressed because it is too large Load diff

43
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/chacha.c
View file

@ -18,15 +18,16 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* based from
* chacha-ref.c version 20080118
* D. J. Bernstein
* Public domain.
*/
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher.
Based from chacha-ref.c version 20080118
D. J. Bernstein
Public domain.
*/
#ifdef WOLFSSL_ARMASM
/* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
@ -112,25 +113,17 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
{
word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
#ifdef CHACHA_AEAD_TEST
word32 i;
printf("NONCE : ");
for (i = 0; i < CHACHA_IV_BYTES; i++) {
printf("%02x", inIv[i]);
}
printf("\n\n");
#endif
if (ctx == NULL)
if (ctx == NULL || inIv == NULL)
return BAD_FUNC_ARG;
XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
ctx->left = 0; /* resets state */
ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */
ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
ctx->X[CHACHA_IV_BYTES+2] = LITTLE32(temp[1]); /* counter from nonce */
ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+0] = counter; /* block counter */
ctx->X[CHACHA_MATRIX_CNT_IV+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+2] = LITTLE32(temp[1]); /* counter from nonce */
ctx->X[CHACHA_MATRIX_CNT_IV+3] = LITTLE32(temp[2]); /* counter from nonce */
return 0;
}
@ -152,7 +145,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
word32 alignKey[8];
#endif
if (ctx == NULL)
if (ctx == NULL || key == NULL)
return BAD_FUNC_ARG;
if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
@ -270,13 +263,13 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */
output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left;
for (i = 0; i < bytes && i < ctx->left; i++) {
c[i] = m[i] ^ output[i];
c[i] = (byte)(m[i] ^ output[i]);
}
ctx->left = ctx->left - i;
/* Used up all of the stream that was left, increment the counter */
if (ctx->left == 0) {
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
}
bytes = bytes - i;
c += i;
@ -286,9 +279,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
output = (byte*)temp;
while (bytes >= CHACHA_CHUNK_BYTES) {
wc_Chacha_wordtobyte(temp, ctx->X);
ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) {
c[i] = m[i] ^ output[i];
c[i] = (byte)(m[i] ^ output[i]);
}
bytes -= CHACHA_CHUNK_BYTES;
c += CHACHA_CHUNK_BYTES;
@ -314,7 +307,7 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
word32 msglen)
{
if (ctx == NULL)
if (ctx == NULL || input == NULL || output == NULL)
return BAD_FUNC_ARG;
#ifdef USE_INTEL_CHACHA_SPEEDUP

14
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/chacha20_poly1305.c
View file

@ -18,8 +18,14 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher and
the Poly1305 authenticator, both as as combined-mode,
or Authenticated Encryption with Additional Data (AEAD) algorithm.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -141,7 +147,7 @@ int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
/* setup aead context */
XMEMSET(aead, 0, sizeof(ChaChaPoly_Aead));
XMEMSET(authKey, 0, sizeof(authKey));
aead->isEncrypt = isEncrypt;
aead->isEncrypt = (byte)isEncrypt;
/* Initialize the ChaCha20 context (key and iv) */
ret = wc_Chacha_SetKey(&aead->chacha, inKey,
@ -189,6 +195,8 @@ int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
aead->state != CHACHA20_POLY1305_STATE_AAD) {
return BAD_STATE_E;
}
if (inAADLen > CHACHA20_POLY1305_MAX - aead->aadLen)
return CHACHA_POLY_OVERFLOW;
if (inAAD && inAADLen > 0) {
ret = wc_Poly1305Update(&aead->poly, inAAD, inAADLen);
@ -215,6 +223,8 @@ int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
aead->state != CHACHA20_POLY1305_STATE_DATA) {
return BAD_STATE_E;
}
if (dataLen > CHACHA20_POLY1305_MAX - aead->dataLen)
return CHACHA_POLY_OVERFLOW;
/* Pad the AAD */
if (aead->state == CHACHA20_POLY1305_STATE_AAD) {
@ -261,7 +271,7 @@ int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
ret = wc_Poly1305_Pad(&aead->poly, aead->aadLen);
}
/* Pad the ciphertext to 16 bytes */
/* Pad the plaintext/ciphertext to 16 bytes */
if (ret == 0) {
ret = wc_Poly1305_Pad(&aead->poly, aead->dataLen);
}

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/chacha_asm.S
View file

@ -1418,3 +1418,7 @@ L_chacha20_avx2_end256:
.size chacha_encrypt_avx2,.-chacha_encrypt_avx2
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

23
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c
View file

@ -31,17 +31,26 @@
#include <wolfssl/wolfcrypt/coding.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifndef NO_ASN
#include <wolfssl/wolfcrypt/asn.h> /* For PEM_LINE_SZ */
#endif
enum {
BAD = 0xFF, /* invalid encoding */
PAD = '=',
PEM_LINE_SZ = 64,
BASE64_MIN = 0x2B,
BASE16_MIN = 0x30,
};
#ifndef BASE64_LINE_SZ
#ifdef NO_ASN
#define BASE64_LINE_SZ 64
#else
#define BASE64_LINE_SZ PEM_LINE_SZ
#endif
#endif
#ifdef WOLFSSL_BASE64_DECODE
static
@ -91,7 +100,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
{
word32 i = 0;
word32 j = 0;
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
int ret;
const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1;
@ -132,8 +141,6 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
e4 = in[j++];
inLen--;
if (e1 == 0) /* end file 0's */
break;
if (e3 == PAD)
pad3 = 1;
if (e4 == PAD)
@ -291,7 +298,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
int getSzOnly = (out == NULL);
word32 outSz = (inLen + 3 - 1) / 3 * 4;
word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */
word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */
if (escaped == WC_ESC_NL_ENC)
addSz *= 3; /* instead of just \n, we're doing %0A triplet */
@ -328,8 +335,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
inLen -= 3;
/* Insert newline after PEM_LINE_SZ, unless no \n requested */
if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen) {
/* Insert newline after BASE64_LINE_SZ, unless no \n requested */
if (escaped != WC_NO_NL_ENC && (++n % (BASE64_LINE_SZ/4)) == 0 && inLen) {
ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
if (ret != 0) break;
}

1
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/cpuid.c
View file

@ -97,6 +97,7 @@
if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; }
if (cpuid_flag(1, 0, ECX, 25)) { cpuid_flags |= CPUID_AESNI ; }
if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX ; }
if (cpuid_flag(1, 0, ECX, 22)) { cpuid_flags |= CPUID_MOVBE ; }
cpuid_check = 1;
}
}

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/cryptocb.c
View file

@ -6,7 +6,7 @@
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,

67
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/curve25519.c
View file

@ -51,14 +51,49 @@ const curve25519_set_type curve25519_sets[] = {
}
};
static const unsigned char kCurve25519BasePoint[CURVE25519_KEYSIZE] = {9};
/* compute the public key from an existing private key, using bare vectors.
*
* return value is propagated from curve25519() (0 on success), or ECC_BAD_ARG_E,
* and the byte vectors are little endian.
*/
int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
const byte* priv) {
int ret;
if ((public_size != CURVE25519_KEYSIZE) ||
(private_size != CURVE25519_KEYSIZE)) {
return ECC_BAD_ARG_E;
}
if ((pub == NULL) || (priv == NULL))
return ECC_BAD_ARG_E;
/* check clamping */
if ((priv[0] & ~248) ||
(priv[CURVE25519_KEYSIZE-1] & 128)) {
return ECC_BAD_ARG_E;
}
#ifdef FREESCALE_LTC_ECC
{
const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint();
ECPoint wc_pub;
ret = nxp_ltc_curve25519(&wc_pub, priv, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */
if (ret == 0)
XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
}
#else
fe_init();
ret = curve25519(pub, priv, kCurve25519BasePoint);
#endif
return ret;
}
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
{
#ifdef FREESCALE_LTC_ECC
const ECPoint* basepoint = wc_curve25519_GetBasePoint();
#else
unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
#endif
int ret;
int ret;
if (key == NULL || rng == NULL)
return BAD_FUNC_ARG;
@ -67,10 +102,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
if (keysize != CURVE25519_KEYSIZE)
return ECC_BAD_ARG_E;
#ifndef FREESCALE_LTC_ECC
fe_init();
#endif
/* random number for private key */
ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
if (ret != 0)
@ -81,19 +112,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */
key->k.point[CURVE25519_KEYSIZE-1] |= 64;
/* compute public key */
#ifdef FREESCALE_LTC_ECC
ret = wc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */
#else
ret = curve25519(key->p.point, key->k.point, basepoint);
#endif
if (ret != 0) {
ForceZero(key->k.point, keysize);
ForceZero(key->p.point, keysize);
return ret;
}
return ret;
return wc_curve25519_make_pub((int)sizeof key->p.point, key->p.point, sizeof key->k.point, key->k.point);
}
#ifdef HAVE_CURVE25519_SHARED_SECRET
@ -127,7 +146,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
return ECC_BAD_ARG_E;
#ifdef FREESCALE_LTC_ECC
ret = wc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */);
ret = nxp_ltc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */);
#else
ret = curve25519(o, private_key->k.point, public_key->p.point);
#endif

19
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/des3.c
View file

@ -345,7 +345,7 @@
return 0;
}
static void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
static int Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
int dir)
{
if (des == NULL || out == NULL || in == NULL)
@ -460,18 +460,17 @@
CRYP_Cmd(DISABLE);
}
#endif /* WOLFSSL_STM32_CUBEMX */
return 0;
}
int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
Des3Crypt(des, out, in, sz, DES_ENCRYPTION);
return 0;
return Des3Crypt(des, out, in, sz, DES_ENCRYPTION);
}
int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
Des3Crypt(des, out, in, sz, DES_DECRYPTION);
return 0;
return Des3Crypt(des, out, in, sz, DES_DECRYPTION);
}
#elif defined(HAVE_COLDFIRE_SEC)
@ -1171,7 +1170,7 @@
#ifdef NEED_SOFT_DES
/* permuted choice table (key) */
static const byte pc1[] = {
static const FLASH_QUALIFIER byte pc1[] = {
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
@ -1184,12 +1183,12 @@
};
/* number left rotations of pc1 */
static const byte totrot[] = {
static const FLASH_QUALIFIER byte totrot[] = {
1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28
};
/* permuted choice key (table) */
static const byte pc2[] = {
static const FLASH_QUALIFIER byte pc2[] = {
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
@ -1203,11 +1202,11 @@
/* End of DES-defined tables */
/* bit 0 is left-most in byte */
static const int bytebit[] = {
static const FLASH_QUALIFIER int bytebit[] = {
0200,0100,040,020,010,04,02,01
};
static const word32 Spbox[8][64] = {
static const FLASH_QUALIFIER word32 Spbox[8][64] = {
{ 0x01010400,0x00000000,0x00010000,0x01010404,
0x01010004,0x00010404,0x00000004,0x00010000,
0x00000400,0x01010400,0x01010404,0x00000400,

122
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/dh.c
View file

@ -930,10 +930,10 @@ int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
key->heap = heap; /* for XMALLOC/XFREE in future */
#if !defined(WOLFSSL_QT) && !defined(OPENSSL_ALL)
if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
#ifdef WOLFSSL_DH_EXTRA
if (mp_init_multi(&key->p, &key->g, &key->q, &key->pub, &key->priv, NULL) != MP_OKAY)
#else
if (mp_init_multi(&key->p,&key->g,&key->q,&key->pub,&key->priv,NULL) != MP_OKAY)
if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
#endif
return MEMORY_E;
@ -960,6 +960,10 @@ int wc_FreeDhKey(DhKey* key)
mp_clear(&key->p);
mp_clear(&key->g);
mp_clear(&key->q);
#ifdef WOLFSSL_DH_EXTRA
mp_clear(&key->pub);
mp_forcezero(&key->priv);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
@ -1148,7 +1152,6 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
}
mp_forcezero(tmpX);
mp_clear(tmpX);
mp_clear(tmpQ);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
@ -1485,7 +1488,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
}
else
#endif
#ifdef WOLFSSL_SP_NO_4096
#ifdef WOLFSSL_SP_4096
if (mp_count_bits(&key->p) == 4096) {
ret = sp_ModExp_4096(y, q, p, y);
if (ret != 0)
@ -1798,7 +1801,6 @@ int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
}
mp_forcezero(privateKey);
mp_clear(privateKey);
mp_clear(publicKey);
mp_clear(checkKey);
#ifdef WOLFSSL_SMALL_STACK
@ -1834,7 +1836,6 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
return ret;
}
static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
{
@ -2065,76 +2066,113 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
return ret;
}
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#ifdef WOLFSSL_DH_EXTRA
/* Sets private and public key in DhKey if both are available, otherwise sets
either private or public key, depending on which is available.
Returns WOLFSSL_SUCCESS if at least one of the keys was set. */
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
const byte* pub_key, word32 pubSz)
either private or public key, depending on which is available. */
int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz)
{
byte havePriv = 0;
byte havePub = 0;
mp_int* keyPriv = NULL;
mp_int* keyPub = NULL;
byte havePriv, havePub;
mp_int *keyPriv = NULL, *keyPub = NULL;
if (key == NULL) {
return BAD_FUNC_ARG;
}
havePriv = ( (priv_key != NULL) && (privSz > 0) );
havePub = ( (pub_key != NULL) && (pubSz > 0) );
havePriv = ( (priv != NULL) && (privSz > 0) );
havePub = ( (pub != NULL) && (pubSz > 0) );
if (!havePub && !havePriv) {
WOLFSSL_MSG("No Public or Private Key to Set");
return BAD_FUNC_ARG;
}
/* Set Private Key */
if (havePriv == TRUE) {
if (havePriv) {
/* may have leading 0 */
if (priv_key[0] == 0) {
privSz--; priv_key++;
if (priv[0] == 0) {
privSz--; priv++;
}
if (mp_init(&key->priv) != MP_OKAY)
havePriv = FALSE;
havePriv = 0;
}
if (havePriv == TRUE) {
if (mp_read_unsigned_bin(&key->priv, priv_key, privSz) != MP_OKAY) {
havePriv = FALSE;
if (havePriv) {
if (mp_read_unsigned_bin(&key->priv, priv, privSz) != MP_OKAY) {
mp_clear(&key->priv);
havePriv = 0;
} else {
keyPriv = &key->priv;
WOLFSSL_MSG("DH Private Key Set.");
WOLFSSL_MSG("DH Private Key Set");
}
}
/* Set Public Key */
if (havePub == TRUE) {
if (havePub) {
/* may have leading 0 */
if (pub_key[0] == 0) {
pubSz--; pub_key++;
if (pub[0] == 0) {
pubSz--; pub++;
}
if (mp_init(&key->pub) != MP_OKAY)
havePub = FALSE;
havePub = 0;
}
if (havePub == TRUE) {
if (mp_read_unsigned_bin(&key->pub, pub_key, pubSz) != MP_OKAY) {
havePub = FALSE;
if (havePub) {
if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) {
mp_clear(&key->pub);
havePub = 0;
} else {
keyPub = &key->pub;
WOLFSSL_MSG("DH Public Key Set.");
WOLFSSL_MSG("DH Public Key Set");
}
}
/* Free Memory if error occured */
if (havePriv == FALSE && keyPriv != NULL)
/* Free Memory if error occurred */
if (havePriv == 0 && keyPriv != NULL)
mp_clear(keyPriv);
if (havePub == FALSE && keyPub != NULL)
if (havePub == 0 && keyPub != NULL)
mp_clear(keyPub);
/* WOLFSSL_SUCCESS if private or public was set else WOLFSSL_FAILURE */
return havePriv || havePub;
if (havePriv == 0 && havePub == 0) {
return MEMORY_E;
}
return 0;
}
#endif
/* Can be used with WOLFSSL_DH_EXTRA when key is loaded with
wc_DhKeyDecode or wc_DhImportKeyPair */
int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz)
{
int ret = 0;
word32 pubSz, privSz;
if (key == NULL || (priv && pPrivSz == NULL) || (pub && pPubSz == NULL)) {
return BAD_FUNC_ARG;
}
if (priv) {
privSz = mp_unsigned_bin_size(&key->priv);
if (privSz > *pPrivSz) {
return BUFFER_E;
}
*pPrivSz = privSz;
ret |= mp_to_unsigned_bin(&key->priv, priv);
}
if (pub) {
pubSz = mp_unsigned_bin_size(&key->pub);
if (pubSz > *pPubSz) {
return BUFFER_E;
}
*pPubSz = pubSz;
ret |= mp_to_unsigned_bin(&key->pub, pub);
}
if (ret != 0)
ret = ASN_DH_KEY_E;
return ret;
}
#endif /* WOLFSSL_DH_EXTRA */
static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz, const byte* q, word32 qSz, int trusted,

1543
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/ecc.c
View file

File diff suppressed because it is too large Load diff

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/ed25519.c
View file

@ -61,7 +61,7 @@ int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
ge_p3 A;
#endif
if (key == NULL || pubKeySz != ED25519_PUB_KEY_SIZE)
if (key == NULL || pubKey == NULL || pubKeySz != ED25519_PUB_KEY_SIZE)
ret = BAD_FUNC_ARG;
if (ret == 0)
@ -365,7 +365,7 @@ static int ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
*res = 0;
/* check on basics needed to verify signature */
if (sigLen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
if (sigLen != ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
return BAD_FUNC_ARG;
/* uncompress A (public key), test if valid, and negate it */

17
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/ed448.c
View file

@ -67,7 +67,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, word32 pubKeySz)
byte az[ED448_PRV_KEY_SIZE];
ge448_p2 A;
if ((key == NULL) || (pubKeySz != ED448_PUB_KEY_SIZE)) {
if ((key == NULL) || (pubKey == NULL) || (pubKeySz != ED448_PUB_KEY_SIZE)) {
ret = BAD_FUNC_ARG;
}
@ -197,7 +197,7 @@ static int ed448_sign_msg(const byte* in, word32 inLen, byte* out,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -230,7 +230,7 @@ static int ed448_sign_msg(const byte* in, word32 inLen, byte* out,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -379,7 +379,7 @@ static int ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
*res = 0;
/* check on basics needed to verify signature */
if (sigLen < ED448_SIG_SIZE) {
if (sigLen != ED448_SIG_SIZE) {
ret = BAD_FUNC_ARG;
}
}
@ -400,7 +400,7 @@ static int ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -615,6 +615,10 @@ int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key)
ret = BAD_FUNC_ARG;
}
if (inLen < ED448_PUB_KEY_SIZE) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* compressed prefix according to draft
* https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06 */
@ -699,7 +703,8 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
}
/* key size check */
if ((ret == 0) && (privSz < ED448_KEY_SIZE || pubSz < ED448_PUB_KEY_SIZE)) {
if ((ret == 0) && ((privSz < ED448_KEY_SIZE) ||
(pubSz < ED448_PUB_KEY_SIZE))) {
ret = BAD_FUNC_ARG;
}

3
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/error.c
View file

@ -512,6 +512,9 @@ const char* wc_GetErrorString(int error)
case PSS_SALTLEN_RECOVER_E:
return "PSS - Salt length unable to be recovered";
case CHACHA_POLY_OVERFLOW:
return "wolfcrypt - ChaCha20_Poly1305 limit overflow 4GB";
case ASN_SELF_SIGNED_E:
return "ASN self-signed certificate error";

694
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/evp.c
View file

File diff suppressed because it is too large Load diff

336
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/fe_448.c
View file

@ -600,14 +600,14 @@ void fe448_to_bytes(unsigned char* b, const int64_t* a)
in0 += o;
in4 += o;
in7 -= o << 56;
o = in0 >> 56; in1 += o; t = o << 56; in0 -= t;
o = in1 >> 56; in2 += o; t = o << 56; in1 -= t;
o = in2 >> 56; in3 += o; t = o << 56; in2 -= t;
o = in3 >> 56; in4 += o; t = o << 56; in3 -= t;
o = in4 >> 56; in5 += o; t = o << 56; in4 -= t;
o = in5 >> 56; in6 += o; t = o << 56; in5 -= t;
o = in6 >> 56; in7 += o; t = o << 56; in6 -= t;
o = in7 >> 56; in0 += o;
o = (int64_t)(in0 >> 56); in1 += o; t = o << 56; in0 -= t;
o = (int64_t)(in1 >> 56); in2 += o; t = o << 56; in1 -= t;
o = (int64_t)(in2 >> 56); in3 += o; t = o << 56; in2 -= t;
o = (int64_t)(in3 >> 56); in4 += o; t = o << 56; in3 -= t;
o = (int64_t)(in4 >> 56); in5 += o; t = o << 56; in4 -= t;
o = (int64_t)(in5 >> 56); in6 += o; t = o << 56; in5 -= t;
o = (int64_t)(in6 >> 56); in7 += o; t = o << 56; in6 -= t;
o = (int64_t)(in7 >> 56); in0 += o;
in4 += o; t = o << 56; in7 -= t;
/* Output as bytes */
@ -807,25 +807,25 @@ void fe448_mul39081(int64_t* r, const int64_t* a)
int128_t t5 = a[5] * (int128_t)39081;
int128_t t6 = a[6] * (int128_t)39081;
int128_t t7 = a[7] * (int128_t)39081;
o = t0 >> 56; t1 += o; t = (int128_t)o << 56; t0 -= t;
o = t1 >> 56; t2 += o; t = (int128_t)o << 56; t1 -= t;
o = t2 >> 56; t3 += o; t = (int128_t)o << 56; t2 -= t;
o = t3 >> 56; t4 += o; t = (int128_t)o << 56; t3 -= t;
o = t4 >> 56; t5 += o; t = (int128_t)o << 56; t4 -= t;
o = t5 >> 56; t6 += o; t = (int128_t)o << 56; t5 -= t;
o = t6 >> 56; t7 += o; t = (int128_t)o << 56; t6 -= t;
o = t7 >> 56; t0 += o;
o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t;
o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t;
o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t;
o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t;
o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t;
o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t;
o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t;
o = (int64_t)(t7 >> 56); t0 += o;
t4 += o; t = (int128_t)o << 56; t7 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[0] = (int64_t)t0;
r[1] = (int64_t)t1;
r[2] = (int64_t)t2;
r[3] = (int64_t)t3;
r[4] = (int64_t)t4;
r[5] = (int64_t)t5;
r[6] = (int64_t)t6;
r[7] = (int64_t)t7;
}
/* Mulitply two field elements. r = (a * b) mod (2^448 - 2^224 - 1)
@ -931,25 +931,25 @@ void fe448_mul(int64_t* r, const int64_t* a, const int64_t* b)
t7 += t11;
o = t7 >> 56; t0 += o;
t4 += o; t = (int128_t)o << 56; t7 -= t;
o = t0 >> 56; t1 += o; t = (int128_t)o << 56; t0 -= t;
o = t1 >> 56; t2 += o; t = (int128_t)o << 56; t1 -= t;
o = t2 >> 56; t3 += o; t = (int128_t)o << 56; t2 -= t;
o = t3 >> 56; t4 += o; t = (int128_t)o << 56; t3 -= t;
o = t4 >> 56; t5 += o; t = (int128_t)o << 56; t4 -= t;
o = t5 >> 56; t6 += o; t = (int128_t)o << 56; t5 -= t;
o = t6 >> 56; t7 += o; t = (int128_t)o << 56; t6 -= t;
o = t7 >> 56; t0 += o;
o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t;
o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t;
o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t;
o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t;
o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t;
o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t;
o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t;
o = (int64_t)(t7 >> 56); t0 += o;
t4 += o; t = (int128_t)o << 56; t7 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[0] = (int64_t)t0;
r[1] = (int64_t)t1;
r[2] = (int64_t)t2;
r[3] = (int64_t)t3;
r[4] = (int64_t)t4;
r[5] = (int64_t)t5;
r[6] = (int64_t)t6;
r[7] = (int64_t)t7;
}
/* Square a field element. r = (a * a) mod (2^448 - 2^224 - 1)
@ -1020,25 +1020,25 @@ void fe448_sqr(int64_t* r, const int64_t* a)
t7 += t11;
o = t7 >> 56; t0 += o;
t4 += o; t = (int128_t)o << 56; t7 -= t;
o = t0 >> 56; t1 += o; t = (int128_t)o << 56; t0 -= t;
o = t1 >> 56; t2 += o; t = (int128_t)o << 56; t1 -= t;
o = t2 >> 56; t3 += o; t = (int128_t)o << 56; t2 -= t;
o = t3 >> 56; t4 += o; t = (int128_t)o << 56; t3 -= t;
o = t4 >> 56; t5 += o; t = (int128_t)o << 56; t4 -= t;
o = t5 >> 56; t6 += o; t = (int128_t)o << 56; t5 -= t;
o = t6 >> 56; t7 += o; t = (int128_t)o << 56; t6 -= t;
o = t7 >> 56; t0 += o;
o = (int64_t)(t0 >> 56); t1 += o; t = (int128_t)o << 56; t0 -= t;
o = (int64_t)(t1 >> 56); t2 += o; t = (int128_t)o << 56; t1 -= t;
o = (int64_t)(t2 >> 56); t3 += o; t = (int128_t)o << 56; t2 -= t;
o = (int64_t)(t3 >> 56); t4 += o; t = (int128_t)o << 56; t3 -= t;
o = (int64_t)(t4 >> 56); t5 += o; t = (int128_t)o << 56; t4 -= t;
o = (int64_t)(t5 >> 56); t6 += o; t = (int128_t)o << 56; t5 -= t;
o = (int64_t)(t6 >> 56); t7 += o; t = (int128_t)o << 56; t6 -= t;
o = (int64_t)(t7 >> 56); t0 += o;
t4 += o; t = (int128_t)o << 56; t7 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[0] = (int64_t)t0;
r[1] = (int64_t)t1;
r[2] = (int64_t)t2;
r[3] = (int64_t)t3;
r[4] = (int64_t)t4;
r[5] = (int64_t)t5;
r[6] = (int64_t)t6;
r[7] = (int64_t)t7;
}
/* Invert the field element. (r * a) mod (2^448 - 2^224 - 1) = 1
@ -1469,22 +1469,22 @@ void fe448_to_bytes(unsigned char* b, const int32_t* a)
in0 += o;
in8 += o;
in15 -= o << 28;
o = in0 >> 28; in1 += o; t = o << 28; in0 -= t;
o = in1 >> 28; in2 += o; t = o << 28; in1 -= t;
o = in2 >> 28; in3 += o; t = o << 28; in2 -= t;
o = in3 >> 28; in4 += o; t = o << 28; in3 -= t;
o = in4 >> 28; in5 += o; t = o << 28; in4 -= t;
o = in5 >> 28; in6 += o; t = o << 28; in5 -= t;
o = in6 >> 28; in7 += o; t = o << 28; in6 -= t;
o = in7 >> 28; in8 += o; t = o << 28; in7 -= t;
o = in8 >> 28; in9 += o; t = o << 28; in8 -= t;
o = in9 >> 28; in10 += o; t = o << 28; in9 -= t;
o = in10 >> 28; in11 += o; t = o << 28; in10 -= t;
o = in11 >> 28; in12 += o; t = o << 28; in11 -= t;
o = in12 >> 28; in13 += o; t = o << 28; in12 -= t;
o = in13 >> 28; in14 += o; t = o << 28; in13 -= t;
o = in14 >> 28; in15 += o; t = o << 28; in14 -= t;
o = in15 >> 28; in0 += o;
o = (int32_t)(in0 >> 28); in1 += o; t = o << 28; in0 -= t;
o = (int32_t)(in1 >> 28); in2 += o; t = o << 28; in1 -= t;
o = (int32_t)(in2 >> 28); in3 += o; t = o << 28; in2 -= t;
o = (int32_t)(in3 >> 28); in4 += o; t = o << 28; in3 -= t;
o = (int32_t)(in4 >> 28); in5 += o; t = o << 28; in4 -= t;
o = (int32_t)(in5 >> 28); in6 += o; t = o << 28; in5 -= t;
o = (int32_t)(in6 >> 28); in7 += o; t = o << 28; in6 -= t;
o = (int32_t)(in7 >> 28); in8 += o; t = o << 28; in7 -= t;
o = (int32_t)(in8 >> 28); in9 += o; t = o << 28; in8 -= t;
o = (int32_t)(in9 >> 28); in10 += o; t = o << 28; in9 -= t;
o = (int32_t)(in10 >> 28); in11 += o; t = o << 28; in10 -= t;
o = (int32_t)(in11 >> 28); in12 += o; t = o << 28; in11 -= t;
o = (int32_t)(in12 >> 28); in13 += o; t = o << 28; in12 -= t;
o = (int32_t)(in13 >> 28); in14 += o; t = o << 28; in13 -= t;
o = (int32_t)(in14 >> 28); in15 += o; t = o << 28; in14 -= t;
o = (int32_t)(in15 >> 28); in0 += o;
in8 += o; t = o << 28; in15 -= t;
/* Output as bytes */
@ -1778,41 +1778,41 @@ void fe448_mul39081(int32_t* r, const int32_t* a)
int64_t t13 = a[13] * (int64_t)39081;
int64_t t14 = a[14] * (int64_t)39081;
int64_t t15 = a[15] * (int64_t)39081;
o = t0 >> 28; t1 += o; t = (int64_t)o << 28; t0 -= t;
o = t1 >> 28; t2 += o; t = (int64_t)o << 28; t1 -= t;
o = t2 >> 28; t3 += o; t = (int64_t)o << 28; t2 -= t;
o = t3 >> 28; t4 += o; t = (int64_t)o << 28; t3 -= t;
o = t4 >> 28; t5 += o; t = (int64_t)o << 28; t4 -= t;
o = t5 >> 28; t6 += o; t = (int64_t)o << 28; t5 -= t;
o = t6 >> 28; t7 += o; t = (int64_t)o << 28; t6 -= t;
o = t7 >> 28; t8 += o; t = (int64_t)o << 28; t7 -= t;
o = t8 >> 28; t9 += o; t = (int64_t)o << 28; t8 -= t;
o = t9 >> 28; t10 += o; t = (int64_t)o << 28; t9 -= t;
o = t10 >> 28; t11 += o; t = (int64_t)o << 28; t10 -= t;
o = t11 >> 28; t12 += o; t = (int64_t)o << 28; t11 -= t;
o = t12 >> 28; t13 += o; t = (int64_t)o << 28; t12 -= t;
o = t13 >> 28; t14 += o; t = (int64_t)o << 28; t13 -= t;
o = t14 >> 28; t15 += o; t = (int64_t)o << 28; t14 -= t;
o = t15 >> 28; t0 += o;
o = (int32_t)(t0 >> 28); t1 += o; t = (int64_t)o << 28; t0 -= t;
o = (int32_t)(t1 >> 28); t2 += o; t = (int64_t)o << 28; t1 -= t;
o = (int32_t)(t2 >> 28); t3 += o; t = (int64_t)o << 28; t2 -= t;
o = (int32_t)(t3 >> 28); t4 += o; t = (int64_t)o << 28; t3 -= t;
o = (int32_t)(t4 >> 28); t5 += o; t = (int64_t)o << 28; t4 -= t;
o = (int32_t)(t5 >> 28); t6 += o; t = (int64_t)o << 28; t5 -= t;
o = (int32_t)(t6 >> 28); t7 += o; t = (int64_t)o << 28; t6 -= t;
o = (int32_t)(t7 >> 28); t8 += o; t = (int64_t)o << 28; t7 -= t;
o = (int32_t)(t8 >> 28); t9 += o; t = (int64_t)o << 28; t8 -= t;
o = (int32_t)(t9 >> 28); t10 += o; t = (int64_t)o << 28; t9 -= t;
o = (int32_t)(t10 >> 28); t11 += o; t = (int64_t)o << 28; t10 -= t;
o = (int32_t)(t11 >> 28); t12 += o; t = (int64_t)o << 28; t11 -= t;
o = (int32_t)(t12 >> 28); t13 += o; t = (int64_t)o << 28; t12 -= t;
o = (int32_t)(t13 >> 28); t14 += o; t = (int64_t)o << 28; t13 -= t;
o = (int32_t)(t14 >> 28); t15 += o; t = (int64_t)o << 28; t14 -= t;
o = (int32_t)(t15 >> 28); t0 += o;
t8 += o; t = (int64_t)o << 28; t15 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[8] = t8;
r[9] = t9;
r[10] = t10;
r[11] = t11;
r[12] = t12;
r[13] = t13;
r[14] = t14;
r[15] = t15;
r[0] = (int32_t)t0;
r[1] = (int32_t)t1;
r[2] = (int32_t)t2;
r[3] = (int32_t)t3;
r[4] = (int32_t)t4;
r[5] = (int32_t)t5;
r[6] = (int32_t)t6;
r[7] = (int32_t)t7;
r[8] = (int32_t)t8;
r[9] = (int32_t)t9;
r[10] = (int32_t)t10;
r[11] = (int32_t)t11;
r[12] = (int32_t)t12;
r[13] = (int32_t)t13;
r[14] = (int32_t)t14;
r[15] = (int32_t)t15;
}
/* Mulitply two field elements. r = a * b
@ -1908,41 +1908,41 @@ static WC_INLINE void fe448_mul_8(int32_t* r, const int32_t* a, const int32_t* b
int64_t o = t14 >> 28;
int64_t t15 = o;
t14 -= o << 28;
o = t0 >> 28; t1 += o; t = (int64_t)o << 28; t0 -= t;
o = t1 >> 28; t2 += o; t = (int64_t)o << 28; t1 -= t;
o = t2 >> 28; t3 += o; t = (int64_t)o << 28; t2 -= t;
o = t3 >> 28; t4 += o; t = (int64_t)o << 28; t3 -= t;
o = t4 >> 28; t5 += o; t = (int64_t)o << 28; t4 -= t;
o = t5 >> 28; t6 += o; t = (int64_t)o << 28; t5 -= t;
o = t6 >> 28; t7 += o; t = (int64_t)o << 28; t6 -= t;
o = t7 >> 28; t8 += o; t = (int64_t)o << 28; t7 -= t;
o = t8 >> 28; t9 += o; t = (int64_t)o << 28; t8 -= t;
o = t9 >> 28; t10 += o; t = (int64_t)o << 28; t9 -= t;
o = t10 >> 28; t11 += o; t = (int64_t)o << 28; t10 -= t;
o = t11 >> 28; t12 += o; t = (int64_t)o << 28; t11 -= t;
o = t12 >> 28; t13 += o; t = (int64_t)o << 28; t12 -= t;
o = t13 >> 28; t14 += o; t = (int64_t)o << 28; t13 -= t;
o = t14 >> 28; t15 += o; t = (int64_t)o << 28; t14 -= t;
o = t15 >> 28; t0 += o;
o = (int32_t)(t0 >> 28); t1 += o; t = (int64_t)o << 28; t0 -= t;
o = (int32_t)(t1 >> 28); t2 += o; t = (int64_t)o << 28; t1 -= t;
o = (int32_t)(t2 >> 28); t3 += o; t = (int64_t)o << 28; t2 -= t;
o = (int32_t)(t3 >> 28); t4 += o; t = (int64_t)o << 28; t3 -= t;
o = (int32_t)(t4 >> 28); t5 += o; t = (int64_t)o << 28; t4 -= t;
o = (int32_t)(t5 >> 28); t6 += o; t = (int64_t)o << 28; t5 -= t;
o = (int32_t)(t6 >> 28); t7 += o; t = (int64_t)o << 28; t6 -= t;
o = (int32_t)(t7 >> 28); t8 += o; t = (int64_t)o << 28; t7 -= t;
o = (int32_t)(t8 >> 28); t9 += o; t = (int64_t)o << 28; t8 -= t;
o = (int32_t)(t9 >> 28); t10 += o; t = (int64_t)o << 28; t9 -= t;
o = (int32_t)(t10 >> 28); t11 += o; t = (int64_t)o << 28; t10 -= t;
o = (int32_t)(t11 >> 28); t12 += o; t = (int64_t)o << 28; t11 -= t;
o = (int32_t)(t12 >> 28); t13 += o; t = (int64_t)o << 28; t12 -= t;
o = (int32_t)(t13 >> 28); t14 += o; t = (int64_t)o << 28; t13 -= t;
o = (int32_t)(t14 >> 28); t15 += o; t = (int64_t)o << 28; t14 -= t;
o = (int32_t)(t15 >> 28); t0 += o;
t8 += o; t = (int64_t)o << 28; t15 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[8] = t8;
r[9] = t9;
r[10] = t10;
r[11] = t11;
r[12] = t12;
r[13] = t13;
r[14] = t14;
r[15] = t15;
r[0] = (int32_t)t0;
r[1] = (int32_t)t1;
r[2] = (int32_t)t2;
r[3] = (int32_t)t3;
r[4] = (int32_t)t4;
r[5] = (int32_t)t5;
r[6] = (int32_t)t6;
r[7] = (int32_t)t7;
r[8] = (int32_t)t8;
r[9] = (int32_t)t9;
r[10] = (int32_t)t10;
r[11] = (int32_t)t11;
r[12] = (int32_t)t12;
r[13] = (int32_t)t13;
r[14] = (int32_t)t14;
r[15] = (int32_t)t15;
}
/* Mulitply two field elements. r = (a * b) mod (2^448 - 2^224 - 1)
@ -2053,41 +2053,41 @@ static WC_INLINE void fe448_sqr_8(int32_t* r, const int32_t* a)
int64_t o = t14 >> 28;
int64_t t15 = o;
t14 -= o << 28;
o = t0 >> 28; t1 += o; t = (int64_t)o << 28; t0 -= t;
o = t1 >> 28; t2 += o; t = (int64_t)o << 28; t1 -= t;
o = t2 >> 28; t3 += o; t = (int64_t)o << 28; t2 -= t;
o = t3 >> 28; t4 += o; t = (int64_t)o << 28; t3 -= t;
o = t4 >> 28; t5 += o; t = (int64_t)o << 28; t4 -= t;
o = t5 >> 28; t6 += o; t = (int64_t)o << 28; t5 -= t;
o = t6 >> 28; t7 += o; t = (int64_t)o << 28; t6 -= t;
o = t7 >> 28; t8 += o; t = (int64_t)o << 28; t7 -= t;
o = t8 >> 28; t9 += o; t = (int64_t)o << 28; t8 -= t;
o = t9 >> 28; t10 += o; t = (int64_t)o << 28; t9 -= t;
o = t10 >> 28; t11 += o; t = (int64_t)o << 28; t10 -= t;
o = t11 >> 28; t12 += o; t = (int64_t)o << 28; t11 -= t;
o = t12 >> 28; t13 += o; t = (int64_t)o << 28; t12 -= t;
o = t13 >> 28; t14 += o; t = (int64_t)o << 28; t13 -= t;
o = t14 >> 28; t15 += o; t = (int64_t)o << 28; t14 -= t;
o = t15 >> 28; t0 += o;
o = (int32_t)(t0 >> 28); t1 += o; t = (int64_t)o << 28; t0 -= t;
o = (int32_t)(t1 >> 28); t2 += o; t = (int64_t)o << 28; t1 -= t;
o = (int32_t)(t2 >> 28); t3 += o; t = (int64_t)o << 28; t2 -= t;
o = (int32_t)(t3 >> 28); t4 += o; t = (int64_t)o << 28; t3 -= t;
o = (int32_t)(t4 >> 28); t5 += o; t = (int64_t)o << 28; t4 -= t;
o = (int32_t)(t5 >> 28); t6 += o; t = (int64_t)o << 28; t5 -= t;
o = (int32_t)(t6 >> 28); t7 += o; t = (int64_t)o << 28; t6 -= t;
o = (int32_t)(t7 >> 28); t8 += o; t = (int64_t)o << 28; t7 -= t;
o = (int32_t)(t8 >> 28); t9 += o; t = (int64_t)o << 28; t8 -= t;
o = (int32_t)(t9 >> 28); t10 += o; t = (int64_t)o << 28; t9 -= t;
o = (int32_t)(t10 >> 28); t11 += o; t = (int64_t)o << 28; t10 -= t;
o = (int32_t)(t11 >> 28); t12 += o; t = (int64_t)o << 28; t11 -= t;
o = (int32_t)(t12 >> 28); t13 += o; t = (int64_t)o << 28; t12 -= t;
o = (int32_t)(t13 >> 28); t14 += o; t = (int64_t)o << 28; t13 -= t;
o = (int32_t)(t14 >> 28); t15 += o; t = (int64_t)o << 28; t14 -= t;
o = (int32_t)(t15 >> 28); t0 += o;
t8 += o; t = (int64_t)o << 28; t15 -= t;
/* Store */
r[0] = t0;
r[1] = t1;
r[2] = t2;
r[3] = t3;
r[4] = t4;
r[5] = t5;
r[6] = t6;
r[7] = t7;
r[8] = t8;
r[9] = t9;
r[10] = t10;
r[11] = t11;
r[12] = t12;
r[13] = t13;
r[14] = t14;
r[15] = t15;
r[0] = (int32_t)t0;
r[1] = (int32_t)t1;
r[2] = (int32_t)t2;
r[3] = (int32_t)t3;
r[4] = (int32_t)t4;
r[5] = (int32_t)t5;
r[6] = (int32_t)t6;
r[7] = (int32_t)t7;
r[8] = (int32_t)t8;
r[9] = (int32_t)t9;
r[10] = (int32_t)t10;
r[11] = (int32_t)t11;
r[12] = (int32_t)t12;
r[13] = (int32_t)t13;
r[14] = (int32_t)t14;
r[15] = (int32_t)t15;
}
/* Square a field element. r = (a * a) mod (2^448 - 2^224 - 1)

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/fe_low_mem.c
View file

@ -141,7 +141,7 @@ static void xc_diffadd(byte *x5, byte *z5,
}
#ifndef FREESCALE_LTC_ECC
int curve25519(byte *result, byte *e, byte *q)
int curve25519(byte *result, const byte *e, const byte *q)
{
/* Current point: P_m */
byte xm[F25519_SIZE];

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/fe_operations.c
View file

@ -129,7 +129,7 @@ void fe_init(void)
#if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
!defined(FREESCALE_LTC_ECC)
int curve25519(byte* q, byte* n, byte* p)
int curve25519(byte* q, const byte* n, const byte* p)
{
#if 0
unsigned char e[32];

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/fe_x25519_128.i
View file

@ -406,7 +406,7 @@ void fe_invert(fe r, const fe a)
* n The scalar as an array of bytes.
* a A field element as an array of bytes.
*/
int curve25519(byte* r, byte* n, byte* a)
int curve25519(byte* r, const byte* n, const byte* a)
{
fe x1, x2, z2, x3, z3;
fe t0, t1;

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/fe_x25519_asm.S
View file

@ -16540,3 +16540,7 @@ _fe_ge_sub_avx2:
.size fe_ge_sub_avx2,.-fe_ge_sub_avx2
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

7
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/hmac.c
View file

@ -1216,10 +1216,17 @@ int wolfSSL_GetHmacMaxSize(void)
word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1;
/* RFC 5869 states that the length of output keying material in
octets must be L <= 255*HashLen or N = ceil(L/HashLen) */
if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255)
return BAD_FUNC_ARG;
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;

3
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/include.am
View file

@ -85,7 +85,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c \
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c \
wolfcrypt/src/port/Renesas/renesas_tsip_util.c \
wolfcrypt/src/port/Renesas/README.md
wolfcrypt/src/port/Renesas/README.md \
wolfcrypt/src/port/cypress/psoc6_crypto.c
if BUILD_CRYPTOCB

90
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/integer.c
View file

@ -271,23 +271,10 @@ int mp_count_bits (mp_int * a)
int mp_leading_bit (mp_int * a)
{
int bit = 0;
mp_int t;
int c = mp_count_bits(a);
if (mp_init_copy(&t, a) != MP_OKAY)
return 0;
while (mp_iszero(&t) == MP_NO) {
#ifndef MP_8BIT
bit = (t.dp[0] & 0x80) != 0;
#else
bit = ((t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80) != 0;
#endif
if (mp_div_2d (&t, 8, &t, NULL) != MP_OKAY)
break;
}
mp_clear(&t);
return bit;
if (c == 0) return 0;
return (c % 8) == 0;
}
int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b)
@ -562,6 +549,17 @@ void mp_rshb (mp_int *c, int x)
mp_digit r, rr;
mp_digit D = x;
/* shifting by a negative number not supported */
if (x < 0) return;
/* shift digits first if needed */
if (x >= DIGIT_BIT) {
mp_rshd(c, x / DIGIT_BIT);
/* recalculate number of bits to shift */
D = x % DIGIT_BIT;
}
/* zero shifted is always zero */
if (mp_iszero(c)) return;
/* mask */
@ -1579,6 +1577,24 @@ int mp_div_2(mp_int * a, mp_int * b)
return MP_OKAY;
}
/* c = a / 2 (mod b) - constant time (a < b and positive) */
int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c)
{
int res;
if (mp_isodd(a)) {
res = mp_add(a, b, c);
if (res == MP_OKAY) {
res = mp_div_2(c, c);
}
}
else {
res = mp_div_2(a, c);
}
return res;
}
/* high level addition (handles signs) */
int mp_add (mp_int * a, mp_int * b, mp_int * c)
@ -1990,7 +2006,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
calls/ifs) */
#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
if (((P->used * 2 + 1) < (int)MP_WARRAY) &&
P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
redux = fast_mp_montgomery_reduce;
} else
#endif
@ -2236,7 +2252,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
calls/ifs) */
#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
if (((P->used * 2 + 1) < (int)MP_WARRAY) &&
P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
redux = fast_mp_montgomery_reduce;
} else
#endif
@ -2596,7 +2612,7 @@ int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
digs = n->used * 2 + 1;
if ((digs < (int)MP_WARRAY) &&
n->used <
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
(1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_mp_montgomery_reduce (x, n, rho);
}
@ -2996,6 +3012,32 @@ int mp_addmod(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
return res;
}
/* d = a - b (mod c) - a < c and b < c and positive */
int mp_submod_ct(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
{
int res;
res = mp_sub(a, b, d);
if (res == MP_OKAY && mp_isneg(d)) {
res = mp_add(d, c, d);
}
return res;
}
/* d = a + b (mod c) - a < c and b < c and positive */
int mp_addmod_ct(mp_int* a, mp_int* b, mp_int* c, mp_int* d)
{
int res;
res = mp_add(a, b, d);
if (res == MP_OKAY && mp_cmp(d, c) != MP_LT) {
res = mp_sub(d, c, d);
}
return res;
}
/* computes b = a*a */
int mp_sqr (mp_int * a, mp_int * b)
{
@ -3043,7 +3085,7 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
if ((digs < (int)MP_WARRAY) &&
MIN(a->used, b->used) <=
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
(1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
res = fast_s_mp_mul_digs (a, b, c, digs);
} else
#endif
@ -3506,7 +3548,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* can we use the fast multiplier? */
if ((digs < (int)MP_WARRAY) &&
MIN (a->used, b->used) <
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
(1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_s_mp_mul_digs (a, b, c, digs);
}
@ -4014,7 +4056,7 @@ int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
if (((a->used + b->used + 1) < (int)MP_WARRAY)
&& MIN (a->used, b->used) <
(1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
(1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
return fast_s_mp_mul_high_digs (a, b, c, digs);
}
#endif
@ -4324,6 +4366,8 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
mp_digit *tmpa, *tmpc, mu;
int res, ix, oldused;
if (b > MP_MASK) return MP_VAL;
/* grow c as required */
if (c->alloc < a->used + 1) {
if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
@ -4543,7 +4587,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
#if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA)
const mp_digit ltm_prime_tab[PRIME_SIZE] = {
const FLASH_QUALIFIER mp_digit ltm_prime_tab[PRIME_SIZE] = {
0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,

33
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/misc.c
View file

@ -18,8 +18,13 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This module implements the arithmetic-shift right, left, byte swapping, XOR,
masking and clearing memory logic.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -47,7 +52,7 @@
/* Check for if compiling misc.c when not needed. */
#if !defined(WOLFSSL_MISC_INCLUDED) && !defined(NO_INLINE)
#ifndef WOLFSSL_IGNORE_FILE_WARN
// #warning misc.c does not need to be compiled when using inline (NO_INLINE not defined)
#pragma message( "misc.c does not need to be compiled when using inline (NO_INLINE not defined)")
#endif
#else
@ -77,13 +82,14 @@
}
#else /* generic */
/* This routine performs a left circular arithmetic shift of <x> by <y> value. */
WC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
{
return (x << y) | (x >> (sizeof(y) * 8 - y));
}
/* This routine performs a right circular arithmetic shift of <x> by <y> value. */
WC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
{
return (x >> y) | (x << (sizeof(y) * 8 - y));
@ -91,7 +97,7 @@
#endif
/* This routine performs a byte swap of 32-bit word value. */
WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
{
#ifdef PPC_INTRINSICS
@ -114,8 +120,8 @@ WC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
return rotlFixed(value, 16U);
#endif
}
#if defined(LITTLE_ENDIAN_ORDER)
/* This routine performs a byte swap of words array of a given count. */
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
word32 byteCount)
{
@ -125,7 +131,7 @@ WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
out[i] = ByteReverseWord32(in[i]);
}
#endif /* LITTLE_ENDIAN_ORDER */
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
@ -172,6 +178,8 @@ WC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
#ifndef WOLFSSL_NO_XOR_OPS
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */
WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n)
{
word32 i;
@ -179,6 +187,8 @@ WC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, word32
for (i = 0; i < n; i++) r[i] ^= a[i];
}
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
counts, placing the result in <*buf>. */
WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
{
@ -196,7 +206,8 @@ WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
#endif
#ifndef WOLFSSL_NO_FORCE_ZERO
/* Make sure compiler doesn't skip */
/* This routine fills the first len bytes of the memory area pointed by mem
with zeros. It ensures compiler optimizations doesn't skip it */
WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
{
volatile byte* z = (volatile byte*)mem;
@ -242,6 +253,7 @@ WC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, int length
#if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
#define min min
#endif
/* returns the smaller of a and b */
WC_STATIC WC_INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
@ -323,7 +335,7 @@ WC_STATIC WC_INLINE word32 btoi(byte b)
/* Constant time - mask set when a > b. */
WC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
return ((byte)(((word32)a - b - 1) >> 31) - 1);
}
/* Constant time - mask set when a >= b. */
@ -356,16 +368,19 @@ WC_STATIC WC_INLINE byte ctMaskEq(int a, int b)
return (~ctMaskGT(a, b)) & (~ctMaskLT(a, b));
}
/* Constant time - sets 16 bit integer mask when a > b */
WC_STATIC WC_INLINE word16 ctMask16GT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
}
/* Constant time - sets 16 bit integer mask when a < b. */
WC_STATIC WC_INLINE word16 ctMask16LT(int a, int b)
{
return (((word32)a - b - 1) >> 31) - 1;
return (((word32)b - a - 1) >> 31) - 1;
}
/* Constant time - sets 16 bit integer mask when a == b. */
WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b)
{
return (~ctMask16GT(a, b)) & (~ctMask16LT(a, b));

15
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/pkcs12.c
View file

@ -190,6 +190,7 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
}
/* return 0 on success */
static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
word32* idx, int maxIdx)
{
@ -228,7 +229,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
}
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap);
return ret;
return ASN_PARSE_E;
}
switch (oid) {
@ -251,7 +252,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
}
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap);
return ret;
return ASN_PARSE_E;
}
break;
@ -350,7 +351,8 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
}
/* optional mac data */
/* parse optional mac data
* return 0 on success */
static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
word32 totalSz)
{
@ -366,7 +368,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
*/
if ((ret = GetSequence(mem, &curIdx, &size, totalSz)) <= 0) {
WOLFSSL_MSG("Failed to get PKCS12 sequence");
return ret;
return ASN_PARSE_E;
}
#ifdef WOLFSSL_DEBUG_PKCS12
@ -405,7 +407,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret;
return ASN_PARSE_E;
}
mac->digestSz = size;
mac->digest = (byte*)XMALLOC(mac->digestSz, pkcs12->heap,
@ -637,7 +639,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
totalSz = derSz;
if ((ret = GetSequence(der, &idx, &size, totalSz)) <= 0) {
WOLFSSL_MSG("Failed to get PKCS12 sequence");
return ret;
return ASN_PARSE_E;
}
/* get version */
@ -2120,6 +2122,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert,
XFREE(certBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (ret < 0) {
WOLFSSL_LEAVE("wc_PKCS12_create()", ret);
XFREE(certCi, heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
*certCiSz = ret;

20
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/pkcs7.c
View file

@ -5531,7 +5531,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
/* create key encryption key (KEK) using key wrap algorithm and key encryption
* algorithm, place in kari->kek. return 0 on success, <0 on error. */
static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari,
static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
int keyWrapOID, int keyEncOID)
{
int ret;
@ -5566,6 +5566,19 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari,
if (secret == NULL)
return MEMORY_E;
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(kari->senderKey, rng);
if (ret != 0)
return ret;
ret = wc_ecc_set_rng(kari->recipKey, rng);
if (ret != 0)
return ret;
#else
(void)rng;
#endif
if (kari->direction == WC_PKCS7_ENCODE) {
ret = wc_ecc_shared_secret(kari->senderKey, kari->recipKey,
@ -5797,7 +5810,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
}
/* generate KEK (key encryption key) */
ret = wc_PKCS7_KariGenerateKEK(kari, keyWrapOID, keyAgreeOID);
ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, keyWrapOID, keyAgreeOID);
if (ret != 0) {
wc_PKCS7_KariFree(kari);
#ifdef WOLFSSL_SMALL_STACK
@ -9397,7 +9410,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
}
else {
/* create KEK */
ret = wc_PKCS7_KariGenerateKEK(kari, keyWrapOID, pkcs7->keyAgreeOID);
ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, keyWrapOID,
pkcs7->keyAgreeOID);
if (ret != 0) {
wc_PKCS7_KariFree(kari);
#ifdef WOLFSSL_SMALL_STACK

44
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/poly1305.c
View file

@ -18,11 +18,15 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* Based off the public domain implementations by Andrew Moon
* and Daniel J. Bernstein
*/
DESCRIPTION
This library contains implementation for the Poly1305 authenticator.
Based off the public domain implementations by Andrew Moon
and Daniel J. Bernstein
*/
#ifdef HAVE_CONFIG_H
@ -228,10 +232,10 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
}
static void U32TO8(byte *p, word32 v) {
p[0] = (v ) & 0xff;
p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff;
p[0] = (byte)((v ) & 0xff);
p[1] = (byte)((v >> 8) & 0xff);
p[2] = (byte)((v >> 16) & 0xff);
p[3] = (byte)((v >> 24) & 0xff);
}
#endif
@ -254,7 +258,11 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
/*
This local function operates on a message with a given number of bytes
with a given ctx pointer to a Poly1305 structure.
*/
static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes)
{
#ifdef USE_INTEL_SPEEDUP
@ -378,7 +386,11 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
#endif /* end of 64 bit cpu blocks or 32 bit cpu */
}
void poly1305_block(Poly1305* ctx, const unsigned char *m)
/*
This local function is used for the last call when a message with a given
number of bytes is less than the block size.
*/
static void poly1305_block(Poly1305* ctx, const unsigned char *m)
{
#ifdef USE_INTEL_SPEEDUP
/* No call to poly1305_block when AVX2, AVX2 does 4 blocks at a time. */
@ -494,7 +506,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
#endif
if (ctx == NULL)
if (ctx == NULL || mac == NULL)
return BAD_FUNC_ARG;
#ifdef USE_INTEL_SPEEDUP
@ -663,6 +675,13 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
{
size_t i;
if (ctx == NULL || (m == NULL && bytes > 0))
return BAD_FUNC_ARG;
if (bytes == 0) {
/* valid, but do nothing */
return 0;
}
#ifdef CHACHA_AEAD_TEST
word32 k;
printf("Raw input to poly:\n");
@ -673,8 +692,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
}
printf("\n");
#endif
if (ctx == NULL)
if (ctx == NULL || (m == NULL && bytes > 0))
return BAD_FUNC_ARG;
#ifdef USE_INTEL_SPEEDUP

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/poly1305_asm.S
View file

@ -1103,3 +1103,7 @@ L_poly1305_avx2_final_cmp_copy:
.size poly1305_final_avx2,.-poly1305_final_avx2
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

133
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/port/pic32/pic32mz-crypt.c
View file

@ -301,13 +301,12 @@ typedef struct {
securityAssociation sa __attribute__((aligned (8)));
} pic32mz_desc;
static pic32mz_desc gLHDesc;
static pic32mz_desc gLHDesc __attribute__((coherent));
static uint8_t gLHDataBuf[PIC32MZ_MAX_BD][PIC32_BLOCK_SIZE] __attribute__((aligned (4), coherent));
static void reset_engine(pic32mz_desc *desc, int algo)
static void reset_engine(int algo)
{
int i;
pic32mz_desc* uc_desc = KVA0_TO_KVA1(desc);
wolfSSL_CryptHwMutexLock();
@ -319,37 +318,36 @@ static void reset_engine(pic32mz_desc *desc, int algo)
CEINTSRC = 0xF;
/* Make sure everything is clear first before we setup */
XMEMSET(desc, 0, sizeof(pic32mz_desc));
XMEMSET((void *)&uc_desc->sa, 0, sizeof(uc_desc->sa));
XMEMSET(&gLHDesc, 0, sizeof(pic32mz_desc));
/* Set up the Security Association */
uc_desc->sa.SA_CTRL.ALGO = algo;
uc_desc->sa.SA_CTRL.LNC = 1;
uc_desc->sa.SA_CTRL.FB = 1;
uc_desc->sa.SA_CTRL.ENCTYPE = 1;
uc_desc->sa.SA_CTRL.LOADIV = 1;
gLHDesc.sa.SA_CTRL.ALGO = algo;
gLHDesc.sa.SA_CTRL.LNC = 1;
gLHDesc.sa.SA_CTRL.FB = 1;
gLHDesc.sa.SA_CTRL.ENCTYPE = 1;
gLHDesc.sa.SA_CTRL.LOADIV = 1;
/* Set up the Buffer Descriptor */
uc_desc->err = 0;
gLHDesc.err = 0;
for (i = 0; i < PIC32MZ_MAX_BD; i++) {
XMEMSET((void *)&uc_desc->bd[i], 0, sizeof(uc_desc->bd[i]));
uc_desc->bd[i].BD_CTRL.LAST_BD = 1;
uc_desc->bd[i].BD_CTRL.LIFM = 1;
uc_desc->bd[i].BD_CTRL.PKT_INT_EN = 1;
uc_desc->bd[i].SA_ADDR = KVA_TO_PA(&uc_desc->sa);
uc_desc->bd[i].SRCADDR = KVA_TO_PA(&gLHDataBuf[i]);
XMEMSET((void *)&gLHDesc.bd[i], 0, sizeof(gLHDesc.bd[i]));
gLHDesc.bd[i].BD_CTRL.LAST_BD = 1;
gLHDesc.bd[i].BD_CTRL.LIFM = 1;
gLHDesc.bd[i].BD_CTRL.PKT_INT_EN = 1;
gLHDesc.bd[i].SA_ADDR = KVA_TO_PA(&gLHDesc.sa);
gLHDesc.bd[i].SRCADDR = KVA_TO_PA(&gLHDataBuf[i]);
if (PIC32MZ_MAX_BD > i+1)
uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[i+1]);
gLHDesc.bd[i].NXTPTR = KVA_TO_PA(&gLHDesc.bd[i+1]);
else
uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[0]);
gLHDesc.bd[i].NXTPTR = KVA_TO_PA(&gLHDesc.bd[0]);
XMEMSET((void *)&gLHDataBuf[i], 0, PIC32_BLOCK_SIZE);
}
uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association on the first BD */
desc->dbPtr = 0;
desc->currBd = 0;
desc->msgSize = 0;
desc->processed = 0;
CEBDPADDR = KVA_TO_PA(&(desc->bd[0]));
gLHDesc.bd[0].BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association on the first BD */
gLHDesc.dbPtr = 0;
gLHDesc.currBd = 0;
gLHDesc.msgSize = 0;
gLHDesc.processed = 0;
CEBDPADDR = KVA_TO_PA(&(gLHDesc.bd[0]));
CEPOLLCON = 10;
@ -360,13 +358,11 @@ static void reset_engine(pic32mz_desc *desc, int algo)
#endif
}
static void update_engine(pic32mz_desc *desc, const byte *input, word32 len,
word32 *hash)
static void update_engine(const byte *input, word32 len, word32 *hash)
{
int total;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash);
/* Add the data to the current buffer. If the buffer fills, start processing it
and fill the next one. */
@ -374,78 +370,76 @@ static void update_engine(pic32mz_desc *desc, const byte *input, word32 len,
/* If we've been given the message size, we can process along the
way.
Enable the current buffer descriptor if it is full. */
if (desc->dbPtr >= PIC32_BLOCK_SIZE) {
if (gLHDesc.dbPtr >= PIC32_BLOCK_SIZE) {
/* Wrap up the buffer descriptor and enable it so the engine can process */
uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = desc->dbPtr;
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
gLHDesc.bd[gLHDesc.currBd].MSGLEN = gLHDesc.msgSize;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.BUFLEN = gLHDesc.dbPtr;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.LAST_BD = 0;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.LIFM = 0;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN = 1;
/* Move to the next buffer descriptor, or wrap around. */
desc->currBd++;
if (desc->currBd >= PIC32MZ_MAX_BD)
desc->currBd = 0;
gLHDesc.currBd++;
if (gLHDesc.currBd >= PIC32MZ_MAX_BD)
gLHDesc.currBd = 0;
/* Wait until the engine has processed the new BD. */
while (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
desc->dbPtr = 0;
while (gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN);
gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash);
gLHDesc.dbPtr = 0;
}
if (!PIC32MZ_IF_RAM(input)) {
/* If we're inputting from flash, let the BD have
the address and max the buffer size */
uc_desc->bd[desc->currBd].SRCADDR = KVA_TO_PA(input);
gLHDesc.bd[gLHDesc.currBd].SRCADDR = KVA_TO_PA(input);
total = (len > PIC32MZ_MAX_BLOCK ? PIC32MZ_MAX_BLOCK : len);
desc->dbPtr = total;
gLHDesc.dbPtr = total;
len -= total;
input += total;
}
else {
if (len > PIC32_BLOCK_SIZE - desc->dbPtr) {
if (len > PIC32_BLOCK_SIZE - gLHDesc.dbPtr) {
/* We have more data than can be put in the buffer. Fill what we can.*/
total = PIC32_BLOCK_SIZE - desc->dbPtr;
XMEMCPY(&gLHDataBuf[desc->currBd][desc->dbPtr], input, total);
total = PIC32_BLOCK_SIZE - gLHDesc.dbPtr;
XMEMCPY(&gLHDataBuf[gLHDesc.currBd][gLHDesc.dbPtr], input, total);
len -= total;
desc->dbPtr = PIC32_BLOCK_SIZE;
gLHDesc.dbPtr = PIC32_BLOCK_SIZE;
input += total;
}
else {
/* Fill up what we have, but don't turn on the engine.*/
XMEMCPY(&gLHDataBuf[desc->currBd][desc->dbPtr], input, len);
desc->dbPtr += len;
XMEMCPY(&gLHDataBuf[gLHDesc.currBd][gLHDesc.dbPtr], input, len);
gLHDesc.dbPtr += len;
len = 0;
}
}
}
}
static void start_engine(pic32mz_desc *desc)
static void start_engine(void)
{
/* Wrap up the last buffer descriptor and enable it */
int bufferLen;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
bufferLen = desc->dbPtr;
bufferLen = gLHDesc.dbPtr;
if (bufferLen % 4)
bufferLen = (bufferLen + 4) - (bufferLen % 4);
/* initialize the MSGLEN on engine startup to avoid infinite loop when
* length is less than 257 (size of PIC32_BLOCK_SIZE) */
uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = bufferLen;
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 1;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 1;
uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
gLHDesc.bd[gLHDesc.currBd].MSGLEN = gLHDesc.msgSize;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.BUFLEN = bufferLen;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.LAST_BD = 1;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.LIFM = 1;
gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN = 1;
}
void wait_engine(pic32mz_desc *desc, char *hash, int hash_sz)
void wait_engine(char *hash, int hash_sz)
{
int i;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
unsigned int engineRunning;
do {
engineRunning = 0;
for (i = 0; i < PIC32MZ_MAX_BD; i++) {
engineRunning = engineRunning || uc_desc->bd[i].BD_CTRL.DESC_EN;
engineRunning = engineRunning || gLHDesc.bd[i].BD_CTRL.DESC_EN;
}
} while (engineRunning);
@ -489,10 +483,10 @@ static int wc_Pic32HashUpdate(hashUpdCache* cache, byte* stdBuf, int stdBufLen,
/* if final length is set then pass straight to hardware */
if (cache->finalLen) {
if (cache->bufLen == 0) {
reset_engine(&gLHDesc, algo);
reset_engine(algo);
gLHDesc.msgSize = cache->finalLen;
}
update_engine(&gLHDesc, data, len, digest);
update_engine(data, len, digest);
cache->bufLen += len; /* track progress for blockType */
return 0;
}
@ -560,9 +554,16 @@ static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf,
#ifdef WOLFSSL_PIC32MZ_LARGE_HASH
if (cache->finalLen) {
start_engine(&gLHDesc);
wait_engine(&gLHDesc, (char*)digest, digestSz);
XMEMCPY(hash, digest, digestSz);
/* Only submit to hardware if update data provided matches expected */
if (cache->bufLen == cache->finalLen) {
start_engine();
wait_engine((char*)digest, digestSz);
XMEMCPY(hash, digest, digestSz);
}
else {
wolfSSL_CryptHwMutexUnLock();
ret = BUFFER_E;
}
cache->finalLen = 0;
}
else

14
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/pwdbased.c
View file

@ -501,6 +501,8 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
if (ret < 0) break;
}
if (ret < 0) break;
currentLen = min(kLen, (int)u);
XMEMCPY(output, Ai, currentLen);
output += currentLen;
@ -721,16 +723,22 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
bSz = 128 * blockSize;
blocksSz = bSz * parallel;
blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (blocks == NULL)
if (blocks == NULL) {
ret = MEMORY_E;
goto end;
}
/* Temporary for scryptROMix. */
v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (v == NULL)
if (v == NULL) {
ret = MEMORY_E;
goto end;
}
/* Temporary for scryptBlockMix. */
y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (y == NULL)
if (y == NULL) {
ret = MEMORY_E;
goto end;
}
/* Step 1. */
ret = wc_PBKDF2(blocks, passwd, passLen, salt, saltLen, 1, blocksSz,

189
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/random.c
View file

@ -19,7 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the random number generator.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -487,7 +492,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
if (i == (len-1)) {
len++;
}
drbg->matchCount = 1;
@ -511,6 +516,10 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
}
}
}
else {
/* wc_Sha256Update or wc_Sha256Final returned error */
break;
}
}
ForceZero(data, sizeof(data));
@ -614,7 +623,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret;
int ret = DRBG_FAILURE;
XMEMSET(drbg, 0, sizeof(DRBG));
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@ -645,9 +654,6 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
drbg->matchCount = 0;
ret = DRBG_SUCCESS;
}
else {
ret = DRBG_FAILURE;
}
return ret;
}
@ -674,7 +680,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
{
int ret = DRBG_SUCCESS;
int ret = 0;
/* Check the seed for duplicate words. */
word32 seedIdx = 0;
@ -700,7 +706,7 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret = RNG_FAILURE_E;
int ret = 0;
#ifdef HAVE_HASHDRBG
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
#endif
@ -773,6 +779,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
#else
/* compile-time validation of drbg_data size */
typedef char drbg_data_test[sizeof(rng->drbg_data) >=
@ -780,16 +790,14 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
(void)sizeof(drbg_data_test);
rng->drbg = (struct DRBG*)rng->drbg_data;
#endif
if (rng->drbg == NULL) {
ret = MEMORY_E;
}
else {
if (ret == 0) {
ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
if (ret != 0)
ret = DRBG_FAILURE;
else
if (ret == 0)
ret = wc_RNG_TestSeed(seed, seedSz);
else {
ret = DRBG_FAILURE;
rng->status = DRBG_FAILED;
}
if (ret == DRBG_SUCCESS)
ret = Hash_DRBG_Instantiate(rng->drbg,
@ -1107,20 +1115,20 @@ exit_rng_ht:
}
const byte seedA[] = {
const FLASH_QUALIFIER byte seedA_data[] = {
0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
};
const byte reseedSeedA[] = {
const FLASH_QUALIFIER byte reseedSeedA_data[] = {
0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
};
const byte outputA[] = {
const FLASH_QUALIFIER byte outputA_data[] = {
0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
@ -1134,7 +1142,7 @@ const byte outputA[] = {
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
const byte seedB[] = {
const FLASH_QUALIFIER byte seedB_data[] = {
0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, /* nonce next */
@ -1142,7 +1150,7 @@ const byte seedB[] = {
0xdb, 0xcb, 0xcc, 0x2e
};
const byte outputB[] = {
const FLASH_QUALIFIER byte outputB_data[] = {
0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
@ -1175,17 +1183,65 @@ static int wc_RNG_HealthTestLocal(int reseed)
#endif
if (reseed) {
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA),
reseedSeedA, sizeof(reseedSeedA),
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedA || !reseedSeedA || !outputA) {
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
XMEMCPY_P(seedA, seedA_data, sizeof(seedA_data));
XMEMCPY_P(reseedSeedA, reseedSeedA_data, sizeof(reseedSeedA_data));
XMEMCPY_P(outputA, outputA_data, sizeof(outputA_data));
#else
const byte* seedA = seedA_data;
const byte* reseedSeedA = reseedSeedA_data;
const byte* outputA = outputA_data;
#endif
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE);
if (ret == 0) {
if (ConstantCompare(check, outputA,
RNG_HEALTH_TEST_CHECK_SIZE) != 0)
ret = -1;
}
#ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
}
else {
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB),
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedB || !outputB) {
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
XMEMCPY_P(seedB, seedB_data, sizeof(seedB_data));
XMEMCPY_P(outputB, outputB_data, sizeof(outputB_data));
#else
const byte* seedB = seedB_data;
const byte* outputB = outputB_data;
#endif
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE);
if (ret == 0) {
@ -1200,16 +1256,22 @@ static int wc_RNG_HealthTestLocal(int reseed)
* byte 32, feed them into the health test separately. */
if (ret == 0) {
ret = wc_RNG_HealthTest_ex(0,
seedB + 32, sizeof(seedB) - 32,
seedB + 32, sizeof(seedB_data) - 32,
seedB, 32,
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
NULL, INVALID_DEVID);
if (ret == 0) {
if (ConstantCompare(check, outputB, sizeof(outputB)) != 0)
if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
ret = -1;
}
}
#ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
}
#ifdef WOLFSSL_SMALL_STACK
@ -1607,6 +1669,24 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif (defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC_RNG)) && \
!defined(WOLFSSL_PIC32MZ_RNG)
/* enable ATECC RNG unless using PIC32MZ one instead */
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(MICROCHIP_PIC32)
@ -2052,36 +2132,42 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_NRF51)
#elif defined(WOLFSSL_NRF51) || defined(WOLFSSL_NRF5x)
#include "app_error.h"
#include "nrf_drv_rng.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int remaining = sz, length, pos = 0;
uint8_t available;
uint32_t err_code;
uint8_t available;
static uint8_t initialized = 0;
(void)os;
/* Make sure RNG is running */
err_code = nrf_drv_rng_init(NULL);
if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) {
return -1;
if (!initialized) {
err_code = nrf_drv_rng_init(NULL);
if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE
#ifdef NRF_ERROR_MODULE_ALREADY_INITIALIZED
&& err_code != NRF_ERROR_MODULE_ALREADY_INITIALIZED
#endif
) {
return -1;
}
initialized = 1;
}
while (remaining > 0) {
err_code = nrf_drv_rng_bytes_available(&available);
if (err_code == NRF_SUCCESS) {
length = (remaining < available) ? remaining : available;
if (length > 0) {
err_code = nrf_drv_rng_rand(&output[pos], length);
remaining -= length;
pos += length;
available = 0;
nrf_drv_rng_bytes_available(&available); /* void func */
length = (remaining < available) ? remaining : available;
if (length > 0) {
err_code = nrf_drv_rng_rand(&output[pos], length);
if (err_code != NRF_SUCCESS) {
break;
}
}
if (err_code != NRF_SUCCESS) {
break;
remaining -= length;
pos += length;
}
}
@ -2116,23 +2202,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_ATMEL)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(INTIME_RTOS)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
@ -2295,7 +2364,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret;
@ -2303,7 +2372,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
while (sz > 0) {
uint32_t len = sizeof(buffer);
if (sz < len) {
len = sz;
}

348
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/rsa.c
View file

@ -19,7 +19,13 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interface to the RSA.
RSA keys can be used to encrypt, decrypt, sign and verify data.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -380,7 +386,7 @@ int wc_InitRsaHw(RsaKey* key)
mSz = mp_unsigned_bin_size(&(key->n));
m = (unsigned char*)XMALLOC(mSz, key->heap, DYNAMIC_TYPE_KEY);
if (m == 0) {
if (m == NULL) {
return MEMORY_E;
}
@ -605,59 +611,67 @@ int wc_CheckRsaKey(RsaKey* key)
if (mp_set_int(k, 0x2342) != MP_OKAY)
ret = MP_READ_E;
}
#ifdef WOLFSSL_HAVE_SP_RSA
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->n) == 2048) {
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->n) == 3072) {
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#ifdef WOLFSSL_SP_4096
if (mp_count_bits(&key->n) == 4096) {
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
else
#endif
#endif
#ifdef WOLFSSL_SP_MATH
{
ret = WC_KEY_SIZE_E;
}
#else
{
if (ret == 0) {
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0) {
switch (mp_count_bits(&key->n)) {
#ifndef WOLFSSL_SP_NO_2048
case 2048:
ret = sp_ModExp_2048(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_2048(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_NO_2048 */
#ifndef WOLFSSL_SP_NO_3072
case 3072:
ret = sp_ModExp_3072(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_3072(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_NO_3072 */
#ifdef WOLFSSL_SP_4096
case 4096:
ret = sp_ModExp_4096(k, &key->e, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
if (ret == 0) {
ret = sp_ModExp_4096(tmp, &key->d, &key->n, tmp);
if (ret != 0)
ret = MP_EXPTMOD_E;
}
break;
#endif /* WOLFSSL_SP_4096 */
default:
/* If using only single prcsision math then issue key size error,
otherwise fall-back to multi-precision math calculation */
#ifdef WOLFSSL_SP_MATH
ret = WC_KEY_SIZE_E;
#endif
break;
}
}
#endif /* WOLFSSL_HAVE_SP_RSA */
if (ret == 0) {
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
#ifndef WOLFSSL_SP_MATH
if (ret == 0) {
if (mp_exptmod(k, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
#endif
if (ret == 0) {
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
}
#endif /* !WOLFSSL_SP_MATH */
if (ret == 0) {
if (mp_cmp(k, tmp) != MP_EQ)
@ -756,8 +770,8 @@ int wc_CheckRsaKey(RsaKey* key)
return ret;
}
#endif
#endif
#endif /* WOLFSSL_KEY_GEN && !WOLFSSL_NO_RSA_KEY_CHECK */
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
@ -815,10 +829,10 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
XMEMCPY(tmp, seed, seedSz);
/* counter to byte array appended to tmp */
tmp[seedSz] = (counter >> 24) & 0xFF;
tmp[seedSz + 1] = (counter >> 16) & 0xFF;
tmp[seedSz + 2] = (counter >> 8) & 0xFF;
tmp[seedSz + 3] = (counter) & 0xFF;
tmp[seedSz] = (byte)((counter >> 24) & 0xFF);
tmp[seedSz + 1] = (byte)((counter >> 16) & 0xFF);
tmp[seedSz + 2] = (byte)((counter >> 8) & 0xFF);
tmp[seedSz + 3] = (byte)((counter) & 0xFF);
/* hash and append to existing output */
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
@ -1121,9 +1135,15 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
hLen = wc_HashGetDigestSize(hType);
if (hLen < 0)
return hLen;
if ((int)inputLen != hLen) {
return BAD_FUNC_ARG;
}
hiBits = (bits - 1) & 0x7;
if (hiBits == 0) {
/* Per RFC8017, set the leftmost 8emLen - emBits bits of the
leftmost octet in DB to zero.
*/
*(pkcsBlock++) = 0;
pkcsBlockLen--;
}
@ -1160,7 +1180,6 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
if ((int)pkcsBlockLen - hLen < saltLen + 2) {
return PSS_SALTLEN_E;
}
maskLen = pkcsBlockLen - 1 - hLen;
#if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER)
@ -1203,12 +1222,16 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
ret = wc_Hash(hType, s, (word32)(m - s), pkcsBlock + maskLen, hLen);
}
if (ret == 0) {
/* Set the last eight bits or trailer field to the octet 0xbc */
pkcsBlock[pkcsBlockLen - 1] = RSA_PSS_PAD_TERM;
ret = RsaMGF(mgf, pkcsBlock + maskLen, hLen, pkcsBlock, maskLen, heap);
}
if (ret == 0) {
pkcsBlock[0] &= (1 << hiBits) - 1;
/* Clear the first high bit when "8emLen - emBits" is non-zero.
where emBits = n modBits - 1 */
if (hiBits)
pkcsBlock[0] &= (1 << hiBits) - 1;
m = pkcsBlock + maskLen - saltLen - 1;
*(m++) ^= 0x01;
@ -1237,15 +1260,15 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
return BAD_FUNC_ARG;
}
if (pkcsBlockLen - RSA_MIN_PAD_SZ < inputLen) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1) {
if (pkcsBlockLen < inputLen + 2) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
/* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
@ -1255,12 +1278,6 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
/* pad with non-zero random bytes */
word32 padLen, i;
int ret;
if (pkcsBlockLen < inputLen + 1) {
WOLFSSL_MSG("RsaPad error, invalid length");
return RSA_PAD_E;
}
padLen = pkcsBlockLen - inputLen - 1;
ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0) {
@ -1457,9 +1474,10 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
* saltLen Length of salt to put in padding.
* bits Length of key in bits.
* heap Used for dynamic memory allocation.
* returns 0 on success, PSS_SALTLEN_E when the salt length is invalid,
* BAD_PADDING_E when the padding is not valid, MEMORY_E when allocation fails
* and other negative values on error.
* returns the sum of salt length and SHA-256 digest size on success.
* Otherwise, PSS_SALTLEN_E for an incorrect salt length,
* WC_KEY_SIZE_E for an incorrect encoded message (EM) size
and other negative values on error.
*/
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, enum wc_HashType hType, int mgf,
@ -1596,7 +1614,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
byte invalid = 0;
#endif
if (output == NULL || pkcsBlockLen == 0 || pkcsBlockLen > 0xFFFF) {
if (output == NULL || pkcsBlockLen < 2 || pkcsBlockLen > 0xFFFF) {
return BAD_FUNC_ARG;
}
@ -1718,54 +1736,6 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
return ret;
}
#if defined(WOLFSSL_XILINX_CRYPT)
/*
* Xilinx hardened crypto acceleration.
*
* Returns 0 on success and negative values on error.
*/
static int wc_RsaFunctionXil(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = 0;
word32 keyLen;
(void)rng;
keyLen = wc_RsaEncryptSize(key);
if (keyLen > *outLen) {
WOLFSSL_MSG("Output buffer is not big enough");
return BAD_FUNC_ARG;
}
if (inLen != keyLen) {
WOLFSSL_MSG("Expected that inLen equals RSA key length");
return BAD_FUNC_ARG;
}
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
/* Currently public exponent is loaded by default.
* In SDK 2017.1 RSA exponent values are expected to be of 4 bytes
* leading to private key operations with Xsecure_RsaDecrypt not being
* supported */
ret = RSA_WRONG_TYPE_E;
break;
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) {
ret = BAD_STATE_E;
}
break;
default:
ret = RSA_WRONG_TYPE_E;
}
*outLen = keyLen;
return ret;
}
#endif /* WOLFSSL_XILINX_CRYPT */
#ifdef WC_RSA_NONBLOCK
static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out,
@ -1845,7 +1815,92 @@ static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out,
}
#endif /* WC_RSA_NONBLOCK */
#ifdef WOLFSSL_AFALG_XILINX_RSA
#ifdef WOLFSSL_XILINX_CRYPT
/*
* Xilinx hardened crypto acceleration.
*
* Returns 0 on success and negative values on error.
*/
static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = 0;
word32 keyLen;
(void)rng;
keyLen = wc_RsaEncryptSize(key);
if (keyLen > *outLen) {
WOLFSSL_MSG("Output buffer is not big enough");
return BAD_FUNC_ARG;
}
if (inLen != keyLen) {
WOLFSSL_MSG("Expected that inLen equals RSA key length");
return BAD_FUNC_ARG;
}
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
/* Currently public exponent is loaded by default.
* In SDK 2017.1 RSA exponent values are expected to be of 4 bytes
* leading to private key operations with Xsecure_RsaDecrypt not being
* supported */
ret = RSA_WRONG_TYPE_E;
#else
{
byte *d;
int dSz;
XSecure_Rsa rsa;
dSz = mp_unsigned_bin_size(&key->d);
d = (byte*)XMALLOC(dSz, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (d == NULL) {
ret = MEMORY_E;
}
else {
ret = mp_to_unsigned_bin(&key->d, d);
XSecure_RsaInitialize(&rsa, key->mod, NULL, d);
}
if (ret == 0) {
if (XSecure_RsaPrivateDecrypt(&rsa, (u8*)in, inLen, out) !=
XST_SUCCESS) {
ret = BAD_STATE_E;
}
}
if (d != NULL) {
XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
}
}
#endif
break;
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) {
ret = BAD_STATE_E;
}
#else
/* starting at Xilinx release 2019 the function XSecure_RsaDecrypt was removed */
if (XSecure_RsaPublicEncrypt(&(key->xRsa), (u8*)in, inLen, out) != XST_SUCCESS) {
WOLFSSL_MSG("Error happened when calling hardware RSA public operation");
ret = BAD_STATE_E;
}
#endif
break;
default:
ret = RSA_WRONG_TYPE_E;
}
*outLen = keyLen;
return ret;
}
#elif defined(WOLFSSL_AFALG_XILINX_RSA)
#ifndef ERROR_OUT
#define ERROR_OUT(x) ret = (x); goto done
#endif
@ -2038,12 +2093,16 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return MISSING_RNG_E;
#endif
#ifndef RSA_LOW_MEM
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
if ((mp_count_bits(&key->p) == 1024) &&
(mp_count_bits(&key->q) == 1024)) {
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
}
break;
#else
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
NULL, NULL, NULL, &key->n, out, outLen);
return sp_RsaPrivate_2048(in, inLen, &key->d, NULL, NULL, NULL,
NULL, NULL, &key->n, out, outLen);
#endif
#endif
case RSA_PUBLIC_ENCRYPT:
@ -2063,12 +2122,16 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return MISSING_RNG_E;
#endif
#ifndef RSA_LOW_MEM
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
if ((mp_count_bits(&key->p) == 1536) &&
(mp_count_bits(&key->q) == 1536)) {
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
}
break;
#else
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
NULL, NULL, NULL, &key->n, out, outLen);
return sp_RsaPrivate_3072(in, inLen, &key->d, NULL, NULL, NULL,
NULL, NULL, &key->n, out, outLen);
#endif
#endif
case RSA_PUBLIC_ENCRYPT:
@ -2088,12 +2151,16 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
return MISSING_RNG_E;
#endif
#ifndef RSA_LOW_MEM
return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
if ((mp_count_bits(&key->p) == 2048) &&
(mp_count_bits(&key->q) == 2048)) {
return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
}
break;
#else
return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
NULL, NULL, NULL, &key->n, out, outLen);
return sp_RsaPrivate_4096(in, inLen, &key->d, NULL, NULL, NULL,
NULL, NULL, &key->n, out, outLen);
#endif
#endif
case RSA_PUBLIC_ENCRYPT:
@ -2253,12 +2320,8 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
#endif
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef WOLFSSL_XILINX_CRYPT
ret = wc_RsaFunctionXil(in, inLen, out, outLen, type, key, rng);
#else
if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E;
#endif
break;
default:
ret = RSA_WRONG_TYPE_E;
@ -2271,11 +2334,14 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
if (keyLen > *outLen)
ret = RSA_BUFFER_E;
}
#ifndef WOLFSSL_XILINX_CRYPT
if (ret == 0) {
*outLen = keyLen;
if (mp_to_unsigned_bin_len(tmp, out, keyLen) != MP_OKAY)
ret = MP_TO_E;
}
#endif
#else
(void)type;
(void)key;
@ -2611,7 +2677,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
#endif
if (mp_init(c) != MP_OKAY)
ret = MEMORY_E;
ret = MP_INIT_E;
if (ret == 0) {
if (mp_read_unsigned_bin(c, in, inLen) != 0)
ret = MP_READ_E;

26
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sha256.c
View file

@ -19,6 +19,16 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* For more info on the algorithm, see https://tools.ietf.org/html/rfc6234 */
/*
DESCRIPTION
This library provides the interface to SHA-256 secure hash algorithms.
SHA-256 performs processing on message blocks to produce a final hash digest
output. It can be used to hash a message, M, having a length of L bits,
where 0 <= L < 2^64.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -119,6 +129,10 @@
/* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
#elif defined(WOLFSSL_CRYPTOCELL)
/* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#else
#include <wolfssl/wolfcrypt/logging.h>
@ -164,7 +178,8 @@
(!defined(WOLFSSL_IMX6_CAAM) || defined(NO_IMX6_CAAM_HASH)) && \
!defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \
(!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \
(!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH))
(!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO)
static int InitSha256(wc_Sha256* sha256)
{
@ -494,6 +509,7 @@ static int InitSha256(wc_Sha256* sha256)
(void)devId;
(void)heap;
XMEMSET(sha256, 0, sizeof(wc_Sha256));
wc_Stm32_Hash_Init(&sha256->stmCtx);
return 0;
}
@ -663,6 +679,10 @@ static int InitSha256(wc_Sha256* sha256)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
/* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
#define NEED_SOFT_SHA256
@ -699,7 +719,7 @@ static int InitSha256(wc_Sha256* sha256)
#ifdef NEED_SOFT_SHA256
static const ALIGN32 word32 K[64] = {
static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
@ -1559,6 +1579,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
/* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sha256_asm.S
View file

@ -22651,3 +22651,7 @@ L_sha256_len_avx2_rorx_done:
.size Transform_Sha256_AVX2_RORX_Len,.-Transform_Sha256_AVX2_RORX_Len
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

10
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sha3.c
View file

@ -708,6 +708,11 @@ static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) {
#if defined(HAVE_INTEL_QA) && defined(QAT_V2)
@ -1165,6 +1170,11 @@ int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len)
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
return Sha3Update(shake, data, len, WC_SHA3_256_COUNT);
}

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sha512.c
View file

@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM)
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO)
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)

4
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sha512_asm.S
View file

@ -10739,3 +10739,7 @@ L_sha512_len_avx2_rorx_done:
.size Transform_Sha512_AVX2_RORX_Len,.-Transform_Sha512_AVX2_RORX_Len
#endif /* __APPLE__ */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

103
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/signature.c
View file

@ -176,33 +176,38 @@ int wc_SignatureVerifyHash(
case WC_SIGNATURE_TYPE_RSA:
{
#ifndef NO_RSA
#if defined(WOLFSSL_CRYPTOCELL)
/* the signature must propagate to the cryptocell to get verfied */
#ifdef WOLFSSL_CRYPTOCELL
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Verify(hash_data, hash_len,(byte*)sig, key,
CRYS_RSA_HASH_SHA256_mode);
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Verify(hash_data, hash_len,(byte*)sig, key,
CRYS_RSA_After_SHA256_mode);
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
cc310_hashModeRSA(hash_type, 1));
}
if (ret != 0) {
WOLFSSL_MSG("RSA Signature Verify difference!");
ret = SIG_VERIFY_E;
}
#else /* WOLFSSL_CRYPTOCELL */
#else
word32 plain_len = hash_len;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *plain_data;
#else
byte plain_data[MAX_ENCODED_SIG_SZ];
#endif
/* Make sure the plain text output is at least key size */
if (plain_len < sig_len) {
plain_len = sig_len;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain_data) {
if (plain_data)
#else
if (plain_len <= sizeof(plain_data))
#endif
{
byte* plain_ptr = NULL;
XMEMSET(plain_data, 0, plain_len);
XMEMCPY(plain_data, sig, sig_len);
/* Perform verification of signature using provided RSA key */
do {
#ifdef WOLFSSL_ASYNC_CRYPT
@ -210,25 +215,29 @@ int wc_SignatureVerifyHash(
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data,
plain_len, (RsaKey*)key);
ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key);
} while (ret == WC_PENDING_E);
if (ret >= 0) {
if (ret >= 0 && plain_ptr) {
if ((word32)ret == hash_len &&
XMEMCMP(plain_data, hash_data, hash_len) == 0) {
XMEMCMP(plain_ptr, hash_data, hash_len) == 0) {
ret = 0; /* Success */
}
else {
WOLFSSL_MSG("RSA Signature Verify difference!");
ret = SIG_VERIFY_E;
}
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
else {
ret = MEMORY_E;
}
#endif /* !WOLFSSL_CRYPTOCELL */
#endif /* WOLFSSL_CRYPTOCELL */
if (ret != 0) {
WOLFSSL_MSG("RSA Signature Verify difference!");
ret = SIG_VERIFY_E;
}
#else
ret = SIG_TYPE_E;
#endif
@ -308,23 +317,9 @@ int wc_SignatureVerify(
}
if (ret == 0) {
#if defined(WOLFSSL_CRYPTOCELL)
if ((sig_type == WC_SIGNATURE_TYPE_RSA)
|| (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC)) {
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, sig, key,
cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, sig, key,
cc310_hashModeRSA(hash_type, 1));
}
}
#else
/* Verify signature using hash */
ret = wc_SignatureVerifyHash(hash_type, sig_type,
hash_data, hash_enc_len, sig, sig_len, key, key_len);
#endif /* WOLFSSL_CRYPTOCELL */
}
}
@ -400,15 +395,17 @@ int wc_SignatureGenerateHash_ex(
case WC_SIGNATURE_TYPE_RSA_W_ENC:
case WC_SIGNATURE_TYPE_RSA:
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if defined(WOLFSSL_CRYPTOCELL)
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 0));
#ifdef WOLFSSL_CRYPTOCELL
/* use expected signature size (incoming sig_len could be larger buffer */
*sig_len = wc_SignatureGetSize(sig_type, key, key_len);
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 1));
}
else {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 1));
}
#else
/* Create signature using provided RSA key */
do {
@ -420,7 +417,7 @@ int wc_SignatureGenerateHash_ex(
ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
(RsaKey*)key, rng);
} while (ret == WC_PENDING_E);
#endif /* WOLFSSL_CRYPTOCELL */
#endif /* WOLFSSL_CRYPTOCELL */
if (ret >= 0) {
*sig_len = ret;
ret = 0; /* Success */
@ -518,25 +515,6 @@ int wc_SignatureGenerate_ex(
#endif
}
if (ret == 0) {
#if defined(WOLFSSL_CRYPTOCELL)
if ((sig_type == WC_SIGNATURE_TYPE_RSA)
|| (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC)) {
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
key, cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
key, cc310_hashModeRSA(hash_type, 1));
}
if (ret == *sig_len) {
ret = 0;
}
}
}
}
#else
/* Generate signature using hash */
ret = wc_SignatureGenerateHash(hash_type, sig_type,
hash_data, hash_enc_len, sig, sig_len, key, key_len, rng);
@ -547,7 +525,6 @@ int wc_SignatureGenerate_ex(
ret = wc_SignatureVerifyHash(hash_type, sig_type, hash_data,
hash_enc_len, sig, *sig_len, key, key_len);
}
#endif /* WOLFSSL_CRYPTOCELL */
#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN)
XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);

47537
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_arm32.c
View file

File diff suppressed because it is too large Load diff

3300
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_arm64.c
View file

File diff suppressed because it is too large Load diff

3445
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_armthumb.c
View file

File diff suppressed because it is too large Load diff

4061
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_c32.c
View file

File diff suppressed because it is too large Load diff

3905
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_c64.c
View file

File diff suppressed because it is too large Load diff

7186
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_cortexm.c
View file

File diff suppressed because it is too large Load diff

5
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_dsp32.c
View file

@ -43,7 +43,8 @@
#include "hexagon_protos.h"
#include "hexagon_types.h"
#if (defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)) && (defined(WOLFSSL_HAVE_SP_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY))
#if (!defined(WC_NO_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)) && \
(defined(WOLFSSL_HAVE_SP_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY))
/* Mask for address to obfuscate which of the two address will be used. */
static const size_t addr_mask[2] = { 0, (size_t)-1 };
#endif
@ -1995,7 +1996,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
return err;
}
#elif defined(WOLFSSL_SP_CACHE_RESISTANT)
#elif !defined(WC_NO_CACHE_RESISTANT)
/* Multiply the point by the scalar and return the result.
* If map is true then convert result to affine co-ordinates.
*

390
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_int.c
View file

@ -21,6 +21,11 @@
/* Implementation by Sean Parkinson. */
/*
DESCRIPTION
This library provides single precision (SP) integer math functions.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -38,21 +43,27 @@
* WOLFSSL_HAVE_SP_RSA: Enable SP RSA support
* WOLFSSL_HAVE_SP_DH: Enable SP DH support
* WOLFSSL_HAVE_SP_ECC: Enable SP ECC support
* WOLFSSL_SP_MATH: Use only single precision math and algorithms it supports (no fastmath tfm.c or normal integer.c)
* WOLFSSL_SP_SMALL: Use smaller version of code and avoid large stack variables
* WOLFSSL_SP_MATH: Use only single precision math and algorithms
* it supports (no fastmath tfm.c or normal integer.c)
* WOLFSSL_SP_SMALL: Use smaller version of code and avoid large
* stack variables
* WOLFSSL_SP_NO_MALLOC: Always use stack, no heap XMALLOC/XFREE allowed
* WOLFSSL_SP_NO_3072: Disable RSA/DH 3072-bit support
* WOLFSSL_SP_NO_2048: Disable RSA/DH 2048-bit support
* WOLFSSL_SP_NO_3072: Disable RSA/DH 3072-bit support
* WOLFSSL_SP_4096: Enable RSA/RH 4096-bit support
* WOLFSSL_SP_384 Enable ECC 384-bit SECP384R1 support
* WOLFSSL_SP_NO_256 Disable ECC 256-bit SECP256R1 support
* WOLFSSL_SP_CACHE_RESISTANT Enable cache resistantant code
* WOLFSSL_SP_ASM Enable assembly speedups (detect platform)
* WOLFSSL_SP_X86_64_ASM Enable Intel x86 assembly speedups like AVX/AVX2
* WOLFSSL_SP_ARM32_ASM Enable Aarch32 assembly speedups
* WOLFSSL_SP_ARM64_ASM Enable Aarch64 assembly speedups
* WOLFSSL_SP_ARM_CORTEX_M_ASM Enable Cortex-M assembly speedups
* WOLFSSL_SP_ARM_THUMB_ASM Enable ARM Thumb assembly speedups (used with -mthumb)
* WOLFSSL_SP_ARM_THUMB_ASM Enable ARM Thumb assembly speedups
* (used with -mthumb)
* SP_WORD_SIZE Force 32 or 64 bit mode
* WOLFSSL_SP_NONBLOCK Enables "non blocking" mode for SP math, which
* will return FP_WOULDBLOCK for long operations and function must be
* called again until complete.
*/
#ifdef WOLFSSL_SP_MATH
@ -171,19 +182,23 @@ int sp_unsigned_bin_size(sp_int* a)
* a SP integer.
* in Array of bytes.
* inSz Number of data bytes in array.
* returns BAD_FUNC_ARG when the number is too big to fit in an SP and
* returns MP_VAL when the number is too big to fit in an SP and
MP_OKAY otherwise.
*/
int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
{
int err = MP_OKAY;
int i, j = 0, k;
if (inSz > SP_INT_DIGITS * (int)sizeof(a->dp[0])) {
/* Extra digit added to SP_INT_DIGITS to be used in calculations. */
if (inSz > (SP_INT_DIGITS - 1) * (int)sizeof(a->dp[0])) {
err = MP_VAL;
}
if (err == MP_OKAY) {
else if (inSz == 0) {
XMEMSET(a->dp, 0, a->size * sizeof(*a->dp));
a->used = 0;
}
else {
for (i = inSz-1; i >= (SP_WORD_SIZE/8); i -= (SP_WORD_SIZE/8), j++) {
a->dp[j] = (((sp_int_digit)in[i-0]) << (0*8))
| (((sp_int_digit)in[i-1]) << (1*8))
@ -204,9 +219,9 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz)
}
}
a->used = j + 1;
}
sp_clamp(a);
sp_clamp(a);
}
return err;
}
@ -496,7 +511,7 @@ void sp_clamp(sp_int* a)
a->used = i + 1;
}
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
#if defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
/* Grow big number to be able to hold l digits.
* This function does nothing as the number of digits is fixed.
*
@ -514,7 +529,9 @@ int sp_grow(sp_int* a, int l)
return err;
}
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
/* Sub a one digit number from the big number.
*
* a SP integer.
@ -589,20 +606,26 @@ int sp_cmp_d(sp_int *a, sp_int_digit d)
static int sp_lshb(sp_int* a, int n)
{
int i;
sp_digit v;
if (n >= SP_WORD_SIZE) {
sp_lshd(a, n / SP_WORD_SIZE);
n %= SP_WORD_SIZE;
}
if (n != 0) {
a->dp[a->used] = 0;
for (i = a->used - 1; i >= 0; i--) {
if ((n != 0) && (a->used != 0)) {
v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n);
if (v != 0) {
a->dp[a->used] = v;
}
a->dp[a->used - 1] = a->dp[a->used - 1] << n;
for (i = a->used - 2; i >= 0; i--) {
a->dp[i+1] |= a->dp[i] >> (SP_WORD_SIZE - n);
a->dp[i] = a->dp[i] << n;
}
if (a->dp[a->used] != 0)
if (v != 0) {
a->used++;
}
}
return MP_OKAY;
@ -648,16 +671,32 @@ int sp_sub(sp_int* a, sp_int* b, sp_int* r)
*/
void sp_rshb(sp_int* a, int n, sp_int* r)
{
int i;
int i = n / SP_WORD_SIZE;
int j;
for (i = n / SP_WORD_SIZE, j = 0; i < a->used-1; i++, j++)
r->dp[i] = (a->dp[j] >> n) | (a->dp[j+1] << (SP_WORD_SIZE - n));
r->dp[i] = a->dp[j] >> n;
r->used = j + 1;
sp_clamp(r);
if (i >= a->used) {
r->dp[0] = 0;
r->used = 0;
}
else {
n %= SP_WORD_SIZE;
if (n == 0) {
for (j = 0; i < a->used; i++, j++)
r->dp[j] = a->dp[i];
r->used = j;
}
if (n > 0) {
for (j = 0; i < a->used-1; i++, j++)
r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
r->dp[j] = a->dp[i] >> n;
r->used = j + 1;
sp_clamp(r);
}
}
}
#if defined(WOLFSSL_SP_SMALL) || (defined(WOLFSSL_KEY_GEN) || \
!defined(NO_DH) && !defined(WC_NO_RNG))
/* Multiply a by digit n and put result into r shifting up o digits.
* r = (a * n) << (o * SP_WORD_SIZE)
*
@ -684,6 +723,60 @@ static void _sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r, int o)
r->used = i+o+1;
sp_clamp(r);
}
#endif
/* Divide a two digit number by a digit number and return. (hi | lo) / d
*
* hi SP integer digit. High digit.
* lo SP integer digit. Lower digit.
* d SP integer digit. Number to divide by.
* returns the division result.
*/
static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
sp_int_digit d)
{
#ifdef WOLFSSL_SP_DIV_WORD_HALF
sp_int_digit div = d >> SP_HALF_SIZE;
sp_int_digit r;
sp_int_digit r2;
sp_int_word w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
sp_int_word trial;
r = hi / div;
if (r > SP_HALF_MAX) {
r = SP_HALF_MAX;
}
r <<= SP_HALF_SIZE;
trial = r * (sp_int_word)d;
while (trial > w) {
r -= (sp_int_digit)1 << SP_HALF_SIZE;
trial -= (sp_int_word)d << SP_HALF_SIZE;
}
w -= trial;
r2 = ((sp_int_digit)(w >> SP_HALF_SIZE)) / div;
trial = r2 * (sp_int_word)d;
while (trial > w) {
r2--;
trial -= d;
}
w -= trial;
r += r2;
r2 = ((sp_int_digit)w) / d;
r += r2;
return r;
#else
sp_int_word w;
sp_int_digit r;
w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
w /= d;
r = (sp_int_digit)w;
return r;
#endif
}
/* Divide a by d and return the quotient in r and the remainder in rem.
* r = a / d; rem = a % d
@ -702,9 +795,6 @@ static int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
int done = 0;
int i;
int s;
#ifndef WOLFSSL_SP_DIV_32
sp_int_word w = 0;
#endif
sp_int_digit dt;
sp_int_digit t;
#ifdef WOLFSSL_SMALL_STACK
@ -718,38 +808,54 @@ static int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
sp_int tr[1];
sp_int trial[1];
#endif
int o;
#ifdef WOLFSSL_SP_SMALL
int c;
#else
int j;
sp_int_word tw;
sp_int_sword sw;
#endif
if (sp_iszero(d))
err = MP_VAL;
ret = sp_cmp(a, d);
if (ret == MP_LT) {
if (rem != NULL) {
sp_copy(a, rem);
if (err == MP_OKAY) {
ret = sp_cmp(a, d);
if (ret == MP_LT) {
if (rem != NULL) {
sp_copy(a, rem);
}
if (r != NULL) {
sp_set(r, 0);
}
done = 1;
}
if (r != NULL) {
sp_set(r, 0);
else if (ret == MP_EQ) {
if (rem != NULL) {
sp_set(rem, 0);
}
if (r != NULL) {
sp_set(r, 1);
#ifdef WOLFSSL_SP_INT_NEGATIVE
r->sign = aSign;
#endif
}
done = 1;
}
done = 1;
}
else if (ret == MP_EQ) {
if (rem != NULL) {
sp_set(rem, 0);
else if (sp_count_bits(a) == sp_count_bits(d)) {
/* a is greater than d but same bit length */
if (rem != NULL) {
sp_sub(a, d, rem);
}
if (r != NULL) {
sp_set(r, 1);
#ifdef WOLFSSL_SP_INT_NEGATIVE
r->sign = aSign;
#endif
}
done = 1;
}
if (r != NULL) {
sp_set(r, 1);
}
done = 1;
}
else if (sp_count_bits(a) == sp_count_bits(d)) {
/* a is greater than d but same bit length */
if (rem != NULL) {
sp_sub(a, d, rem);
}
if (r != NULL) {
sp_set(r, 1);
}
done = 1;
}
#ifdef WOLFSSL_SMALL_STACK
@ -787,79 +893,94 @@ static int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
sp_clear(tr);
tr->used = sa->used - d->used + 1;
dt = d->dp[d->used-1];
#ifndef WOLFSSL_SP_DIV_32
for (i = sa->used - 1; i >= d->used; ) {
if (sa->dp[i] > dt) {
t = (sp_int_digit)-1;
for (i = d->used - 1; i > 0; i--) {
if (sa->dp[sa->used - d->used + i] != d->dp[i]) {
break;
}
}
if (sa->dp[sa->used - d->used + i] >= d->dp[i]) {
i = sa->used;
o = sa->used - d->used;
sp_lshb(d, o * SP_WORD_SIZE);
sp_sub(sa, d, sa);
sp_rshb(d, o * SP_WORD_SIZE, d);
sa->used = i;
if (r != NULL) {
tr->dp[o] = 1;
}
}
for (i = sa->used - 1; i >= d->used; i--) {
if (sa->dp[i] == dt) {
t = (sp_digit)-1;
}
else {
w = ((sp_int_word)sa->dp[i] << SP_WORD_SIZE) | sa->dp[i-1];
w /= dt;
if (w > (sp_int_digit)-1) {
t = (sp_int_digit)-1;
}
else {
t = (sp_int_digit)w;
}
t = sp_div_word(sa->dp[i], sa->dp[i-1], dt);
}
if (t > 0) {
#ifdef WOLFSSL_SP_SMALL
do {
_sp_mul_d(d, t, trial, i - d->used);
while (sp_cmp(trial, sa) == MP_GT) {
c = sp_cmp(trial, sa);
if (c == MP_GT) {
t--;
_sp_mul_d(d, t, trial, i - d->used);
}
sp_sub(sa, trial, sa);
tr->dp[i - d->used] += t;
if (tr->dp[i - d->used] < t)
tr->dp[i + 1 - d->used]++;
}
i = sa->used - 1;
}
while (c == MP_GT);
sp_sub(sa, trial, sa);
tr->dp[i - d->used] += t;
if (tr->dp[i - d->used] < t) {
tr->dp[i + 1 - d->used]++;
}
#else
{
sp_int_digit div = (dt >> (SP_WORD_SIZE / 2)) + 1;
for (i = sa->used - 1; i >= d->used; ) {
t = sa->dp[i] / div;
if ((t > 0) && (t << (SP_WORD_SIZE / 2) == 0))
t = (sp_int_digit)-1;
t <<= SP_WORD_SIZE / 2;
if (t == 0) {
t = sa->dp[i] << (SP_WORD_SIZE / 2);
t += sa->dp[i-1] >> (SP_WORD_SIZE / 2);
t /= div;
}
if (t > 0) {
_sp_mul_d(d, t, trial, i - d->used);
while (sp_cmp(trial, sa) == MP_GT) {
t--;
_sp_mul_d(d, t, trial, i - d->used);
o = i - d->used;
do {
tw = 0;
for (j = 0; j < d->used; j++) {
tw += (sp_int_word)d->dp[j] * t;
trial->dp[j] = (sp_int_digit)tw;
tw >>= SP_WORD_SIZE;
}
trial->dp[j] = (sp_int_digit)tw;
for (j = d->used; j > 0; j--) {
if (trial->dp[j] != sa->dp[j + o]) {
break;
}
}
if (trial->dp[j] > sa->dp[j + o]) {
t--;
}
sp_sub(sa, trial, sa);
tr->dp[i - d->used] += t;
if (tr->dp[i - d->used] < t)
tr->dp[i + 1 - d->used]++;
}
i = sa->used - 1;
}
while (trial->dp[j] > sa->dp[j + o]);
while (sp_cmp(sa, d) != MP_LT) {
sp_sub(sa, d, sa);
sp_add_d(tr, 1, tr);
}
}
sw = 0;
for (j = 0; j <= d->used; j++) {
sw += sa->dp[j + o];
sw -= trial->dp[j];
sa->dp[j + o] = (sp_digit)sw;
sw >>= SP_WORD_SIZE;
}
tr->dp[o] += t;
if (tr->dp[o] < t) {
tr->dp[o + 1]++;
}
#endif
sp_clamp(tr);
}
sa->used = i + 1;
if (rem != NULL) {
if (s != SP_WORD_SIZE)
sp_rshb(sa, s, sa);
sp_copy(sa, rem);
sp_clamp(rem);
}
if (r != NULL)
if (r != NULL) {
sp_copy(tr, r);
sp_clamp(r);
}
}
#ifdef WOLFSSL_SMALL_STACK
@ -906,30 +1027,53 @@ void sp_zero(sp_int* a)
int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
{
int i = 0;
sp_int_digit t;
if (a == NULL || r == NULL || a->used > SP_INT_DIGITS)
return BAD_FUNC_ARG;
r->used = a->used;
if (d == 0) {
/*copy the content of <a> to <r>*/
for (; i < a->used; i++)
r->dp[i] = a->dp[i];
return MP_OKAY;
}
if (a->used == 0) {
r->used = 1;
t = d;
}
r->dp[0] = a->dp[0] + d;
if (r->dp[i] < a->dp[i]) {
for (; i < a->used; i++) {
r->dp[i] = a->dp[i] + 1;
if (r->dp[i] != 0)
break;
}
else
t = a->dp[0] + d;
if (a->used != 0 && t < a->dp[0]) {
for (++i; i < a->used; i++) {
r->dp[i] = a->dp[i] + 1;
if (r->dp[i] != 0) {
break;
}
}
if (i == a->used) {
r->used++;
r->dp[i] = 1;
if (i < SP_INT_DIGITS)
r->dp[i] = 1;
else
return MP_VAL;
}
}
for (; i < a->used; i++)
r->dp[i] = a->dp[i];
r->dp[0] = t;
if (r != a) {
for (++i; i < a->used; i++)
r->dp[i] = a->dp[i];
}
return MP_OKAY;
}
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
/* Left shift the big number by a number of digits.
@ -983,7 +1127,9 @@ int sp_add(sp_int* a, sp_int* b, sp_int* r)
r->dp[i] = b->dp[i] + c;
c = (b->dp[i] != 0) && (r->dp[i] == 0);
}
r->dp[i] = c;
if (c != 0) {
r->dp[i] = c;
}
r->used = (int)(i + c);
return MP_OKAY;
@ -1180,7 +1326,8 @@ int sp_mul(sp_int* a, sp_int* b, sp_int* r)
sp_int tr[1];
#endif
if (a->used + b->used > SP_INT_DIGITS)
/* Need extra digit during calculation. */
if (a->used + b->used > (SP_INT_DIGITS - 1))
err = MP_VAL;
#ifdef WOLFSSL_SMALL_STACK
@ -1224,7 +1371,8 @@ static int sp_sqrmod(sp_int* a, sp_int* m, sp_int* r)
{
int err = MP_OKAY;
if (a->used * 2 > SP_INT_DIGITS)
/* Need extra digit during calculation. */
if (a->used * 2 > (SP_INT_DIGITS - 1))
err = MP_VAL;
if (err == MP_OKAY)
@ -1254,7 +1402,8 @@ int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
sp_int t[1];
#endif
if (a->used + b->used > SP_INT_DIGITS)
/* Need extra digit during calculation. */
if (a->used + b->used > (SP_INT_DIGITS - 1))
err = MP_VAL;
#ifdef WOLFSSL_SMALL_STACK
@ -1624,7 +1773,8 @@ int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
sp_set(r, 0);
done = 1;
}
else if (m->used * 2 > SP_INT_DIGITS) {
/* Ensure SP integers have space for intermediate values. */
else if (m->used * 2 > (SP_INT_DIGITS - 1)) {
err = BAD_FUNC_ARG;
}
@ -1655,7 +1805,7 @@ int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
}
else
#endif
#ifdef WOLFSSL_SP_NO_4096
#ifdef WOLFSSL_SP_4096
if ((mBits == 4096) && sp_isodd(m) && (bBits <= 4096) &&
(eBits <= 4096)) {
err = sp_ModExp_4096(b, e, m, r);

4791
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_x86_64.c
View file

File diff suppressed because it is too large Load diff

1932
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/sp_x86_64_asm.S
View file

File diff suppressed because it is too large Load diff

3
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/srp.c
View file

@ -615,6 +615,9 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
digestSz = SrpHashSize(srp->type);
secretSz = mp_unsigned_bin_size(&srp->N);
if ((secretSz < clientPubKeySz) || (secretSz < serverPubKeySz))
return BAD_FUNC_ARG;
if ((secret = (byte*)XMALLOC(secretSz, srp->heap, DYNAMIC_TYPE_SRP)) ==NULL)
return MEMORY_E;

872
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/tfm.c
View file

File diff suppressed because it is too large Load diff

10
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/wc_pkcs11.c
View file

@ -6,7 +6,7 @@
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
@ -1061,8 +1061,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session,
ret = WC_HW_E;
if (ret == 0) {
modSz = tmpl[0].ulValueLen;
expSz = tmpl[1].ulValueLen;
modSz = (int)tmpl[0].ulValueLen;
expSz = (int)tmpl[1].ulValueLen;
mod = (unsigned char*)XMALLOC(modSz, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (mod == NULL)
@ -1162,9 +1162,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
ret = Pkcs11GetRsaPublicKey(key, session, pubKey);
if (pubKey != NULL_PTR)
ret = session->func->C_DestroyObject(session->handle, pubKey);
ret = (int)session->func->C_DestroyObject(session->handle, pubKey);
if (ret != 0 && privKey != NULL_PTR)
ret = session->func->C_DestroyObject(session->handle, privKey);
ret = (int)session->func->C_DestroyObject(session->handle, privKey);
return ret;
}

118
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/wc_port.c
View file

@ -46,7 +46,12 @@
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#ifdef WOLFSSL_PSOC6_CRYPTO
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
@ -180,7 +185,8 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
ret = atmel_init();
if (ret != 0) {
WOLFSSL_MSG("CryptoAuthLib init failed");
@ -199,6 +205,14 @@ int wolfCrypt_Init(void)
stsafe_interface_init();
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
ret = psoc6_crypto_port_init();
if (ret != 0) {
WOLFSSL_MSG("PSoC6 crypto engine init failed");
return ret;
}
#endif
#ifdef WOLFSSL_ARMASM
WOLFSSL_MSG("Using ARM hardware acceleration");
#endif
@ -219,6 +233,9 @@ int wolfCrypt_Init(void)
#endif
#ifdef HAVE_ECC
#ifdef FP_ECC
wc_ecc_fp_init();
#endif
#ifdef ECC_CACHE_CURVE
if ((ret = wc_ecc_curve_cache_init()) != 0) {
WOLFSSL_MSG("Error creating curve cache");
@ -314,8 +331,60 @@ int wolfCrypt_Cleanup(void)
return ret;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
#ifndef NO_FILESYSTEM
/* Helpful function to load file into allocated buffer */
int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
void* heap)
{
int ret;
size_t fileSz;
XFILE f;
if (fname == NULL || buf == NULL || bufLen == NULL) {
return BAD_FUNC_ARG;
}
/* set defaults */
*buf = NULL;
*bufLen = 0;
/* open file (read-only binary) */
f = XFOPEN(fname, "rb");
if (!f) {
WOLFSSL_MSG("wc_LoadFile file load error");
return BAD_PATH_ERROR;
}
XFSEEK(f, 0, SEEK_END);
fileSz = XFTELL(f);
XREWIND(f);
if (fileSz > 0) {
*bufLen = fileSz;
*buf = (byte*)XMALLOC(*bufLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (*buf == NULL) {
WOLFSSL_MSG("wc_LoadFile memory error");
ret = MEMORY_E;
}
else {
size_t readLen = XFREAD(*buf, 1, *bufLen, f);
/* check response code */
ret = (readLen == *bufLen) ? 0 : -1;
}
}
else {
ret = BUFFER_E;
}
XFCLOSE(f);
(void)heap;
return ret;
}
#if !defined(NO_WOLFSSL_DIR) && \
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
/* File Handling Helpers */
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
@ -614,7 +683,8 @@ void wc_ReadDirClose(ReadDirCtx* ctx)
#endif
}
#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#endif /* !NO_WOLFSSL_DIR */
#endif /* !NO_FILESYSTEM */
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_ZEPHYR)
XFILE z_fs_open(const char* filename, const char* perm)
@ -647,7 +717,7 @@ int z_fs_close(XFILE file)
#endif /* !NO_FILESYSTEM && !WOLFSSL_ZEPHYR */
#if !defined(WOLFSSL_USER_MUTEX)
wolfSSL_Mutex* wc_InitAndAllocMutex(void)
{
wolfSSL_Mutex* m = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), NULL,
@ -665,6 +735,7 @@ wolfSSL_Mutex* wc_InitAndAllocMutex(void)
return m;
}
#endif
#ifdef USE_WOLF_STRTOK
/* String token (delim) search. If str is null use nextp. */
@ -752,33 +823,31 @@ char* wc_strsep(char **stringp, const char *delim)
static wolfSSL_Mutex wcCryptHwMutex;
static int wcCryptHwMutexInit = 0;
int wolfSSL_CryptHwMutexInit(void) {
int wolfSSL_CryptHwMutexInit(void)
{
int ret = 0;
if(wcCryptHwMutexInit == 0) {
if (wcCryptHwMutexInit == 0) {
ret = wc_InitMutex(&wcCryptHwMutex);
if(ret == 0) {
if (ret == 0) {
wcCryptHwMutexInit = 1;
}
}
return ret;
}
int wolfSSL_CryptHwMutexLock(void) {
int wolfSSL_CryptHwMutexLock(void)
{
int ret = BAD_MUTEX_E;
/* Make sure HW Mutex has been initialized */
wolfSSL_CryptHwMutexInit();
if(wcCryptHwMutexInit) {
ret = wolfSSL_CryptHwMutexInit();
if (ret == 0) {
ret = wc_LockMutex(&wcCryptHwMutex);
}
return ret;
}
int wolfSSL_CryptHwMutexUnLock(void) {
int wolfSSL_CryptHwMutexUnLock(void)
{
int ret = BAD_MUTEX_E;
if(wcCryptHwMutexInit) {
if (wcCryptHwMutexInit) {
ret = wc_UnLockMutex(&wcCryptHwMutex);
}
return ret;
@ -1845,6 +1914,17 @@ int wolfSSL_CryptHwMutexUnLock(void) {
return 0;
}
#elif defined(WOLFSSL_USER_MUTEX)
/* Use user own mutex */
/*
int wc_InitMutex(wolfSSL_Mutex* m) { ... }
int wc_FreeMutex(wolfSSL_Mutex *m) { ... }
int wc_LockMutex(wolfSSL_Mutex *m) { ... }
int wc_UnLockMutex(wolfSSL_Mutex *m) { ... }
*/
#else
#warning No mutex handling defined

2
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/wolfmath.c
View file

@ -146,7 +146,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
if (rng == NULL) {
ret = MISSING_RNG_E;
}
else if (a == NULL) {
else if (a == NULL || digits == 0) {
ret = BAD_FUNC_ARG;
}