WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #2804 from SparkiDev/sp_cache_resist_fix 

Fix cache resist compile to work with SP C code
pull/2814/head
David Garske 2020-02-20 15:05:18 -08:00 committed by GitHub
parent da2980172b c62f31cd27
commit 49a9239cf2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 228 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
wolfcrypt/src/sp_arm32.c
View File

@ -180,12 +180,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<64 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -8487,12 +8489,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<96 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -19960,12 +19964,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<128 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -77807,12 +77813,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<8 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -86472,12 +86480,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<12 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}

30
wolfcrypt/src/sp_arm64.c
View File

@ -180,12 +180,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<32 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 64) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -5650,12 +5652,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<48 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 64) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -13190,12 +13194,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<64 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 64) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -46598,12 +46604,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<4 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 64) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -52648,12 +52656,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<6 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 64) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}

30
wolfcrypt/src/sp_armthumb.c
View File

@ -180,12 +180,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<64 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -5366,12 +5368,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<96 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -11265,12 +11269,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<128 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -20220,12 +20226,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<8 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -26028,12 +26036,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<12 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}

116
wolfcrypt/src/sp_c32.c
View File

@ -194,12 +194,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<90 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 23) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -4629,12 +4631,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<134 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 23) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -8588,12 +8592,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<196 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 21) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -13179,7 +13185,7 @@ SP_NOINLINE static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
t[ 7] = tb * a[ 7];
t[ 8] = tb * a[ 8];
t[ 9] = tb * a[ 9];
r[ 0] += (sp_digit)(t[ 0] & 0x3ffffff);
r[ 0] += (sp_digit) (t[ 0] & 0x3ffffff);
r[ 1] += (sp_digit)((t[ 0] >> 26) + (t[ 1] & 0x3ffffff));
r[ 2] += (sp_digit)((t[ 1] >> 26) + (t[ 2] & 0x3ffffff));
r[ 3] += (sp_digit)((t[ 2] >> 26) + (t[ 3] & 0x3ffffff));
@ -13189,7 +13195,7 @@ SP_NOINLINE static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
r[ 7] += (sp_digit)((t[ 6] >> 26) + (t[ 7] & 0x3ffffff));
r[ 8] += (sp_digit)((t[ 7] >> 26) + (t[ 8] & 0x3ffffff));
r[ 9] += (sp_digit)((t[ 8] >> 26) + (t[ 9] & 0x3ffffff));
r[10] += t[ 9] >> 26;
r[10] += (sp_digit) (t[ 9] >> 26);
#endif /* WOLFSSL_SP_SMALL */
}
@ -14121,11 +14127,12 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp
int map, void* heap)
{
#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
sp_point_256 td[3];
sp_digit tmpd[2 * 10 * 5];
#endif
sp_point_256 t[3];
sp_digit tmp[2 * 10 * 5];
#else
sp_point_256* t;
sp_digit* tmp;
#endif
sp_digit n;
int i;
int c, y;
@ -14134,28 +14141,21 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp
(void)heap;
#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
sp_point_256 td[3];
t = (sp_point_256*)XMALLOC(sizeof(*td) * 3, heap, DYNAMIC_TYPE_ECC);
t = (sp_point*)XMALLOC(sizeof(*t) * 3, heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
DYNAMIC_TYPE_ECC);
if (tmp == NULL)
err = MEMORY_E;
#else
t = td;
tmp = tmpd;
#endif
if (err == MP_OKAY) {
t[0] = &td[0];
t[1] = &td[1];
t[2] = &td[2];
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
/* t[1] = {g->x, g->y, g->z} * norm */
t[1].infinity = 0;
err = sp_256_mod_mul_norm_10(t[1].x, g->x, p256_mod);
}
if (err == MP_OKAY)
@ -14206,8 +14206,8 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp
XFREE(t, heap, DYNAMIC_TYPE_ECC);
}
#else
ForceZero(tmpd, sizeof(tmpd));
ForceZero(td, sizeof(td));
ForceZero(tmp, sizeof(tmp));
ForceZero(t, sizeof(t));
#endif
return err;
@ -14899,6 +14899,23 @@ static int sp_256_ecc_mulmod_base_10(sp_point_256* r, const sp_digit* k,
return sp_256_ecc_mulmod_10(r, &p256_base, k, map, heap);
}
#elif defined(WOLFSSL_SP_CACHE_RESISTANT)
/* Multiply the base point of P256 by the scalar and return the result.
* If map is true then convert result to affine coordinates.
*
* r Resulting point.
* k Scalar to multiply by.
* map Indicates whether to convert result to affine.
* heap Heap to use for allocation.
* returns MEMORY_E when memory allocation fails and MP_OKAY on success.
*/
static int sp_256_ecc_mulmod_base_10(sp_point_256* r, const sp_digit* k,
int map, void* heap)
{
/* No pre-computed values. */
return sp_256_ecc_mulmod_10(r, &p256_base, k, map, heap);
}
#else
static const sp_table_entry_256 p256_table[256] = {
/* 0 */
@ -16439,12 +16456,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<10 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 26) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -18689,7 +18708,7 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a,
t[12] = tb * a[12];
t[13] = tb * a[13];
t[14] = tb * a[14];
r[ 0] += (sp_digit)(t[ 0] & 0x3ffffff);
r[ 0] += (sp_digit) (t[ 0] & 0x3ffffff);
r[ 1] += (sp_digit)((t[ 0] >> 26) + (t[ 1] & 0x3ffffff));
r[ 2] += (sp_digit)((t[ 1] >> 26) + (t[ 2] & 0x3ffffff));
r[ 3] += (sp_digit)((t[ 2] >> 26) + (t[ 3] & 0x3ffffff));
@ -18704,7 +18723,7 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a,
r[12] += (sp_digit)((t[11] >> 26) + (t[12] & 0x3ffffff));
r[13] += (sp_digit)((t[12] >> 26) + (t[13] & 0x3ffffff));
r[14] += (sp_digit)((t[13] >> 26) + (t[14] & 0x3ffffff));
r[15] += t[14] >> 26;
r[15] += (sp_digit) (t[14] >> 26);
#endif /* WOLFSSL_SP_SMALL */
}
@ -19734,11 +19753,12 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp
int map, void* heap)
{
#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
sp_point_384 td[3];
sp_digit tmpd[2 * 15 * 6];
#endif
sp_point_384 t[3];
sp_digit tmp[2 * 15 * 6];
#else
sp_point_384* t;
sp_digit* tmp;
#endif
sp_digit n;
int i;
int c, y;
@ -19747,28 +19767,21 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp
(void)heap;
#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
sp_point_384 td[3];
t = (sp_point_384*)XMALLOC(sizeof(*td) * 3, heap, DYNAMIC_TYPE_ECC);
t = (sp_point*)XMALLOC(sizeof(*t) * 3, heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
DYNAMIC_TYPE_ECC);
if (tmp == NULL)
err = MEMORY_E;
#else
t = td;
tmp = tmpd;
#endif
if (err == MP_OKAY) {
t[0] = &td[0];
t[1] = &td[1];
t[2] = &td[2];
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
/* t[1] = {g->x, g->y, g->z} * norm */
t[1].infinity = 0;
err = sp_384_mod_mul_norm_15(t[1].x, g->x, p384_mod);
}
if (err == MP_OKAY)
@ -19819,8 +19832,8 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp
XFREE(t, heap, DYNAMIC_TYPE_ECC);
}
#else
ForceZero(tmpd, sizeof(tmpd));
ForceZero(td, sizeof(td));
ForceZero(tmp, sizeof(tmp));
ForceZero(t, sizeof(t));
#endif
return err;
@ -20512,6 +20525,23 @@ static int sp_384_ecc_mulmod_base_15(sp_point_384* r, const sp_digit* k,
return sp_384_ecc_mulmod_15(r, &p384_base, k, map, heap);
}
#elif defined(WOLFSSL_SP_CACHE_RESISTANT)
/* Multiply the base point of P384 by the scalar and return the result.
* If map is true then convert result to affine coordinates.
*
* r Resulting point.
* k Scalar to multiply by.
* map Indicates whether to convert result to affine.
* heap Heap to use for allocation.
* returns MEMORY_E when memory allocation fails and MP_OKAY on success.
*/
static int sp_384_ecc_mulmod_base_15(sp_point_384* r, const sp_digit* k,
int map, void* heap)
{
/* No pre-computed values. */
return sp_384_ecc_mulmod_15(r, &p384_base, k, map, heap);
}
#else
static const sp_table_entry_384 p384_table[256] = {
/* 0 */
@ -22562,12 +22592,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<15 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 26) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}

116
wolfcrypt/src/sp_c64.c
View File

@ -194,12 +194,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<36 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 57) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -4159,12 +4161,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<54 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 57) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -8340,12 +8344,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<78 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 53) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -13098,12 +13104,12 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a,
t[ 2] = tb * a[ 2];
t[ 3] = tb * a[ 3];
t[ 4] = tb * a[ 4];
r[ 0] += (sp_digit)(t[ 0] & 0xfffffffffffffL);
r[ 0] += (sp_digit) (t[ 0] & 0xfffffffffffffL);
r[ 1] += (sp_digit)((t[ 0] >> 52) + (t[ 1] & 0xfffffffffffffL));
r[ 2] += (sp_digit)((t[ 1] >> 52) + (t[ 2] & 0xfffffffffffffL));
r[ 3] += (sp_digit)((t[ 2] >> 52) + (t[ 3] & 0xfffffffffffffL));
r[ 4] += (sp_digit)((t[ 3] >> 52) + (t[ 4] & 0xfffffffffffffL));
r[ 5] += t[ 4] >> 52;
r[ 5] += (sp_digit) (t[ 4] >> 52);
#endif /* WOLFSSL_SP_SMALL */
}
@ -13943,11 +13949,12 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_
int map, void* heap)
{
#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
sp_point_256 td[3];
sp_digit tmpd[2 * 5 * 5];
#endif
sp_point_256 t[3];
sp_digit tmp[2 * 5 * 5];
#else
sp_point_256* t;
sp_digit* tmp;
#endif
sp_digit n;
int i;
int c, y;
@ -13956,28 +13963,21 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_
(void)heap;
#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
sp_point_256 td[3];
t = (sp_point_256*)XMALLOC(sizeof(*td) * 3, heap, DYNAMIC_TYPE_ECC);
t = (sp_point*)XMALLOC(sizeof(*t) * 3, heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
DYNAMIC_TYPE_ECC);
if (tmp == NULL)
err = MEMORY_E;
#else
t = td;
tmp = tmpd;
#endif
if (err == MP_OKAY) {
t[0] = &td[0];
t[1] = &td[1];
t[2] = &td[2];
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
/* t[1] = {g->x, g->y, g->z} * norm */
t[1].infinity = 0;
err = sp_256_mod_mul_norm_5(t[1].x, g->x, p256_mod);
}
if (err == MP_OKAY)
@ -14028,8 +14028,8 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_
XFREE(t, heap, DYNAMIC_TYPE_ECC);
}
#else
ForceZero(tmpd, sizeof(tmpd));
ForceZero(td, sizeof(td));
ForceZero(tmp, sizeof(tmp));
ForceZero(t, sizeof(t));
#endif
return err;
@ -14721,6 +14721,23 @@ static int sp_256_ecc_mulmod_base_5(sp_point_256* r, const sp_digit* k,
return sp_256_ecc_mulmod_5(r, &p256_base, k, map, heap);
}
#elif defined(WOLFSSL_SP_CACHE_RESISTANT)
/* Multiply the base point of P256 by the scalar and return the result.
* If map is true then convert result to affine coordinates.
*
* r Resulting point.
* k Scalar to multiply by.
* map Indicates whether to convert result to affine.
* heap Heap to use for allocation.
* returns MEMORY_E when memory allocation fails and MP_OKAY on success.
*/
static int sp_256_ecc_mulmod_base_5(sp_point_256* r, const sp_digit* k,
int map, void* heap)
{
/* No pre-computed values. */
return sp_256_ecc_mulmod_5(r, &p256_base, k, map, heap);
}
#else
static const sp_table_entry_256 p256_table[256] = {
/* 0 */
@ -16260,12 +16277,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<5 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 52) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -18235,14 +18254,14 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a,
t[ 4] = tb * a[ 4];
t[ 5] = tb * a[ 5];
t[ 6] = tb * a[ 6];
r[ 0] += (sp_digit)(t[ 0] & 0x7fffffffffffffL);
r[ 0] += (sp_digit) (t[ 0] & 0x7fffffffffffffL);
r[ 1] += (sp_digit)((t[ 0] >> 55) + (t[ 1] & 0x7fffffffffffffL));
r[ 2] += (sp_digit)((t[ 1] >> 55) + (t[ 2] & 0x7fffffffffffffL));
r[ 3] += (sp_digit)((t[ 2] >> 55) + (t[ 3] & 0x7fffffffffffffL));
r[ 4] += (sp_digit)((t[ 3] >> 55) + (t[ 4] & 0x7fffffffffffffL));
r[ 5] += (sp_digit)((t[ 4] >> 55) + (t[ 5] & 0x7fffffffffffffL));
r[ 6] += (sp_digit)((t[ 5] >> 55) + (t[ 6] & 0x7fffffffffffffL));
r[ 7] += t[ 6] >> 55;
r[ 7] += (sp_digit) (t[ 6] >> 55);
#endif /* WOLFSSL_SP_SMALL */
}
@ -19116,11 +19135,12 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_
int map, void* heap)
{
#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
sp_point_384 td[3];
sp_digit tmpd[2 * 7 * 6];
#endif
sp_point_384 t[3];
sp_digit tmp[2 * 7 * 6];
#else
sp_point_384* t;
sp_digit* tmp;
#endif
sp_digit n;
int i;
int c, y;
@ -19129,28 +19149,21 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_
(void)heap;
#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
sp_point_384 td[3];
t = (sp_point_384*)XMALLOC(sizeof(*td) * 3, heap, DYNAMIC_TYPE_ECC);
t = (sp_point*)XMALLOC(sizeof(*t) * 3, heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
DYNAMIC_TYPE_ECC);
if (tmp == NULL)
err = MEMORY_E;
#else
t = td;
tmp = tmpd;
#endif
if (err == MP_OKAY) {
t[0] = &td[0];
t[1] = &td[1];
t[2] = &td[2];
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
/* t[1] = {g->x, g->y, g->z} * norm */
t[1].infinity = 0;
err = sp_384_mod_mul_norm_7(t[1].x, g->x, p384_mod);
}
if (err == MP_OKAY)
@ -19201,8 +19214,8 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_
XFREE(t, heap, DYNAMIC_TYPE_ECC);
}
#else
ForceZero(tmpd, sizeof(tmpd));
ForceZero(td, sizeof(td));
ForceZero(tmp, sizeof(tmp));
ForceZero(t, sizeof(t));
#endif
return err;
@ -19894,6 +19907,23 @@ static int sp_384_ecc_mulmod_base_7(sp_point_384* r, const sp_digit* k,
return sp_384_ecc_mulmod_7(r, &p384_base, k, map, heap);
}
#elif defined(WOLFSSL_SP_CACHE_RESISTANT)
/* Multiply the base point of P384 by the scalar and return the result.
* If map is true then convert result to affine coordinates.
*
* r Resulting point.
* k Scalar to multiply by.
* map Indicates whether to convert result to affine.
* heap Heap to use for allocation.
* returns MEMORY_E when memory allocation fails and MP_OKAY on success.
*/
static int sp_384_ecc_mulmod_base_7(sp_point_384* r, const sp_digit* k,
int map, void* heap)
{
/* No pre-computed values. */
return sp_384_ecc_mulmod_7(r, &p384_base, k, map, heap);
}
#else
static const sp_table_entry_384 p384_table[256] = {
/* 0 */
@ -21943,12 +21973,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<7 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 55) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}

30
wolfcrypt/src/sp_cortexm.c
View File

@ -189,12 +189,14 @@ static void sp_2048_to_bin(sp_digit* r, byte* a)
for (i=0; i<64 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -5120,12 +5122,14 @@ static void sp_3072_to_bin(sp_digit* r, byte* a)
for (i=0; i<96 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -9868,12 +9872,14 @@ static void sp_4096_to_bin(sp_digit* r, byte* a)
for (i=0; i<128 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -18469,12 +18475,14 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
for (i=0; i<8 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}
@ -23995,12 +24003,14 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
for (i=0; i<12 && j>=0; i++) {
b = 0;
/* lint allow cast of mismatch sp_digit and int */
a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
a[j--] |= (byte)(r[i] << s); /*lint !e9033*/
b += 8 - s;
if (j < 0) {
break;
}
while (b < 32) {
a[j--] = r[i] >> b; b += 8;
a[j--] = (byte)(r[i] >> b);
b += 8;
if (j < 0) {
break;
}