Fix hard coded values in TSIP ECC verify. Fix issues with tab indentation and spelling.

2024-07-18 16:45:27 -07:00 · 2024-07-18 16:45:27 -07:00 · 4eab0f1231
parent 945a24e5b4
commit 4eab0f1231
19 changed files with 94 additions and 85 deletions
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@ -584,7 +584,7 @@ Turn on timer debugging (used when CPU cycles not available)
    #define WOLFSSL_BASE16
 #else
    #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_2048
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@ -605,7 +605,7 @@ Turn on timer debugging (used when CPU cycles not available)
        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
    #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_1024
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
    #define WOLFSSL_BASE16
 #else
    #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_2048
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
    #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_1024
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@ -132,7 +132,7 @@
 #define WOLFSSL_SHA384
 #if defined(CONFIG_IDF_TARGET_ESP8266)
-	/* Some known low-memory devices have features not enabled by default. */
+    /* Some known low-memory devices have features not enabled by default. */
 #else
    /* when you want to use SHA512 */
    #define WOLFSSL_SHA512
@ -140,7 +140,7 @@
    /* when you want to use SHA3 */
    #define WOLFSSL_SHA3
-	/* ED25519 requires SHA512 */
+    /* ED25519 requires SHA512 */
    #define HAVE_ED25519
    #define HAVE_ECC
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
    #define WOLFSSL_BASE16
 #else
    #if defined(USE_CERT_BUFFERS_2048)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_2048
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
    #elif defined(USE_CERT_BUFFERS_1024)
-    	/* Be sure to include in app when using example certs: */
+        /* Be sure to include in app when using example certs: */
        /* #include <wolfssl/certs_test.h>                     */
        #define CTX_CA_CERT          ca_cert_der_1024
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@ -250,10 +250,10 @@ extern "C" {
 /* AES */
 #undef NO_AES
 #if 1
-	#undef  HAVE_AES_CBC
+    #undef  HAVE_AES_CBC
-	#define HAVE_AES_CBC
+    #define HAVE_AES_CBC
-	#undef  HAVE_AESGCM
+    #undef  HAVE_AESGCM
    #define HAVE_AESGCM
    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
--- a/IDE/HEXAGON/user_settings.h
+++ b/IDE/HEXAGON/user_settings.h
@ -13,25 +13,25 @@
 #define USE_FAST_MATH
 #define TFM_TIMING_RESISTANT
 #ifdef HAVE_ECC
-	#define ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
 #endif
 #ifndef NO_RSA
-	#define WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
 #endif
 #if 1
-	#define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_RSA
-	#define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_HAVE_SP_ECC
-	#define WOLFSSL_SP_MATH
+    #define WOLFSSL_SP_MATH
-	#if 1
+    #if 1
-		/* ARM NEON instructions */
+        /* ARM NEON instructions */
-		#define WOLFSSL_SP_ARM64_ASM
+        #define WOLFSSL_SP_ARM64_ASM
-	#endif
+    #endif
-	#if 1
+    #if 1
-		/* Use DSP */
+        /* Use DSP */
-		#define WOLFSSL_DSP
+        #define WOLFSSL_DSP
-	#endif
+    #endif
 #endif
 #endif
--- a/IDE/M68K/README.md
+++ b/IDE/M68K/README.md
@ -34,7 +34,7 @@ BUILD_C
 RSA 2048 public 7.619 ops/sec
 RSA 2048 private 0.276 ops/sec
-###Building testwolfcryt/benchmark
+###Building testwolfcrypt/benchmark
 To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
 $(NBROOT)/lib and then cd into the respective directory. Running "make" will
 then create a .s19 application that can be ran on the board.
--- a/IDE/MCUEXPRESSO/RT1170/user_settings.h
+++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h
@ -53,7 +53,7 @@
 /* using the RTC */
 //#define NO_ASN_TIME
 #ifndef NO_ASN_TIME
-	#define FREESCALE_SNVS_RTC
+    #define FREESCALE_SNVS_RTC
 #endif
 #define NO_CRYPT_TEST
@ -64,19 +64,19 @@
    #include <stdarg.h>
    static void myPrintf(const char* fmt, ...)
    {
-	    int ret;
+        int ret;
-	    char line[150];
+        char line[150];
-	    va_list ap;
+        va_list ap;
-	    va_start(ap, fmt);
+        va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        line[sizeof(line)-1] = '\0';
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
-	    /* add CR on newlines */
+        /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
+        if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+            DbgConsole_Printf("\r");
        }
    }
    #define XPRINTF myPrintf
--- a/IDE/MCUEXPRESSO/user_settings.h
+++ b/IDE/MCUEXPRESSO/user_settings.h
@ -40,19 +40,19 @@
    #include <stdarg.h>
    static void myPrintf(const char* fmt, ...)
    {
-	    int ret;
+        int ret;
-	    char line[150];
+        char line[150];
-	    va_list ap;
+        va_list ap;
-	    va_start(ap, fmt);
+        va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        line[sizeof(line)-1] = '\0';
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
-	    /* add CR on newlines */
+        /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
+        if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+            DbgConsole_Printf("\r");
        }
    }
    #define XPRINTF myPrintf
@ -70,9 +70,9 @@
 #define USE_FAST_MATH
 #ifdef USE_FAST_MATH
    /* big enough for even 4096 bit RSA key */
-	#define FP_MAX_BITS 8192
+    #define FP_MAX_BITS 8192
-	#define TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
-	#define ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
    #define ALT_ECC_SIZE
 #endif
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@ -78,7 +78,7 @@ typedef int socklen_t ;
 #define tcp_listen      wolfssl_tcp_listen
 #define tcp_select     wolfssl_tcp_select
-extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, 	int sz) ;
+extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, int sz) ;
 extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
 extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
 extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);
--- a/IDE/MSVS-2019-AZSPHERE/user_settings.h
+++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h
@ -31,9 +31,9 @@
    #ifndef SERVER_IP
        #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
    #endif
-	#ifndef DEFAULT_PORT
+    #ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
+        #define DEFAULT_PORT 11111
-	#endif
+    #endif
    #define CERT         ca_cert_der_2048
    #define SIZEOF_CERT  sizeof_ca_cert_der_2048
    static const char msg[] = "Are you listening wolfSSL Server?";
@ -41,9 +41,9 @@
    #ifndef SERVER_IP
        #define SERVER_IP "www.wolfssl.com"
    #endif
-	#ifndef DEFAULT_PORT
+    #ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
+        #define DEFAULT_PORT 443
-	#endif
+    #endif
    #define CERT         wolfssl_website_root_ca
    #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
    static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
@ -245,7 +245,7 @@
     */
    #define WOLFSSL_RENESAS_TSIP_TLS
-	#if !defined(NO_RENESAS_TSIP_CRYPT)
+    #if !defined(NO_RENESAS_TSIP_CRYPT)
        #define HAVE_PK_CALLBACKS
        #define WOLF_CRYPTO_CB
        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
--- a/IDE/STM32Cube/wolfssl_example.h
+++ b/IDE/STM32Cube/wolfssl_example.h
@ -27,7 +27,7 @@
 #endif
 #ifndef WOLFSSL_USER_SETTINGS
-	#include <wolfssl/options.h>
+    #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
--- a/IDE/VS-AZURE-SPHERE/user_settings.h
+++ b/IDE/VS-AZURE-SPHERE/user_settings.h
@ -7,9 +7,9 @@
    #ifndef SERVER_IP
        #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
    #endif
-	#ifndef DEFAULT_PORT
+    #ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
+        #define DEFAULT_PORT 11111
-	#endif
+    #endif
    #define CERT         ca_cert_der_2048
    #define SIZEOF_CERT  sizeof_ca_cert_der_2048
    static const char msg[] = "Are you listening wolfSSL Server?";
@ -17,9 +17,9 @@
    #ifndef SERVER_IP
        #define SERVER_IP "www.wolfssl.com"
    #endif
-	#ifndef DEFAULT_PORT
+    #ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
+        #define DEFAULT_PORT 443
-	#endif
+    #endif
    #define CERT         wolfssl_website_root_ca
    #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
    static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
--- a/IDE/iotsafe/devices.h
+++ b/IDE/iotsafe/devices.h
@ -95,8 +95,8 @@
 #define FLASH_ACR_LATENCY_MASK (0x03)
 /* RCC: Periph enable flags */
-#define USART1_APB2_CLOCK_ER_VAL 	(1 << 14)
+#define USART1_APB2_CLOCK_ER_VAL    (1 << 14)
-#define USART2_APB1_CLOCK_ER_VAL 	(1 << 17)
+#define USART2_APB1_CLOCK_ER_VAL    (1 << 17)
 #define PWR_APB1_CLOCK_ER_VAL       (1 << 28)
 #define GPIOA_AHB2_CLOCK_ER_VAL     (1 << 0)
 #define GPIOB_AHB2_CLOCK_ER_VAL     (1 << 1)
@ -208,11 +208,11 @@
 #define SYSTICK_CALIB   (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
-/* STMod+ connector pinout 
+/* STMod+ connector pinout
 *
 * Connector            STM32L4
 * pins                 pins
- * 
+ *
 * 1      11            PG11    PH2
 * 2      12            PB6     PB2
 * 3      13            PG10    PA4
@ -243,7 +243,7 @@ void stmod_modem_disable(void);
 /* inline functions for GPIO */
 static inline void gpio_set(uint32_t port, uint32_t pin)
 {
-    GPIO_BSSR(port) |= (1 << pin);   
+    GPIO_BSSR(port) |= (1 << pin);
 }
 static inline void gpio_clear(uint32_t port, uint32_t pin)
--- a/mqx/wolfssl_client/Sources/main.h
+++ b/mqx/wolfssl_client/Sources/main.h
@ -15,7 +15,7 @@
 #include <wolfssl/ssl.h>
-#define MAIN_TASK 	1
+#define MAIN_TASK 1
 extern void Main_task(uint32_t);
 extern void setup_ethernet(void);
@ -34,10 +34,10 @@ static inline void err_sys(const char* msg)
        _mqx_exit(1);
 }
-/* PPP device must be set manually and 
+/* PPP device must be set manually and
 * must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL)
 */
-#define PPP_DEVICE      "ittyb:" 
+#define PPP_DEVICE      "ittyb:"
 /*
 * Define PPP_DEVICE_DUN only when using PPP to communicate
@ -54,7 +54,7 @@ static inline void err_sys(const char* msg)
    #define ENET_IPMASK   IPADDR(255,255,255,0)
 #endif
-#define GATE_IPADDR		  IPADDR(192,168,1,1)
+#define GATE_IPADDR       IPADDR(192,168,1,1)
 #endif /* __main_h_ */
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@ -2672,6 +2672,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
        if (ret != TSIP_SUCCESS) {
            WOLFSSL_MSG("RENESAS TSIP Open failed");
        }
    #if defined(WOLFSSL_RENESAS_TSIP_TLS)
        if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
@ -2698,11 +2699,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
                if (ret != TSIP_SUCCESS) {
                    WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
                }
-                    /* init vars */
+
                /* init vars */
                g_CAscm_Idx = (uint32_t)-1;
            }
        }
    #endif
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
        ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
@ -2732,7 +2735,8 @@ WOLFSSL_LOCAL int tsip_Open(void)
                if (ret != TSIP_SUCCESS) {
                    WOLFSSL_MSG("R_TSIP_(Re)Open failed");
                }
-                 /* init vars */
+
                /* init vars */
                g_CAscm_Idx = (uint32_t)-1;
            }
        }
@ -4037,7 +4041,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
    tsip_ecdsa_byte_data_t hashData, sigData;
    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
     * if using SHA2-256 with ECDSA SECP384R1 */
-    uint8_t hash[48];
+    uint8_t hash[TSIP_MAX_ECC_BYTES];
    WOLFSSL_ENTER("tsip_VerifyEcdsa");
@ -4053,6 +4057,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
    }
    if (ret == 0) {
        int curveSz = info->pk.eccverify.key->dp->size;
        hashData.pdata      = (uint8_t*)hash;
        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
        sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
@ -4063,8 +4068,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
            #if !defined(NO_ECC256)
                case TSIP_KEY_TYPE_ECDSAP256:
                    /* zero pad or truncate */
-                    hashData.data_length = tsip_HashPad(32, hash,
+                    hashData.data_length = tsip_HashPad(curveSz,
-                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+                        hash, info->pk.eccverify.hash,
                        info->pk.eccverify.hashlen);
                    err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
                        &hashData, &tuc->eccpub_keyIdx);
@ -4081,8 +4087,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
            #if defined(HAVE_ECC384)
                case TSIP_KEY_TYPE_ECDSAP384:
                    /* zero pad or truncate */
-                    hashData.data_length = tsip_HashPad(48, hash,
+                    hashData.data_length = tsip_HashPad(curveSz,
-                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+                        hash, info->pk.eccverify.hash,
                        info->pk.eccverify.hashlen);
                    err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
                        &hashData, &tuc->eccpub_keyIdx);
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
@ -31,7 +31,7 @@
    #define FSPSM_W_KEYVAR          renesas_sce_wrappedkey
    #define FSPSM_tls_flg_ST        sce_keyflgs_tls
-    #define FSPSM_key_flg_ST        sce_keyflgs_cryt
+    #define FSPSM_key_flg_ST        sce_keyflgs_crypt
    #define FSPSM_tag_ST            tagUser_SCEPKCbInfo
    #define FSPSM_ST                User_SCEPKCbInfo
    #define FSPSM_ST_PKC            SCE_PKCbInfo
@ -171,7 +171,7 @@
    /* structure, type so on */
    #define FSPSM_W_KEYVAR          renesas_rsip_wrappedkey
    #define FSPSM_tls_flg_ST        rsip_keyflgs_tls
-    #define FSPSM_key_flg_ST        rsip_keyflgs_cryt
+    #define FSPSM_key_flg_ST        rsip_keyflgs_crypt
    #define FSPSM_tag_ST            tagUser_RSIPPKCbInfo
    #define FSPSM_ST                User_RSIPPKCbInfo
    #define FSPSM_ST_PKC            RSIP_PKCbInfo
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@ -59,7 +59,7 @@ extern "C" {
 typedef enum {
    WOLFSSL_TSIP_NOERROR = 0,
    WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
-}wolfssl_tsip_error_number;
+} wolfssl_tsip_error_number;
 typedef enum {
    tsip_Key_SESSION = 1,
@ -92,6 +92,8 @@ enum {
    TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
    TSIP_TLS_MAX_SIGDATA_SZ    = 130,
    TSIP_TEMP_WORK_SIZE        = 128,
    TSIP_MAX_ECC_BYTES         = 48,
 };
 typedef enum {
@ -133,7 +135,7 @@ typedef struct MsgBag
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 /* flags Crypt Only */
-struct tsip_keyflgs_cryt {
+struct tsip_keyflgs_crypt {
    uint32_t aes256_key_set:1;
    uint32_t aes128_key_set:1;
    uint32_t rsapri2048_key_set:1;
@ -319,7 +321,7 @@ typedef struct TsipUserCtx {
    /* flags shows status if tsip keys are installed */
    union {
        uint32_t chr;
-        struct tsip_keyflgs_cryt bits;
+        struct tsip_keyflgs_crypt bits;
    } keyflgs_crypt;
 #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */