WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Single Precision maths for RSA (and DH) 

Single Precision ECC implementation
pull/1103/head
Sean Parkinson 2017-08-10 17:27:22 +10:00
parent 130e026139
commit 90f8f67982
16 changed files with 66492 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
certs/client-cert-3072.pem 100644
View File

@ -0,0 +1,108 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c9:72:2a:eb:e8:4a:47:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Aug 11 05:14:40 2017 GMT
Not After : May 7 05:14:40 2020 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:c1:00:b0:1a:0a:ba:88:03:cc:92:d6:f7:2e:0d:
ad:be:60:f4:a4:53:a3:dc:f9:b6:48:6c:21:33:cf:
7c:a0:c5:35:37:1a:5f:7e:65:33:07:b4:9a:d1:2e:
b2:ed:35:a1:c8:67:b3:db:39:05:8d:aa:81:74:00:
85:22:72:f8:7d:39:47:53:00:56:71:cf:82:d7:fc:
a2:7d:a0:6e:10:a2:96:db:cc:8e:e4:2d:9d:9d:5b:
4a:43:5e:cb:3d:48:72:af:f4:6a:da:34:2f:ed:99:
c1:1b:fb:4c:56:8a:a0:66:8c:fb:5d:10:d5:5b:0f:
96:04:d9:c5:b1:55:f5:88:76:db:d3:da:a1:dc:e9:
ee:d1:67:dd:bf:54:50:07:ef:2f:79:fb:4e:59:2a:
bf:92:0d:80:6f:7b:ec:79:65:9a:c3:08:c0:4f:c6:
6b:33:bf:9d:4d:af:f9:83:af:25:42:4c:93:f1:9f:
d6:33:7d:d4:85:2a:77:44:1d:1f:ca:d3:22:ab:69:
50:35:d8:47:3e:f7:9c:a8:e3:f9:84:60:9e:36:10:
02:5c:9c:1f:33:1c:e6:bb:d0:5f:28:63:27:4c:b5:
1c:71:b3:f4:7a:33:aa:45:70:a9:54:88:70:07:0e:
45:4f:b1:7f:2a:fd:bf:31:da:97:96:c8:55:49:f2:
c3:b6:e6:08:78:ca:40:8b:2e:5d:8e:4e:6c:65:6b:
57:f4:1d:ee:41:b6:ed:24:0d:38:f2:40:bd:7d:59:
6b:c5:d6:67:e2:12:9b:10:05:fe:eb:40:1d:c5:73:
75:ac:e9:9c:07:63:72:e4:c5:04:fe:c9:17:13:bf:
04:02:0e:44:e9:9d:59:6e:7e:63:38:e6:db:31:21:
28:5e:82:20:36:ad:26:fe:ba:6d:af:57:2e:32:aa:
a6:2c:54:b4:25:50:11:ac:25:8b:84:1b:7b:5d:ae:
df:e1:c4:32:3a:b4:60:6c:16:ef:9c:2c:a8:67:d0:
53:f5:c8:97:9a:9e:81:25:e6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95
X509v3 Authority Key Identifier:
keyid:FA:B8:8A:0E:1D:E7:2B:22:BA:2D:F4:54:DD:7E:D4:63:8A:AB:E7:95
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:C9:72:2A:EB:E8:4A:47:E7
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
b3:20:83:3d:56:e2:b9:a6:8f:a9:46:fe:ad:9f:c7:d5:e2:dc:
db:78:1e:4c:ca:d5:bd:38:5d:20:bc:18:f9:a0:33:7e:09:df:
89:61:15:85:6d:80:78:3d:b4:6b:30:e6:f3:8a:8f:b2:5d:a0:
6b:41:51:24:1c:4c:5e:db:0d:af:6d:56:12:1b:91:01:ed:0e:
1c:1a:15:95:8f:99:1f:7f:e7:65:e7:0a:fe:24:0c:e0:a1:1f:
16:7f:55:2e:48:98:97:3f:98:a7:90:1f:20:ec:b6:16:fa:2a:
d2:91:3a:5f:83:df:cd:a3:51:37:19:69:c3:be:c9:35:bb:32:
47:e9:e5:30:1f:cd:27:ac:4d:05:31:d9:06:33:5c:6e:f5:bb:
22:b6:7c:68:3d:82:f2:c0:2e:00:34:d9:ed:ba:fc:f5:39:04:
53:32:b7:bb:ff:c6:a1:bc:50:8e:d5:43:b6:48:07:8b:3d:47:
4a:f7:22:f1:c3:4d:3d:db:d4:ca:e6:77:4d:94:7c:79:36:df:
81:de:a7:fc:24:0e:7c:ec:72:2e:4d:b2:dc:7c:93:98:29:62:
8b:67:0a:dd:c5:2f:ea:e1:b0:1d:d2:9d:91:74:30:3f:14:10:
03:95:36:1b:02:2a:84:22:51:fa:26:fb:a4:a7:a7:d0:3f:12:
0d:bc:14:c8:cd:60:a1:53:44:e3:5b:7a:63:ee:3e:50:f8:4a:
ea:0a:2e:c2:9d:69:0c:4b:c6:ea:cd:b2:0d:d0:de:13:09:c9:
f9:d5:7c:e4:f4:b1:55:8f:59:9e:86:b9:51:77:ad:35:06:35:
fa:2c:76:06:41:b9:21:13:dd:94:02:34:66:e0:21:86:8e:08:
9d:06:71:f2:bc:c3:34:10:ff:3d:d4:0c:70:8a:3c:bb:8a:ea:
af:a1:b3:63:78:95:e4:c8:54:3c:87:c5:b4:97:7a:19:a3:59:
75:ac:d6:5b:48:47:55:e8:24:20:fa:e8:2b:66:5d:6a:17:47:
ce:38:93:a7:d1:ed
-----BEGIN CERTIFICATE-----
MIIFyjCCBDKgAwIBAgIJAMlyKuvoSkfnMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw
FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
ZnNzbC5jb20wHhcNMTcwODExMDUxNDQwWhcNMjAwNTA3MDUxNDQwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQCwGgq6
iAPMktb3Lg2tvmD0pFOj3Pm2SGwhM898oMU1NxpffmUzB7Sa0S6y7TWhyGez2zkF
jaqBdACFInL4fTlHUwBWcc+C1/yifaBuEKKW28yO5C2dnVtKQ17LPUhyr/Rq2jQv
7ZnBG/tMVoqgZoz7XRDVWw+WBNnFsVX1iHbb09qh3Onu0Wfdv1RQB+8veftOWSq/
kg2Ab3vseWWawwjAT8ZrM7+dTa/5g68lQkyT8Z/WM33UhSp3RB0fytMiq2lQNdhH
PvecqOP5hGCeNhACXJwfMxzmu9BfKGMnTLUccbP0ejOqRXCpVIhwBw5FT7F/Kv2/
MdqXlshVSfLDtuYIeMpAiy5djk5sZWtX9B3uQbbtJA048kC9fVlrxdZn4hKbEAX+
60AdxXN1rOmcB2Ny5MUE/skXE78EAg5E6Z1Zbn5jOObbMSEoXoIgNq0m/rptr1cu
MqqmLFS0JVARrCWLhBt7Xa7f4cQyOrRgbBbvnCyoZ9BT9ciXmp6BJebHAgMBAAGj
ggEHMIIBAzAdBgNVHQ4EFgQU+riKDh3nKyK6LfRU3X7UY4qr55UwgdMGA1UdIwSB
yzCByIAU+riKDh3nKyK6LfRU3X7UY4qr55WhgaSkgaEwgZ4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3
b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM
D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
bYIJAMlyKuvoSkfnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBALMg
gz1W4rmmj6lG/q2fx9Xi3Nt4HkzK1b04XSC8GPmgM34J34lhFYVtgHg9tGsw5vOK
j7JdoGtBUSQcTF7bDa9tVhIbkQHtDhwaFZWPmR9/52XnCv4kDOChHxZ/VS5ImJc/
mKeQHyDsthb6KtKROl+D382jUTcZacO+yTW7Mkfp5TAfzSesTQUx2QYzXG71uyK2
fGg9gvLALgA02e26/PU5BFMyt7v/xqG8UI7VQ7ZIB4s9R0r3IvHDTT3b1Mrmd02U
fHk234Hep/wkDnzsci5Nstx8k5gpYotnCt3FL+rhsB3SnZF0MD8UEAOVNhsCKoQi
Ufom+6Snp9A/Eg28FMjNYKFTRONbemPuPlD4SuoKLsKdaQxLxurNsg3Q3hMJyfnV
fOT0sVWPWZ6GuVF3rTUGNfosdgZBuSET3ZQCNGbgIYaOCJ0GcfK8wzQQ/z3UDHCK
PLuK6q+hs2N4leTIVDyHxbSXehmjWXWs1ltIR1XoJCD66CtmXWoXR844k6fR7Q==
-----END CERTIFICATE-----

40
certs/client-key-3072.pem 100644
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDBALAaCrqIA8yS
1vcuDa2+YPSkU6Pc+bZIbCEzz3ygxTU3Gl9+ZTMHtJrRLrLtNaHIZ7PbOQWNqoF0
AIUicvh9OUdTAFZxz4LX/KJ9oG4QopbbzI7kLZ2dW0pDXss9SHKv9GraNC/tmcEb
+0xWiqBmjPtdENVbD5YE2cWxVfWIdtvT2qHc6e7RZ92/VFAH7y95+05ZKr+SDYBv
e+x5ZZrDCMBPxmszv51Nr/mDryVCTJPxn9YzfdSFKndEHR/K0yKraVA12Ec+95yo
4/mEYJ42EAJcnB8zHOa70F8oYydMtRxxs/R6M6pFcKlUiHAHDkVPsX8q/b8x2peW
yFVJ8sO25gh4ykCLLl2OTmxla1f0He5Btu0kDTjyQL19WWvF1mfiEpsQBf7rQB3F
c3Ws6ZwHY3LkxQT+yRcTvwQCDkTpnVlufmM45tsxIShegiA2rSb+um2vVy4yqqYs
VLQlUBGsJYuEG3tdrt/hxDI6tGBsFu+cLKhn0FP1yJeanoEl5scCAwEAAQKCAYA4
2WMFyLM47SWM+xTD0/OhaB2naZuSs1sl6fO9txgWowARwwrtyBFH68LOatr5VBrb
VPB9WkZwfBC1gpG0m/jlqcGAiVDtJRp9VETojCDfdYTKKW7Nd0I93234eiuTWYuu
mGgA7e5QJkHjZBoQQ7ULf+tqdlLiB61AsISyv4cbMyd9N6EF2UInHFkMymDodWOe
oo9pZFYZRzDVpcL53xu+5wz+couRKpfDElqEl0p6ROQu/82wTRgUQXXv8kQzEg1Z
Ccm9D66IPLHviG19utUSNll2Fq3i7V88It+NFzBp4yzNvoXOiUFWwDoqHUve2ifV
UDKITEE8Zh3Cm/UGdbNk+lkMOu5tmE0l1tOe2F+9RAjB1SnN8qxMqgMnmftEKYja
3Do9feU0H2ZmKfK6dfECB7NsuVg9mI66Dew0rjQJ0oRG1+qqvPgHROcVnMBMmeU1
bsF2yV2RWCc/4RFuAEi0VM2SgYOst5Voa+Os15rFxZ3APC+FqDmzYyyKVfXpgMEC
gcEA7NuwxVGiseKGVZXG1/JJm86hCNkyAFMx1soGQDXyCZfTKFTwuJr+rImkOLnj
J8i5cGa8v8E8obH/bMeM6hI8qsJ5jr1yHluZBGOy+VNmeV1pCLpCeXF/enn9gTq4
m+X6SCxCn/SQdnr1Z5HT9yTcsWSzKk+T7uVKCZomfmBJyK3hhYsUsCaE0eQjgGfm
yY/HKFVni/wmYLxnDwrMNtIK6aBA3cRrUr8MG8DZDVdourXMUo+G61kEaAV2Wu2R
QrEzAoHBANCZrjOcPOZ5ojRmvqIiwX39U5Ucu9gkYvi63fJgzUcZKoH67D4pK1T7
lvQ93hVnno0tKW16+lUS7EkQs4xmSPK07jQn0xYOkTcBnu4b/lkSIaFouecFd+ls
XKlMz9VR91s89Hnuz0qXL7gpO2D9/bfonAXTsQyyTgNK3opwA4J0AKT+9PUTehGe
pT7OtupGMh7osuNzX7v/9L5VBz24ZOiI35yypOnK/DHJDKzXnXGBxHhEwmdAQe0T
BKMQ8nDcHQKBwQDCdCpQFJFpUPvQT8KLj1J3I9B5Hzc5pROJrxoqpR8sWQT2W6W1
KSpkJCw6lgGzq8rySKY1F0Pby/JTMBC0Kny8BCUf1tBVtAWP4PoSTzIV+WY90Ay6
/z8VIgnJipf9BXXQwuV/xJzFaHUIrmRCxnSY/n9JAUQGISADehaYMhzhMD+yD1jQ
tQ7d8lpjFOoYGH380wDLoBsx1/sUEl1NtGtZGkOmzZb+u/II5u5LUbOddZtlPIgb
t10yuSlNxTQ4eJkCgcEAgxbg23wm5Wuw3J9o03lmAWgOe5mIDqenLso4KlZdCn4t
MWvfxJyYp5pH3gt3IhpxECU+cJek84ulw7DkNKoe06+SNmKEi8rxxRCWsOoUqCL1
0Xp/wUe1eJJplNc5kMQm30ZqGKpTyHtEOMZok2ZqaIWcbyj+jY0L65PEUFleSz/d
G9NBWzY3MxVwoQzE9GrSmov/x2I82mdahbXnjAjyGRPS+qVlb6rpW9wNxBzny2oS
bsY/KSW/iF24P0WqJfSdAoHBAMrAqYYkbFVboqKXci8ngzrBIPTweUaQetseywd3
EsBoCuIub/zOHrXPyEHpQpsWBoyCs7/wFy+e2E8qWJ9GBqVaUdpO1PQbgDBTg3C4
lx91pXJ9wHFFMX7evHYLFLLce6ofhrRDch97aFvdDP0dB7fh32FRUyJzPQwVXOcL
OEyaN2q+5mTLVIohiiryb6SmsD2qbAzym32/826Fku2zwX8j2xdCP/AkdnIPz/L0
H3pgMZYSzYmd0dbSva225DqVew==
-----END PRIVATE KEY-----

18
certs/renewcerts.sh
View File

@ -54,6 +54,24 @@ function run_renewcerts(){
openssl x509 -in client-cert.pem -text > tmp.pem openssl x509 -in client-cert.pem -text > tmp.pem
mv tmp.pem client-cert.pem mv tmp.pem client-cert.pem
############################################################
#### update the self-signed (3072-bit) client-cert.pem #####
############################################################
echo "Updating 3072-bit client-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL_3072\nProgramming-3072\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -nodes -out client-cert-3072.csr
openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem
rm client-cert-3072.csr
openssl x509 -in client-cert-3072.pem -text > tmp.pem
mv tmp.pem client-cert-3072.pem
############################################################ ############################################################
#### update the self-signed (1024-bit) client-cert.pem ##### #### update the self-signed (1024-bit) client-cert.pem #####
############################################################ ############################################################

105
configure.ac
View File

@ -111,6 +111,7 @@ OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer" OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET" OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
COVERAGE_CFLAGS="--coverage"
LIB_ADD= LIB_ADD=
LIB_STATIC_ADD= LIB_STATIC_ADD=
@ -129,6 +130,12 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# COVERAGE
AX_COVERAGE
AS_IF([test "$ax_enable_coverage" = "yes"],
[AM_CFLAGS="$COVERAGE_CFLAGS $AM_CFLAGS"])
# Distro build feature subset (Debian, Ubuntu, etc.) # Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro], AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
@ -3197,6 +3204,102 @@ AC_ARG_WITH([intelqa],
AM_CONDITIONAL([BUILD_INTEL_QA], [test "x$ENABLED_INTEL_QA" = "xyes"]) AM_CONDITIONAL([BUILD_INTEL_QA], [test "x$ENABLED_INTEL_QA" = "xyes"])
# Single Precision maths implementation
AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
[ ENABLED_SP=$enableval ],
[ ENABLED_SP=yes ],
)
for v in `echo $ENABLED_SP | tr "," " "`
do
case $v in
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
yes)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
no)
;;
smallec256 | smallp256 | small256)
ENABLED_SP_ECC=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
;;
ec256 | p256 | 256)
ENABLED_SP_ECC=yes
;;
small2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
2048)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
smallrsa2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
rsa2048)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
small3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
3072)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
smallrsa3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
rsa3072)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
esac
done
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SP_ECC" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
fi
AM_CONDITIONAL([BUILD_SP], [test "x$ENABLED_SP" = "xyes"])
# Fast RSA using Intel IPP # Fast RSA using Intel IPP
ippdir="${srcdir}/IPP" ippdir="${srcdir}/IPP"
@ -3891,6 +3994,7 @@ echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS" echo " * CCAS Flags: $CCASFLAGS"
echo " * LIB Flags: $LIB" echo " * LIB Flags: $LIB"
echo " * Debug enabled: $ax_enable_debug" echo " * Debug enabled: $ax_enable_debug"
echo " * Coverage enabled: $ax_enable_coverage"
echo " * Warnings as failure: $ac_cv_warnings_as_errors" echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver" echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout" echo " * VCS checkout: $ac_cv_vcs_checkout"
@ -4004,6 +4108,7 @@ echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES" echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO" echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA" echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Single Precision: $ENABLED_SP"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT" echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo " * Cavium: $ENABLED_CAVIUM" echo " * Cavium: $ENABLED_CAVIUM"
echo " * ARM ASM: $ENABLED_ARMASM" echo " * ARM ASM: $ENABLED_ARMASM"

3
src/include.am
View File

@ -91,6 +91,9 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif endif
endif endif
endif endif
if BUILD_SP
src_libwolfssl_la_SOURCES += wolfcrypt/src/sp.c
endif
if BUILD_AES if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c

53
wolfcrypt/benchmark/benchmark.c
View File

@ -2674,6 +2674,7 @@ void bench_rsa(int doAsync)
} }
} }
#ifndef BENCHMARK_RSA_SIGN_VERIFY
/* begin public RSA */ /* begin public RSA */
bench_stats_start(&count, &start); bench_stats_start(&count, &start);
do { do {
@ -2724,6 +2725,58 @@ exit_rsa_pub:
} while (bench_stats_sym_check(start)); } while (bench_stats_sym_check(start));
exit: exit:
bench_stats_asym_finish("RSA", rsaKeySz, "private", doAsync, count, start, ret); bench_stats_asym_finish("RSA", rsaKeySz, "private", doAsync, count, start, ret);
#else
/* begin public RSA */
bench_stats_start(&count, &start);
do {
for (times = 0; times < ntimes || pending > 0; ) {
bench_async_poll(&pending);
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, &times, ntimes, &pending)) {
ret = wc_RsaSSL_Sign(message, len, enc[i],
RSA_BUF_SIZE, &rsaKey[i], &rng);
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, &times, &pending)) {
goto exit_rsa_pub;
}
}
} /* for i */
} /* for times */
count += times;
} while (bench_stats_sym_check(start));
exit_rsa_pub:
bench_stats_asym_finish("RSA", rsaKeySz, "private", doAsync, count, start, ret);
if (ret < 0) {
goto exit;
}
/* capture resulting encrypt length */
idx = rsaKeySz/8;
/* begin private async RSA */
bench_stats_start(&count, &start);
do {
for (times = 0; times < ntimes || pending > 0; ) {
bench_async_poll(&pending);
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, &times, ntimes, &pending)) {
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
RSA_BUF_SIZE, &rsaKey[i]);
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, &times, &pending)) {
goto exit;
}
}
} /* for i */
} /* for times */
count += times;
} while (bench_stats_sym_check(start));
exit:
bench_stats_asym_finish("RSA", rsaKeySz, "public", doAsync, count, start, ret);
#endif
/* cleanup */ /* cleanup */
for (i = 0; i < BENCH_MAX_PENDING; i++) { for (i = 0; i < BENCH_MAX_PENDING; i++) {

1
wolfcrypt/src/cpuid.c
View File

@ -86,6 +86,7 @@
if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; } if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; }
if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; } if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; }
if (cpuid_flag(1, 0, ECX, 26)) { cpuid_flags |= CPUID_AESNI ; } if (cpuid_flag(1, 0, ECX, 26)) { cpuid_flags |= CPUID_AESNI ; }
if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX ; }
cpuid_check = 1; cpuid_check = 1;
} }
} }

48
wolfcrypt/src/dh.c
View File

@ -32,6 +32,10 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_HAVE_SP_DH
#include <wolfssl/wolfcrypt/sp.h>
#endif
#ifdef NO_INLINE #ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h> #include <wolfssl/wolfcrypt/misc.h>
#else #else
@ -611,6 +615,17 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
mp_int x; mp_int x;
mp_int y; mp_int y;
#ifdef WOLFSSL_HAVE_SP_DH
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->p) == 2048)
return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
#endif
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->p) == 3072)
return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
#endif
#endif
if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY) if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
return MP_INIT_E; return MP_INIT_E;
@ -794,6 +809,39 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
return DH_CHECK_PUB_E; return DH_CHECK_PUB_E;
} }
#ifdef WOLFSSL_HAVE_SP_DH
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->p) == 2048) {
if (mp_init(&y) != MP_OKAY)
return MP_INIT_E;
if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0)
ret = sp_DhExp_2048(&y, priv, privSz, &key->p, agree, agreeSz);
mp_clear(&y);
return ret;
}
#endif
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->p) == 3072) {
if (mp_init(&y) != MP_OKAY)
return MP_INIT_E;
if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
ret = MP_READ_E;
if (ret == 0)
ret = sp_DhExp_3072(&y, priv, privSz, &key->p, agree, agreeSz);
mp_clear(&y);
return ret;
}
#endif
#endif
if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY) if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
return MP_INIT_E; return MP_INIT_E;

135
wolfcrypt/src/ecc.c
View File

@ -99,6 +99,10 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
#ifdef WOLFSSL_HAVE_SP_ECC
#include <wolfssl/wolfcrypt/sp.h>
#endif
#ifdef HAVE_ECC_ENCRYPT #ifdef HAVE_ECC_ENCRYPT
#include <wolfssl/wolfcrypt/hmac.h> #include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
@ -2749,6 +2753,16 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
} }
#endif #endif
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
if (private_key->idx != ECC_CUSTOM_IDX &&
ecc_sets[private_key->idx].id == ECC_SECP256R1) {
err = sp_ecc_secret_gen_256(k, point, out, outlen, private_key->heap);
}
else
#endif
#endif
{
/* make new point */ /* make new point */
result = wc_ecc_new_point_h(private_key->heap); result = wc_ecc_new_point_h(private_key->heap);
if (result == NULL) { if (result == NULL) {
@ -2759,8 +2773,8 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
return MEMORY_E; return MEMORY_E;
} }
err = wc_ecc_mulmod_ex(k, point, result, err = wc_ecc_mulmod_ex(k, point, result, curve->Af, curve->prime, 1,
curve->Af, curve->prime, 1, private_key->heap); private_key->heap);
if (err == MP_OKAY) { if (err == MP_OKAY) {
x = mp_unsigned_bin_size(curve->prime); x = mp_unsigned_bin_size(curve->prime);
if (*outlen < x) { if (*outlen < x) {
@ -2776,6 +2790,7 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
*outlen = x; *outlen = x;
wc_ecc_del_point_h(result, private_key->heap); wc_ecc_del_point_h(result, private_key->heap);
}
#ifdef HAVE_ECC_CDH #ifdef HAVE_ECC_CDH
if (k == &k_lcl) if (k == &k_lcl)
mp_clear(k); mp_clear(k);
@ -3054,12 +3069,22 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
#endif #endif
} }
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
if (err == MP_OKAY)
err = sp_ecc_mulmod_base_256(&key->k, pub, 1, key->heap);
}
else
#endif
#endif
{
if (err == MP_OKAY) { if (err == MP_OKAY) {
base = wc_ecc_new_point_h(key->heap); base = wc_ecc_new_point_h(key->heap);
if (base == NULL) if (base == NULL)
err = MEMORY_E; err = MEMORY_E;
} }
/* read in the x/y for this key */ /* read in the x/y for this key */
if (err == MP_OKAY) if (err == MP_OKAY)
err = mp_copy(curve->Gx, base->x); err = mp_copy(curve->Gx, base->x);
@ -3069,11 +3094,14 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
err = mp_set(base->z, 1); err = mp_set(base->z, 1);
/* make the public key */ /* make the public key */
if (err == MP_OKAY) if (err == MP_OKAY) {
err = wc_ecc_mulmod_ex(&key->k, base, pub, err = wc_ecc_mulmod_ex(&key->k, base, pub, curve->Af, curve->prime,
curve->Af, curve->prime, 1, key->heap); 1, key->heap);
}
wc_ecc_del_point_h(base, key->heap); wc_ecc_del_point_h(base, key->heap);
}
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
/* validate the public key, order * pubkey = point at infinity */ /* validate the public key, order * pubkey = point at infinity */
if (err == MP_OKAY) if (err == MP_OKAY)
@ -3164,12 +3192,21 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
#ifdef WOLFSSL_ATECC508A #ifdef WOLFSSL_ATECC508A
key->type = ECC_PRIVATEKEY; key->type = ECC_PRIVATEKEY;
err = atcatls_create_key(key->slot, key->pubkey); err = atcatls_create_key(key->slot, key->pubkey);
if (err != ATCA_SUCCESS) { if (err != ATCA_SUCCESS)
err = BAD_COND_E; err = BAD_COND_E;
}
#else #else
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
err = sp_ecc_make_key_256(rng, &key->k, &key->pubkey, key->heap);
if (err == MP_OKAY)
key->type = ECC_PRIVATEKEY;
}
else
#endif
#endif
{
/* setup the key variables */ /* setup the key variables */
err = mp_init(&key->k); err = mp_init(&key->k);
@ -3196,6 +3233,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
/* cleanup allocations */ /* cleanup allocations */
wc_ecc_curve_free(curve); wc_ecc_curve_free(curve);
}
#endif /* WOLFSSL_ATECC508A */ #endif /* WOLFSSL_ATECC508A */
@ -3553,6 +3591,19 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
#ifdef WOLFSSL_HAVE_SP_ECC
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
defined(WOLFSSL_ASYNC_CRYPT_TEST)
if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC)
#endif
{
#ifndef WOLFSSL_SP_NO_256
if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1)
return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->heap);
#endif
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
defined(WOLFSSL_ASYNC_CRYPT_TEST) defined(WOLFSSL_ASYNC_CRYPT_TEST)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
@ -4142,6 +4193,20 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
} }
} }
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
defined(WOLFSSL_ASYNC_CRYPT_TEST)
if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC)
#endif
{
if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1)
return sp_ecc_verify_256(hash, hashlen, key->pubkey.x, key->pubkey.y,
key->pubkey.z,r, s, res, key->heap);
}
#endif
#endif
err = mp_init(&e); err = mp_init(&e);
if (err != MP_OKAY) if (err != MP_OKAY)
return MEMORY_E; return MEMORY_E;
@ -4256,10 +4321,14 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
mp_digit mp; mp_digit mp;
/* compute u1*mG + u2*mQ = mG */ /* compute u1*mG + u2*mQ = mG */
if (err == MP_OKAY) if (err == MP_OKAY) {
err = wc_ecc_mulmod_ex(&u1, mG, mG, curve->Af, curve->prime, 0, key->heap); err = wc_ecc_mulmod_ex(&u1, mG, mG, curve->Af, curve->prime, 0,
if (err == MP_OKAY) key->heap);
err = wc_ecc_mulmod_ex(&u2, mQ, mQ, curve->Af, curve->prime, 0, key->heap); }
if (err == MP_OKAY) {
err = wc_ecc_mulmod_ex(&u2, mQ, mQ, curve->Af, curve->prime, 0,
key->heap);
}
/* find the montgomery mp */ /* find the montgomery mp */
if (err == MP_OKAY) if (err == MP_OKAY)
@ -4276,9 +4345,10 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
} }
#else #else
/* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */ /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
if (err == MP_OKAY) if (err == MP_OKAY) {
err = ecc_mul2add(mG, &u1, mQ, &u2, mG, curve->Af, curve->prime, err = ecc_mul2add(mG, &u1, mQ, &u2, mG, curve->Af, curve->prime,
key->heap); key->heap);
}
#endif /* ECC_SHAMIR */ #endif /* ECC_SHAMIR */
#endif /* FREESCALE_LTC_ECC */ #endif /* FREESCALE_LTC_ECC */
/* v = X_x1 mod n */ /* v = X_x1 mod n */
@ -4711,13 +4781,29 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
if (key == NULL) if (key == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
res = wc_ecc_new_point_h(key->heap);
if (res == NULL)
err = MEMORY_E;
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
if (err == MP_OKAY)
err = sp_ecc_mulmod_base_256(&key->k, res, 1, key->heap);
}
else
#endif
#endif
{
base = wc_ecc_new_point_h(key->heap); base = wc_ecc_new_point_h(key->heap);
if (base == NULL) if (base == NULL)
return MEMORY_E; err = MEMORY_E;
if (err == MP_OKAY) {
/* load curve info */ /* load curve info */
err = wc_ecc_curve_load(key->dp, &curve, err = wc_ecc_curve_load(key->dp, &curve,
(ECC_CURVE_FIELD_GX | ECC_CURVE_FIELD_GY)); (ECC_CURVE_FIELD_GX | ECC_CURVE_FIELD_GY));
}
/* set up base generator */ /* set up base generator */
if (err == MP_OKAY) if (err == MP_OKAY)
@ -4727,12 +4813,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
if (err == MP_OKAY) if (err == MP_OKAY)
err = mp_set(base->z, 1); err = mp_set(base->z, 1);
if (err == MP_OKAY) { if (err == MP_OKAY)
res = wc_ecc_new_point_h(key->heap);
if (res == NULL)
err = MEMORY_E;
else {
err = wc_ecc_mulmod_ex(&key->k, base, res, a, prime, 1, key->heap); err = wc_ecc_mulmod_ex(&key->k, base, res, a, prime, 1, key->heap);
}
if (err == MP_OKAY) { if (err == MP_OKAY) {
/* compare result to public key */ /* compare result to public key */
if (mp_cmp(res->x, key->pubkey.x) != MP_EQ || if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
@ -4742,8 +4826,6 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
err = ECC_PRIV_KEY_E; err = ECC_PRIV_KEY_E;
} }
} }
}
}
wc_ecc_curve_free(curve); wc_ecc_curve_free(curve);
wc_ecc_del_point_h(res, key->heap); wc_ecc_del_point_h(res, key->heap);
@ -4802,6 +4884,15 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
if (inf == NULL) if (inf == NULL)
err = MEMORY_E; err = MEMORY_E;
else { else {
#ifdef WOLFSSL_HAVE_SP_ECC
#ifndef WOLFSSL_SP_NO_256
if (key->idx != ECC_CUSTOM_IDX &&
ecc_sets[key->idx].id == ECC_SECP256R1) {
err = sp_ecc_mulmod_256(order, pubkey, inf, 1, key->heap);
}
else
#endif
#endif
err = wc_ecc_mulmod_ex(order, pubkey, inf, a, prime, 1, key->heap); err = wc_ecc_mulmod_ex(order, pubkey, inf, a, prime, 1, key->heap);
if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf)) if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
err = ECC_INF_E; err = ECC_INF_E;

43
wolfcrypt/src/rsa.c
View File

@ -31,6 +31,10 @@
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#ifdef WOLFSSL_HAVE_SP_RSA
#include <wolfssl/wolfcrypt/sp.h>
#endif
/* /*
Possible RSA enable options: Possible RSA enable options:
* NO_RSA: Overall control of RSA default: on (not defined) * NO_RSA: Overall control of RSA default: on (not defined)
@ -1136,6 +1140,45 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
int ret = 0; int ret = 0;
word32 keyLen, len; word32 keyLen, len;
#ifdef WOLFSSL_HAVE_SP_RSA
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->n) == 2048) {
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WC_RSA_BLINDING
if (rng == NULL)
return MISSING_RNG_E;
#endif
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
return sp_RsaPublic_2048(in, inLen, &key->e, &key->n, out, outLen);
}
}
#endif
#ifndef WOLFSSL_SP_NO_3072
if (mp_count_bits(&key->n) == 3072) {
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WC_RSA_BLINDING
if (rng == NULL)
return MISSING_RNG_E;
#endif
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
return sp_RsaPublic_3072(in, inLen, &key->e, &key->n, out, outLen);
}
}
#endif
#endif /* WOLFSSL_HAVE_SP_RSA */
(void)rng; (void)rng;
if (mp_init(&tmp) != MP_OKAY) if (mp_init(&tmp) != MP_OKAY)

65664
wolfcrypt/src/sp.c 100644
View File

File diff suppressed because it is too large Load Diff

68
wolfcrypt/src/tfm.c
View File

@ -1928,11 +1928,29 @@ void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b) int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b)
{ {
#if DIGIT_BIT == 64 || DIGIT_BIT == 32
int i, j;
fp_digit n;
for (j=0,i=0; i<t->used-1; ) {
b[x++] = t->dp[i] >> j;
j += 8;
i += j == DIGIT_BIT;
j &= DIGIT_BIT - 1;
}
n = t->dp[i];
while (n != 0) {
b[x++] = n;
n >>= 8;
}
return x;
#else
while (fp_iszero (t) == FP_NO) { while (fp_iszero (t) == FP_NO) {
b[x++] = (unsigned char) (t->dp[0] & 255); b[x++] = (unsigned char) (t->dp[0] & 255);
fp_div_2d (t, 8, t, NULL); fp_div_2d (t, 8, t, NULL);
} }
return x; return x;
#endif
} }
void fp_to_unsigned_bin(fp_int *a, unsigned char *b) void fp_to_unsigned_bin(fp_int *a, unsigned char *b)
@ -3067,6 +3085,51 @@ static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if DIGIT_BIT == 64 || DIGIT_BIT == 32
static int fp_read_radix_16(fp_int *a, const char *str)
{
int i, j, k, neg;
char ch;
/* if the leading digit is a
* minus set the sign to negative.
*/
if (*str == '-') {
++str;
neg = FP_NEG;
} else {
neg = FP_ZPOS;
}
j = 0;
k = 0;
for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) {
ch = str[i];
if (ch >= '0' && ch <= '9')
ch -= '0';
else if (ch >= 'A' && ch <= 'F')
ch -= 'A' - 10;
else if (ch >= 'a' && ch <= 'f')
ch -= 'a' - 10;
else
return FP_VAL;
a->dp[k] |= ((fp_digit)ch) << j;
j += 4;
k += j == DIGIT_BIT;
j &= DIGIT_BIT - 1;
}
a->used = k + 1;
fp_clamp(a);
/* set the sign only if a != 0 */
if (fp_iszero(a) != FP_YES) {
a->sign = neg;
}
return FP_OKAY;
}
#endif
static int fp_read_radix(fp_int *a, const char *str, int radix) static int fp_read_radix(fp_int *a, const char *str, int radix)
{ {
int y, neg; int y, neg;
@ -3075,6 +3138,11 @@ static int fp_read_radix(fp_int *a, const char *str, int radix)
/* set the integer to the default of zero */ /* set the integer to the default of zero */
fp_zero (a); fp_zero (a);
#if DIGIT_BIT == 64 || DIGIT_BIT == 32
if (radix == 16)
return fp_read_radix_16(a, str);
#endif
/* make sure the radix is ok */ /* make sure the radix is ok */
if (radix < 2 || radix > 64) { if (radix < 2 || radix > 64) {
return FP_VAL; return FP_VAL;

2
wolfssl/wolfcrypt/cpuid.h
View File

@ -40,6 +40,7 @@
#define CPUID_RDSEED 0x0008 #define CPUID_RDSEED 0x0008
#define CPUID_BMI2 0x0010 /* MULX, RORX */ #define CPUID_BMI2 0x0010 /* MULX, RORX */
#define CPUID_AESNI 0x0020 #define CPUID_AESNI 0x0020
#define CPUID_ADX 0x0040 /* ADCX, ADOX */
#define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1) #define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1)
#define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2) #define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2)
@ -47,6 +48,7 @@
#define IS_INTEL_RDSEED(f) ((f) & CPUID_RDSEED) #define IS_INTEL_RDSEED(f) ((f) & CPUID_RDSEED)
#define IS_INTEL_BMI2(f) ((f) & CPUID_BMI2) #define IS_INTEL_BMI2(f) ((f) & CPUID_BMI2)
#define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI) #define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI)
#define IS_INTEL_ADX(f) ((f) & CPUID_ADX)
void cpuid_set_flags(void); void cpuid_set_flags(void);
word32 cpuid_get_flags(void); word32 cpuid_get_flags(void);

4
wolfssl/wolfcrypt/include.am
View File

@ -85,3 +85,7 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist.h
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist_mem.h nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist_mem.h
endif endif
if BUILD_SP
nobase_include_HEADERS+= wolfssl/wolfcrypt/sp.h
endif

124
wolfssl/wolfcrypt/sp.h 100644
View File

@ -0,0 +1,124 @@
/* sp.h
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLF_CRYPT_SP_H
#define WOLF_CRYPT_SP_H
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(WOLFSSL_HAVE_SP_ECC)
#include <stdint.h>
#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/ecc.h>
#if defined(NO_64BIT) || !defined(HAVE___UINT128_T)
#define SP_WORD_SIZE 32
#else
#define SP_WORD_SIZE 64
#endif
#if !defined(WOLFSSL_X86_64_BUILD) || !defined(USE_INTEL_SPEEDUP)
#if SP_WORD_SIZE == 32
typedef int32_t sp_digit;
#elif SP_WORD_SIZE == 64
typedef int64_t sp_digit;
typedef long int128_t __attribute__ ((mode(TI)));
#else
#error Word size not defined
#endif
#else
#if SP_WORD_SIZE == 32
typedef uint32_t sp_digit;
#elif SP_WORD_SIZE == 64
typedef uint64_t sp_digit;
typedef unsigned long uint128_t __attribute__ ((mode(TI)));
typedef long int128_t __attribute__ ((mode(TI)));
#else
#error Word size not defined
#endif
#endif
#if defined(_MSC_VER)
#define SP_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define SP_NOINLINE __attribute__((noinline))
#else
#define 5P_NOINLINE
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
WOLFSSL_LOCAL int sp_RsaPublic_2048(const byte* in, word32 inLen,
mp_int* em, mp_int* mm, byte* out, word32* outLen);
WOLFSSL_LOCAL int sp_RsaPrivate_2048(const byte* in, word32 inLen,
mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim,
mp_int* mm, byte* out, word32* outLen);
WOLFSSL_LOCAL int sp_RsaPublic_3072(const byte* in, word32 inLen,
mp_int* em, mp_int* mm, byte* out, word32* outLen);
WOLFSSL_LOCAL int sp_RsaPrivate_3072(const byte* in, word32 inLen,
mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim,
mp_int* mm, byte* out, word32* outLen);
#endif /* WOLFSSL_HAVE_SP_RSA */
#ifdef WOLFSSL_HAVE_SP_DH
WOLFSSL_LOCAL int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen,
mp_int* mod, byte* out, word32* outLen);
WOLFSSL_LOCAL int sp_DhExp_3072(mp_int* base, const byte* exp, word32 expLen,
mp_int* mod, byte* out, word32* outLen);
#endif /* WOLFSSL_HAVE_SP_DH */
#ifdef WOLFSSL_HAVE_SP_ECC
int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* rm, int map,
void* heap);
int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* rm, int map, void* heap);
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap);
int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
word32* outlen, void* heap);
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
mp_int* rm, mp_int* sm, void* heap);
int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
#endif /*ifdef WOLFSSL_HAVE_SP_ECC */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH || WOLFSSL_HAVE_SP_ECC */
#endif /* WOLF_CRYPT_SP_H */

2
wolfssl/wolfcrypt/tfm.h
View File

@ -414,6 +414,8 @@ void fp_init_copy(fp_int *a, fp_int *b);
/* clamp digits */ /* clamp digits */
#define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; } #define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; }
#define mp_clamp(a) fp_clamp(a)
#define mp_grow(a,s) MP_OKAY
/* negate and absolute */ /* negate and absolute */
#define fp_neg(a, b) { fp_copy(a, b); (b)->sign ^= 1; fp_clamp(b); } #define fp_neg(a, b) { fp_copy(a, b); (b)->sign ^= 1; fp_clamp(b); }