Add tinycrypt 0.2.8
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/ext/tinycrypt/AUTHORS b/ext/tinycrypt/AUTHORS
index 3dd7d1e..0a8e9f8 100644
--- a/ext/tinycrypt/AUTHORS
+++ b/ext/tinycrypt/AUTHORS
@@ -1,2 +1,15 @@
-Open Source Maintainer: Constanza Heath <constanza.m.heath@intel.com>
-Author: Rafael Misoczki <rafael.misoczki@intel.com>
\ No newline at end of file
+Architect:
+Rafael Misoczki <rafael.misoczki@intel.com>
+
+Open Source Maintainer:
+Constanza Heath <constanza.m.heath@intel.com>
+Rafael Misoczki <rafael.misoczki@intel.com>
+
+Contributors:
+Constanza Heath <constanza.m.heath@intel.com>
+Rafael Misoczki <rafael.misoczki@intel.com>
+Flavio Santes <flavio.santes@intel.com>
+Jarkko Sakkinen <jarkko.sakkinen@intel.com>
+Chris Morrison
+Marti Bolivar
+Colin Ian King
diff --git a/ext/tinycrypt/LICENSE b/ext/tinycrypt/LICENSE
index a4f3868..2e1db51 100644
--- a/ext/tinycrypt/LICENSE
+++ b/ext/tinycrypt/LICENSE
@@ -5,7 +5,7 @@
================================================================================
- Copyright (c) 2015, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Intel Corporation. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@@ -34,8 +34,7 @@
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
-
-Copyright (c) 2013, Kenneth MacKay
+Copyright (c) 2014, Kenneth MacKay
All rights reserved.
https://github.com/kmackay/micro-ecc
diff --git a/ext/tinycrypt/Makefile b/ext/tinycrypt/Makefile
index 2a86c57..3c0e42b 100644
--- a/ext/tinycrypt/Makefile
+++ b/ext/tinycrypt/Makefile
@@ -1,6 +1,6 @@
################################################################################
#
-# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+# Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
#
# Global Makefile.
# See lib/Makefile and tests/Makefile for further configuration.
diff --git a/ext/tinycrypt/README b/ext/tinycrypt/README
index c0e96b7..fb52c19 100644
--- a/ext/tinycrypt/README
+++ b/ext/tinycrypt/README
@@ -5,7 +5,7 @@
================================================================================
- Copyright (c) 2015, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Intel Corporation. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@@ -50,6 +50,7 @@
Organization:
/lib: C source code of the cryptographic primitives.
+/lib/include/tinycrypt: C header files of the cryptographic primitives.
/tests: Test vectors of the cryptographic primitives.
/doc: Documentation of TinyCrypt.
@@ -60,6 +61,7 @@
1) In Makefile.conf set:
- CFLAGS for compiler flags.
- CC for compiler.
+ - ENABLE_TESTS for enabling (true) or disabling (false) tests compilation.
2) In lib/Makefile select the primitives required by your project.
3) In tests/Makefile select the corresponding tests of the selected primitives.
4) make
diff --git a/ext/tinycrypt/VERSION b/ext/tinycrypt/VERSION
index 53a75d6..a45be46 100644
--- a/ext/tinycrypt/VERSION
+++ b/ext/tinycrypt/VERSION
@@ -1 +1 @@
-0.2.6
+0.2.8
diff --git a/ext/tinycrypt/config.mk b/ext/tinycrypt/config.mk
index 9642066..a5b9fb7 100644
--- a/ext/tinycrypt/config.mk
+++ b/ext/tinycrypt/config.mk
@@ -1,11 +1,12 @@
################################################################################
#
-# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+# Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
#
# Global configuration Makefile. Included everywhere.
#
################################################################################
+# EDIT HERE:
CC:=gcc
CFLAGS:=-Os -std=c99 -Wall -Wextra -D_ISOC99_SOURCE -MMD -I../lib/include/ -I../lib/source/ -I../tests/include/
vpath %.c ../lib/source/
@@ -19,11 +20,16 @@
DOTEXE:=.exe
endif
-# DO NOT EDIT THIS:
+# DO NOT EDIT AFTER THIS POINT:
ifeq ($(ENABLE_TESTS), true)
CFLAGS += -DENABLE_TESTS
else
CFLAGS += -DDISABLE_TESTS
endif
+export CC
+export CFLAGS
+export VPATH
+export ENABLE_TESTS
+
################################################################################
diff --git a/ext/tinycrypt/documentation/tinycrypt.rst b/ext/tinycrypt/documentation/tinycrypt.rst
index 2f55d73..356c099 100644
--- a/ext/tinycrypt/documentation/tinycrypt.rst
+++ b/ext/tinycrypt/documentation/tinycrypt.rst
@@ -1,7 +1,7 @@
TinyCrypt Cryptographic Library
###############################
-Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
Overview
********
@@ -72,13 +72,13 @@
* ECC-DH:
- * Type of primitive: Key exchange.
+ * Type of primitive: Key exchange based on curve NIST p-256.
* Standard Specification: RFC 6090.
* Requires: ECC auxiliary functions (ecc.h/c).
* ECC-DSA:
- * Type of primitive: Digital signature.
+ * Type of primitive: Digital signature based on curve NIST p-256.
* Standard Specification: RFC 6090.
* Requires: ECC auxiliary functions (ecc.h/c).
@@ -102,15 +102,17 @@
The cryptographic implementations in TinyCrypt library have some limitations.
Some of these limitations are inherent to the cryptographic primitives
-themselves, while others are specific to TinyCrypt. Some of these limitations
-are discussed in-depth below.
+themselves, while others are specific to TinyCrypt. These limitations were accepted
+in order to meet its design goals (in special, minimal code size) and to better
+serve applications targeting constrained devices in general. Some of these
+limitations are discussed in-depth below.
General Remarks
***************
* TinyCrypt does **not** intend to be fully side-channel resistant. Due to the
- variety of side-channel attacks, many of them making certain platforms
- vulnerable. In this sense, instead of penalizing all library users with
+ variety of side-channel attacks, many of them only relevant to certain
+ platforms. In this sense, instead of penalizing all library users with
side-channel countermeasures such as increasing the overall code size,
TinyCrypt only implements certain generic timing-attack countermeasures.
@@ -134,7 +136,9 @@
* The tc_hmac_final function, responsible for computing the message tag,
cleans the state context before exiting. Thus, applications do not need to
- clean the TCHmacState_t ctx after calling tc_hmac_final.
+ clean the TCHmacState_t ctx after calling tc_hmac_final. This should not
+ be changed in future versions of the library as there are applications
+ currently relying on this good-practice/feature of TinyCrypt.
* HMAC-PRNG:
@@ -160,7 +164,7 @@
* The AES-CTR mode limits the size of a data message they encrypt to 2^32
blocks. If you need to encrypt larger data sets, your application would
need to replace the key after 2^32 block encryptions.
-
+
* CTR-PRNG:
* Before using CTR-PRNG, you *must* find an entropy source to produce a seed.
@@ -231,11 +235,10 @@
* ECC-DH and ECC-DSA:
- * TinyCrypt ECC implementation is based on nano-ecc (see
- https://github.com/iSECPartners/nano-ecc) which in turn is based on
- mciro-ecc (see https://github.com/kmackay/micro-ecc). In the original
- nano and micro-ecc documentation, there is an important remark about the
- way integers are represented:
+ * TinyCrypt ECC implementation is based on micro-ecc (see
+ https://github.com/kmackay/micro-ecc). In the original micro-ecc
+ documentation, there is an important remark about the way integers are
+ represented:
"Integer representation: To reduce code size, all large integers are
represented using little-endian words - so the least significant word is
@@ -243,6 +246,13 @@
functions to convert between the native integer representation and the
standardized octet representation."
+ Note that the assumed bit layout is: {31, 30, ..., 0}, {63, 62, ..., 32},
+ {95, 94, ..., 64}, {127, 126, ..., 96} for a very-long-integer (vli)
+ consisting of 4 unsigned integers (as an example).
+
+ * A cryptographically-secure PRNG function must be set (using uECC_set_rng())
+ before calling uECC_make_key() or uECC_sign().
+
Examples of Applications
************************
It is possible to do useful cryptography with only the given small set of
@@ -321,9 +331,9 @@
.. _NIST SP 800-38C (AES-CCM):
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
-* `NIST Statistical Test Suite`_
+* `NIST Statistical Test Suite (useful for testing HMAC-PRNG)`_
-.. _NIST Statistical Test Suite:
+.. _NIST Statistical Test Suite (useful for testing HMAC-PRNG):
http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
* `NIST Cryptographic Algorithm Validation Program (CAVP) site`_
diff --git a/ext/tinycrypt/lib/Makefile b/ext/tinycrypt/lib/Makefile
index ee831e8..9c4d8e2 100644
--- a/ext/tinycrypt/lib/Makefile
+++ b/ext/tinycrypt/lib/Makefile
@@ -1,8 +1,8 @@
################################################################################
#
-# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+# Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
#
-# Cryptographic Primitives Makefile.
+# Cryptographic Primitives Makefile.
#
################################################################################
diff --git a/ext/tinycrypt/lib/include/tinycrypt/aes.h b/ext/tinycrypt/lib/include/tinycrypt/aes.h
index b6dbbb5..b612213 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/aes.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/aes.h
@@ -1,7 +1,7 @@
/* aes.h - TinyCrypt interface to an AES-128 implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -61,10 +61,9 @@
#define TC_AES_BLOCK_SIZE (Nb*Nk)
#define TC_AES_KEY_SIZE (Nb*Nk)
-struct tc_aes_key_sched_struct {
- uint32_t words[Nb*(Nr+1)];
-};
-typedef struct tc_aes_key_sched_struct *TCAesKeySched_t;
+typedef struct tc_aes_key_sched_struct {
+ unsigned int words[Nb*(Nr+1)];
+} *TCAesKeySched_t;
/**
* @brief Set AES-128 encryption key
@@ -77,7 +76,7 @@
* @param s IN/OUT -- initialized struct tc_aes_key_sched_struct
* @param k IN -- points to the AES key
*/
-int32_t tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k);
+int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k);
/**
* @brief AES-128 Encryption procedure
@@ -91,9 +90,8 @@
* @param in IN -- a plaintext block to encrypt
* @param s IN -- initialized AES key schedule
*/
-int32_t tc_aes_encrypt(uint8_t *out,
- const uint8_t *in,
- const TCAesKeySched_t s);
+int tc_aes_encrypt(uint8_t *out, const uint8_t *in,
+ const TCAesKeySched_t s);
/**
* @brief Set the AES-128 decryption key
@@ -109,7 +107,7 @@
* @param s IN/OUT -- initialized struct tc_aes_key_sched_struct
* @param k IN -- points to the AES key
*/
-int32_t tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k);
+int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k);
/**
* @brief AES-128 Encryption procedure
@@ -122,12 +120,11 @@
* @param in IN -- a plaintext block to encrypt
* @param s IN -- initialized AES key schedule
*/
-int32_t tc_aes_decrypt(uint8_t *out,
- const uint8_t *in,
- const TCAesKeySched_t s);
+int tc_aes_decrypt(uint8_t *out, const uint8_t *in,
+ const TCAesKeySched_t s);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_AES_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h b/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
index 74d2914..4a837fd 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
@@ -1,7 +1,7 @@
/* cbc_mode.h - TinyCrypt interface to a CBC mode implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -107,9 +107,9 @@
* @param iv IN -- the IV for the this encrypt/decrypt
* @param sched IN -- AES key schedule for this encrypt
*/
-int32_t tc_cbc_mode_encrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, const uint8_t *iv,
- const TCAesKeySched_t sched);
+int tc_cbc_mode_encrypt(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched);
/**
* @brief CBC decryption procedure
@@ -140,12 +140,12 @@
* @param sched IN -- AES key schedule for this decrypt
*
*/
-int32_t tc_cbc_mode_decrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, const uint8_t *iv,
- const TCAesKeySched_t sched);
+int tc_cbc_mode_decrypt(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_CBC_MODE_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h b/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
index 9fa5915..69c798e 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
@@ -1,7 +1,7 @@
/* ccm_mode.h - TinyCrypt interface to a CCM mode implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -91,7 +91,7 @@
typedef struct tc_ccm_mode_struct {
TCAesKeySched_t sched; /* AES key schedule */
uint8_t *nonce; /* nonce required by CCM */
- uint32_t mlen; /* mac length in bytes (parameter t in SP-800 38C) */
+ unsigned int mlen; /* mac length in bytes (parameter t in SP-800 38C) */
} *TCCcmMode_t;
/**
@@ -108,8 +108,8 @@
* @param nlen -- nonce length in bytes
* @param mlen -- mac length in bytes (parameter t in SP-800 38C)
*/
-int32_t tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
- uint32_t nlen, uint32_t mlen);
+int tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
+ unsigned int nlen, unsigned int mlen);
/**
* @brief CCM tag generation and encryption procedure
@@ -120,15 +120,19 @@
* ((plen > 0) and (payload == NULL)) or
* ((alen > 0) and (associated_data == NULL)) or
* (alen >= TC_CCM_AAD_MAX_BYTES) or
- * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES) or
+ * (olen < plen + maclength)
*
* @param out OUT -- encrypted data
+ * @param olen IN -- output length in bytes
* @param associated_data IN -- associated data
* @param alen IN -- associated data length in bytes
* @param payload IN -- payload
* @param plen IN -- payload length in bytes
* @param c IN -- CCM state
*
+ * @note: out buffer should be at least (plen + c->mlen) bytes long.
+ *
* @note: The sequence b for encryption is formatted as follows:
* b = [FLAGS | nonce | counter ], where:
* FLAGS is 1 byte long
@@ -149,9 +153,10 @@
* 6: Adata (0 if alen == 0, and 1 otherwise)
* 7: always 0
*/
-int32_t tc_ccm_generation_encryption(uint8_t *out, const uint8_t *associated_data,
- uint32_t alen, const uint8_t *payload,
- uint32_t plen, TCCcmMode_t c);
+int tc_ccm_generation_encryption(uint8_t *out, unsigned int olen,
+ const uint8_t *associated_data,
+ unsigned int alen, const uint8_t *payload,
+ unsigned int plen, TCCcmMode_t c);
/**
* @brief CCM decryption and tag verification procedure
@@ -162,7 +167,8 @@
* ((plen > 0) and (payload == NULL)) or
* ((alen > 0) and (associated_data == NULL)) or
* (alen >= TC_CCM_AAD_MAX_BYTES) or
- * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES) or
+ * (olen < plen - c->mlen)
*
* @param out OUT -- decrypted data
* @param associated_data IN -- associated data
@@ -171,6 +177,8 @@
* @param plen IN -- payload length in bytes
* @param c IN -- CCM state
*
+ * @note: out buffer should be at least (plen - c->mlen) bytes long.
+ *
* @note: The sequence b for encryption is formatted as follows:
* b = [FLAGS | nonce | counter ], where:
* FLAGS is 1 byte long
@@ -191,11 +199,13 @@
* 6: Adata (0 if alen == 0, and 1 otherwise)
* 7: always 0
*/
-int32_t tc_ccm_decryption_verification(uint8_t *out, const uint8_t *associated_data,
- uint32_t alen, const uint8_t *payload, uint32_t plen,
- TCCcmMode_t c);
+int tc_ccm_decryption_verification(uint8_t *out, unsigned int olen,
+ const uint8_t *associated_data,
+ unsigned int alen, const uint8_t *payload, unsigned int plen,
+ TCCcmMode_t c);
+
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_CCM_MODE_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h b/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
index 9d3f130..f44b0a5 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
@@ -1,7 +1,7 @@
/* cmac_mode.h -- interface to a CMAC implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -119,9 +119,9 @@
/* where to put bytes that didn't fill a block */
uint8_t leftover[TC_AES_BLOCK_SIZE];
/* identifies the encryption key */
- uint32_t keyid;
+ unsigned int keyid;
/* next available leftover location */
- uint32_t leftover_offset;
+ unsigned int leftover_offset;
/* AES key schedule */
TCAesKeySched_t sched;
/* calls to tc_cmac_update left before re-key */
@@ -139,8 +139,8 @@
* @param key IN -- the key to use
* @param sched IN -- AES key schedule
*/
-int32_t tc_cmac_setup(TCCmacState_t s, const uint8_t *key,
- TCAesKeySched_t sched);
+int tc_cmac_setup(TCCmacState_t s, const uint8_t *key,
+ TCAesKeySched_t sched);
/**
* @brief Erases the CMAC state
@@ -150,7 +150,7 @@
*
* @param s IN/OUT -- the state to erase
*/
-int32_t tc_cmac_erase(TCCmacState_t s);
+int tc_cmac_erase(TCCmacState_t s);
/**
* @brief Initializes a new CMAC computation
@@ -160,7 +160,7 @@
*
* @param s IN/OUT -- the state to initialize
*/
-int32_t tc_cmac_init(TCCmacState_t s);
+int tc_cmac_init(TCCmacState_t s);
/**
* @brief Incrementally computes CMAC over the next data segment
@@ -173,7 +173,7 @@
* @param data IN -- the next data segment to MAC
* @param dlen IN -- the length of data in bytes
*/
-int32_t tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t dlen);
+int tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t dlen);
/**
* @brief Generates the tag from the CMAC state
@@ -185,10 +185,10 @@
* @param tag OUT -- the CMAC tag
* @param s IN -- CMAC state
*/
-int32_t tc_cmac_final(uint8_t *tag, TCCmacState_t s);
+int tc_cmac_final(uint8_t *tag, TCCmacState_t s);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_CMAC_MODE_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/constants.h b/ext/tinycrypt/lib/include/tinycrypt/constants.h
index 1a7c9df..965490e 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/constants.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/constants.h
@@ -1,7 +1,7 @@
/* constants.h - TinyCrypt interface to constants */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -43,6 +43,8 @@
extern "C" {
#endif
+#include <stdbool.h>
+
#ifndef NULL
#define NULL ((void *)0)
#endif
@@ -56,4 +58,4 @@
}
#endif
-#endif
+#endif /* __TC_CONSTANTS_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h b/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
index 5f7766d..dc221f9 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
@@ -1,7 +1,7 @@
/* ctr_mode.h - TinyCrypt interface to CTR mode */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -98,11 +98,11 @@
* @param ctr IN/OUT -- the current counter value
* @param sched IN -- an initialized AES key schedule
*/
-int32_t tc_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched);
+int tc_ctr_mode(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, uint8_t *ctr, const TCAesKeySched_t sched);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_CTR_MODE_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h b/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
index 12cac8f..9be06db 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
@@ -67,8 +67,7 @@
extern "C" {
#endif
-typedef struct
-{
+typedef struct {
/* updated each time another BLOCKLEN_BYTES bytes are produced */
uint8_t V[TC_AES_BLOCK_SIZE];
@@ -99,11 +98,11 @@
* @param plen IN -- personalization length in bytes
*
*/
-int32_t tc_ctr_prng_init(TCCtrPrng_t * const ctx,
- uint8_t const * const entropy,
- uint32_t entropyLen,
- uint8_t const * const personalization,
- uint32_t pLen);
+int tc_ctr_prng_init(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ unsigned int entropyLen,
+ uint8_t const * const personalization,
+ unsigned int pLen);
/**
* @brief CTR-PRNG reseed procedure
@@ -124,11 +123,11 @@
* @param additional_input IN -- additional input to the prng (may be null)
* @param additionallen IN -- additional input length in bytes
*/
-int32_t tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
- uint8_t const * const entropy,
- uint32_t entropyLen,
- uint8_t const * const additional_input,
- uint32_t additionallen);
+int tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ unsigned int entropyLen,
+ uint8_t const * const additional_input,
+ unsigned int additionallen);
/**
* @brief CTR-PRNG generate procedure
@@ -146,11 +145,11 @@
* @param out IN/OUT -- buffer to receive output
* @param outlen IN -- size of out buffer in bytes
*/
-int32_t tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
- uint8_t const * const additional_input,
- uint32_t additionallen,
- uint8_t * const out,
- uint32_t outlen);
+int tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
+ uint8_t const * const additional_input,
+ unsigned int additionallen,
+ uint8_t * const out,
+ unsigned int outlen);
/**
* @brief CTR-PRNG uninstantiate procedure
@@ -164,4 +163,4 @@
}
#endif
-#endif
+#endif /* __TC_CTR_PRNG_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc.h b/ext/tinycrypt/lib/include/tinycrypt/ecc.h
index 74324f9..8abc949 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ecc.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc.h
@@ -1,10 +1,7 @@
-/* ecc.h - TinyCrypt interface to ECC auxiliary functions */
+/* ecc.h - TinyCrypt interface to common ECC functions */
-/*
- * =============================================================================
- * Copyright (c) 2013, Kenneth MacKay
+/* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
- * https://github.com/kmackay/micro-ecc
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -27,9 +24,10 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
- *
- * =============================================================================
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ */
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -60,9 +58,9 @@
/**
* @file
- * @brief -- Interface to ECC auxiliary functions.
+ * @brief -- Interface to common ECC functions.
*
- * Overview: This software is an implementation of auxiliary functions
+ * Overview: This software is an implementation of common functions
* necessary to elliptic curve cryptography. This implementation uses
* curve NIST p-256.
*
@@ -70,8 +68,8 @@
*
*/
-#ifndef __TC_ECC_H__
-#define __TC_ECC_H__
+#ifndef __TC_UECC_H__
+#define __TC_UECC_H__
#include <stdint.h>
@@ -80,278 +78,468 @@
#endif
/* Word size (4 bytes considering 32-bits architectures) */
-#define WORD_SIZE 4
+#define uECC_WORD_SIZE 4
+
+/* setting max number of calls to prng: */
+#ifndef uECC_RNG_MAX_TRIES
+#define uECC_RNG_MAX_TRIES 64
+#endif
+
+/* defining data types to store word and bit counts: */
+typedef int8_t wordcount_t;
+typedef int16_t bitcount_t;
+/* defining data type for comparison result: */
+typedef int8_t cmpresult_t;
+/* defining data type to store ECC coordinate/point in 32bits words: */
+typedef unsigned int uECC_word_t;
+/* defining data type to store an ECC coordinate/point in 64bits words: */
+typedef uint64_t uECC_dword_t;
+
+/* defining masks useful for ecc computations: */
+#define HIGH_BIT_SET 0x80000000
+#define uECC_WORD_BITS 32
+#define uECC_WORD_BITS_SHIFT 5
+#define uECC_WORD_BITS_MASK 0x01F
+
/* Number of words of 32 bits to represent an element of the the curve p-256: */
-#define NUM_ECC_DIGITS 8
+#define NUM_ECC_WORDS 8
/* Number of bytes to represent an element of the the curve p-256: */
-#define NUM_ECC_BYTES (WORD_SIZE*NUM_ECC_DIGITS)
+#define NUM_ECC_BYTES (uECC_WORD_SIZE*NUM_ECC_WORDS)
-/* struct to represent a point of the curve (uses X and Y coordinates): */
-typedef struct EccPoint {
- uint32_t x[NUM_ECC_DIGITS];
- uint32_t y[NUM_ECC_DIGITS];
-} EccPoint;
-
-/* struct to represent a point of the curve in Jacobian coordinates
- * (uses X, Y and Z coordinates):
- */
-typedef struct EccPointJacobi {
- uint32_t X[NUM_ECC_DIGITS];
- uint32_t Y[NUM_ECC_DIGITS];
- uint32_t Z[NUM_ECC_DIGITS];
-} EccPointJacobi;
+/* structure that represents an elliptic curve (e.g. p256):*/
+struct uECC_Curve_t;
+typedef const struct uECC_Curve_t * uECC_Curve;
+struct uECC_Curve_t {
+ wordcount_t num_words;
+ wordcount_t num_bytes;
+ bitcount_t num_n_bits;
+ uECC_word_t p[NUM_ECC_WORDS];
+ uECC_word_t n[NUM_ECC_WORDS];
+ uECC_word_t G[NUM_ECC_WORDS * 2];
+ uECC_word_t b[NUM_ECC_WORDS];
+ void (*double_jacobian)(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * Z1,
+ uECC_Curve curve);
+ void (*x_side)(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve);
+ void (*mmod_fast)(uECC_word_t *result, uECC_word_t *product);
+};
/*
- * @brief Check if p_vli is zero.
- * @return returns non-zero if p_vli == 0, zero otherwise.
- *
- * @param p_native OUT -- will be filled in with the native integer value.
- * @param p_bytes IN -- standard octet representation of the integer to convert.
- *
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief computes doubling of point ion jacobian coordinates, in place.
+ * @param X1 IN/OUT -- x coordinate
+ * @param Y1 IN/OUT -- y coordinate
+ * @param Z1 IN/OUT -- z coordinate
+ * @param curve IN -- elliptic curve
*/
-uint32_t vli_isZero(uint32_t *p_vli);
+void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * Z1, uECC_Curve curve);
/*
- * @brief Set the content of p_src in p_dest.
- *
- * @param p_dest OUT -- Destination buffer.
- * @param p_src IN -- Origin buffer.
- *
+ * @brief Computes x^3 + ax + b. result must not overlap x.
+ * @param result OUT -- x^3 + ax + b
+ * @param x IN -- value of x
+ * @param curve IN -- elliptic curve
*/
-void vli_set(uint32_t *p_dest, uint32_t *p_src);
+void x_side_default(uECC_word_t *result, const uECC_word_t *x,
+ uECC_Curve curve);
/*
- * @brief Computes the sign of p_left - p_right.
- * @return returns the sign of p_left - p_right.
- *
- * @param p_left IN -- buffer to be compared.
- * @param p_right IN -- buffer to be compared.
- * @param word_size IN -- size of the word.
- *
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief Computes result = product % curve_p
+ * from http://www.nsa.gov/ia/_files/nist-routines.pdf
+ * @param result OUT -- product % curve_p
+ * @param product IN -- value to be reduced mod curve_p
*/
-int32_t vli_cmp(uint32_t *p_left, uint32_t *p_right, int32_t word_size);
+void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int *product);
+
+/* Bytes to words ordering: */
+#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##d##c##b##a, 0x##h##g##f##e
+#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a
+#define BITS_TO_WORDS(num_bits) \
+ ((num_bits + ((uECC_WORD_SIZE * 8) - 1)) / (uECC_WORD_SIZE * 8))
+#define BITS_TO_BYTES(num_bits) ((num_bits + 7) / 8)
+
+/* definition of curve NIST p-256: */
+static const struct uECC_Curve_t curve_secp256r1 = {
+ NUM_ECC_WORDS,
+ NUM_ECC_BYTES,
+ 256, /* num_n_bits */ {
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, 00, 00, 00, 00),
+ BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00),
+ BYTES_TO_WORDS_8(01, 00, 00, 00, FF, FF, FF, FF)
+ }, {
+ BYTES_TO_WORDS_8(51, 25, 63, FC, C2, CA, B9, F3),
+ BYTES_TO_WORDS_8(84, 9E, 17, A7, AD, FA, E6, BC),
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
+ BYTES_TO_WORDS_8(00, 00, 00, 00, FF, FF, FF, FF)
+ }, {
+ BYTES_TO_WORDS_8(96, C2, 98, D8, 45, 39, A1, F4),
+ BYTES_TO_WORDS_8(A0, 33, EB, 2D, 81, 7D, 03, 77),
+ BYTES_TO_WORDS_8(F2, 40, A4, 63, E5, E6, BC, F8),
+ BYTES_TO_WORDS_8(47, 42, 2C, E1, F2, D1, 17, 6B),
+
+ BYTES_TO_WORDS_8(F5, 51, BF, 37, 68, 40, B6, CB),
+ BYTES_TO_WORDS_8(CE, 5E, 31, 6B, 57, 33, CE, 2B),
+ BYTES_TO_WORDS_8(16, 9E, 0F, 7C, 4A, EB, E7, 8E),
+ BYTES_TO_WORDS_8(9B, 7F, 1A, FE, E2, 42, E3, 4F)
+ }, {
+ BYTES_TO_WORDS_8(4B, 60, D2, 27, 3E, 3C, CE, 3B),
+ BYTES_TO_WORDS_8(F6, B0, 53, CC, B0, 06, 1D, 65),
+ BYTES_TO_WORDS_8(BC, 86, 98, 76, 55, BD, EB, B3),
+ BYTES_TO_WORDS_8(E7, 93, 3A, AA, D8, 35, C6, 5A)
+ },
+ &double_jacobian_default,
+ &x_side_default,
+ &vli_mmod_fast_secp256r1
+};
+
+uECC_Curve uECC_secp256r1(void);
/*
- * @brief Computes p_result = p_left - p_right, returns borrow.
- * @return returns the sign of p_left - p_right.
+ * @brief Generates a random integer in the range 0 < random < top.
+ * Both random and top have num_words words.
+ * @param random OUT -- random integer in the range 0 < random < top
+ * @param top IN -- upper limit
+ * @param num_words IN -- number of words
+ * @return a random integer in the range 0 < random < top
+ */
+int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
+ wordcount_t num_words);
+
+
+/* uECC_RNG_Function type
+ * The RNG function should fill 'size' random bytes into 'dest'. It should
+ * return 1 if 'dest' was filled with random data, or 0 if the random data could
+ * not be generated. The filled-in values should be either truly random, or from
+ * a cryptographically-secure PRNG.
*
- * @param p_result IN -- buffer to be compared.
- * @param p_left IN -- buffer p_left in (p_left - p_right).
- * @param p_right IN -- buffer p_right in (p_left - p_right).
- * @param word_size IN -- size of the word.
+ * A correctly functioning RNG function must be set (using uECC_set_rng())
+ * before calling uECC_make_key() or uECC_sign().
*
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * Setting a correctly functioning RNG function improves the resistance to
+ * side-channel attacks for uECC_shared_secret().
+ *
+ * A correct RNG function is set by default. If you are building on another
+ * POSIX-compliant system that supports /dev/random or /dev/urandom, you can
+ * define uECC_POSIX to use the predefined RNG.
+ */
+typedef int(*uECC_RNG_Function)(uint8_t *dest, unsigned int size);
+
+/*
+ * @brief Set the function that will be used to generate random bytes. The RNG
+ * function should return 1 if the random data was generated, or 0 if the random
+ * data could not be generated.
+ *
+ * @note On platforms where there is no predefined RNG function, this must be
+ * called before uECC_make_key() or uECC_sign() are used.
+ *
+ * @param rng_function IN -- function that will be used to generate random bytes
+ */
+void uECC_set_rng(uECC_RNG_Function rng_function);
+
+/*
+ * @brief provides current uECC_RNG_Function.
+ * @return Returns the function that will be used to generate random bytes.
+ */
+uECC_RNG_Function uECC_get_rng(void);
+
+/*
+ * @brief computes the size of a private key for the curve in bytes.
+ * @param curve IN -- elliptic curve
+ * @return size of a private key for the curve in bytes.
+ */
+int uECC_curve_private_key_size(uECC_Curve curve);
+
+/*
+ * @brief computes the size of a public key for the curve in bytes.
+ * @param curve IN -- elliptic curve
+ * @return the size of a public key for the curve in bytes.
+ */
+int uECC_curve_public_key_size(uECC_Curve curve);
+
+/*
+ * @brief Compute the corresponding public key for a private key.
+ * @param private_key IN -- The private key to compute the public key for
+ * @param public_key OUT -- Will be filled in with the corresponding public key
+ * @param curve
+ * @return Returns 1 if key was computed successfully, 0 if an error occurred.
+ */
+int uECC_compute_public_key(const uint8_t *private_key,
+ uint8_t *public_key, uECC_Curve curve);
+
+/*
+ * @brief Compute public-key.
+ * @return corresponding public-key.
+ * @param result OUT -- public-key
+ * @param private_key IN -- private-key
+ * @param curve IN -- elliptic curve
+ */
+uECC_word_t EccPoint_compute_public_key(uECC_word_t *result,
+ uECC_word_t *private_key, uECC_Curve curve);
+
+/*
+ * @brief Regularize the bitcount for the private key so that attackers cannot
+ * use a side channel attack to learn the number of leading zeros.
+ * @return Regularized k
+ * @param k IN -- private-key
+ * @param k0 IN/OUT -- regularized k
+ * @param k1 IN/OUT -- regularized k
+ * @param curve IN -- elliptic curve
+ */
+uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0,
+ uECC_word_t *k1, uECC_Curve curve);
+
+/*
+ * @brief Point multiplication algorithm using Montgomery's ladder with co-Z
+ * coordinates. See http://eprint.iacr.org/2011/338.pdf.
+ * @note Result may overlap point.
+ * @param result OUT -- returns scalar*point
+ * @param point IN -- elliptic curve point
+ * @param scalar IN -- scalar
+ * @param initial_Z IN -- initial value for z
+ * @param num_bits IN -- number of bits in scalar
+ * @param curve IN -- elliptic curve
+ */
+void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
+ const uECC_word_t * scalar, const uECC_word_t * initial_Z,
+ bitcount_t num_bits, uECC_Curve curve);
+
+/*
+ * @brief Constant-time comparison to zero - secure way to compare long integers
+ * @param vli IN -- very long integer
+ * @param num_words IN -- number of words in the vli
+ * @return 1 if vli == 0, 0 otherwise.
+ */
+uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words);
+
+/*
+ * @brief Check if 'point' is the point at infinity
+ * @param point IN -- elliptic curve point
+ * @param curve IN -- elliptic curve
+ * @return if 'point' is the point at infinity, 0 otherwise.
+ */
+uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve);
+
+/*
+ * @brief computes the sign of left - right, in constant time.
+ * @param left IN -- left term to be compared
+ * @param right IN -- right term to be compared
+ * @param num_words IN -- number of words
+ * @return the sign of left - right
+ */
+cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
+
+/*
+ * @brief computes sign of left - right, not in constant time.
+ * @note should not be used if inputs are part of a secret
+ * @param left IN -- left term to be compared
+ * @param right IN -- right term to be compared
+ * @param num_words IN -- number of words
+ * @return the sign of left - right
+ */
+cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes result = (left - right) % mod.
+ * @note Assumes that (left < mod) and (right < mod), and that result does not
+ * overlap mod.
+ * @param result OUT -- (left - right) % mod
+ * @param left IN -- leftright term in modular subtraction
+ * @param right IN -- right term in modular subtraction
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes P' = (x1', y1', Z3), P + Q = (x3, y3, Z3) or
+ * P => P', Q => P + Q
+ * @note assumes Input P = (x1, y1, Z), Q = (x2, y2, Z)
+ * @param X1 IN -- x coordinate of P
+ * @param Y1 IN -- y coordinate of P
+ * @param X2 IN -- x coordinate of Q
+ * @param Y2 IN -- y coordinate of Q
+ * @param curve IN -- elliptic curve
+ */
+void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * X2,
+ uECC_word_t * Y2, uECC_Curve curve);
+
+/*
+ * @brief Computes (x1 * z^2, y1 * z^3)
+ * @param X1 IN -- previous x1 coordinate
+ * @param Y1 IN -- previous y1 coordinate
+ * @param Z IN -- z value
+ * @param curve IN -- elliptic curve
+ */
+void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
+ uECC_Curve curve);
+
+/*
+ * @brief Check if bit is set.
+ * @return Returns nonzero if bit 'bit' of vli is set.
+ * @warning It is assumed that the value provided in 'bit' is within the
+ * boundaries of the word-array 'vli'.
+ * @note The bit ordering layout assumed for vli is: {31, 30, ..., 0},
+ * {63, 62, ..., 32}, {95, 94, ..., 64}, {127, 126,..., 96} for a vli consisting
+ * of 4 uECC_word_t elements.
+ */
+uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit);
+
+/*
+ * @brief Computes result = product % mod, where product is 2N words long.
+ * @param result OUT -- product % mod
+ * @param mod IN -- module
+ * @param num_words IN -- number of words
+ * @warning Currently only designed to work for curve_p or curve_n.
+ */
+void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
+ const uECC_word_t *mod, wordcount_t num_words);
+
+/*
+ * @brief Computes modular product (using curve->mmod_fast)
+ * @param result OUT -- (left * right) mod % curve_p
+ * @param left IN -- left term in product
+ * @param right IN -- right term in product
+ * @param curve IN -- elliptic curve
+ */
+void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, uECC_Curve curve);
+
+/*
+ * @brief Computes result = left - right.
* @note Can modify in place.
+ * @param result OUT -- left - right
+ * @param left IN -- left term in subtraction
+ * @param right IN -- right term in subtraction
+ * @param num_words IN -- number of words
+ * @return borrow
*/
-uint32_t vli_sub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t word_size);
+uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words);
/*
- * @brief Conditional set: sets either 'p_true' or 'p_false' to 'output',
- * depending on the value of 'cond'.
- *
- * @param output OUT -- result buffer after setting either p_true or p_false.
- * @param p_true IN -- buffer to be used if cond is true.
- * @param p_false IN -- buffer to be used if cond is false.
- * @param cond IN -- boolean value that will determine which value will be set
- * to output.
+ * @brief Constant-time comparison function(secure way to compare long ints)
+ * @param left IN -- left term in comparison
+ * @param right IN -- right term in comparison
+ * @param num_words IN -- number of words
+ * @return Returns 0 if left == right, 1 otherwise.
*/
-void vli_cond_set(uint32_t *output, uint32_t *p_true, uint32_t *p_false,
- uint32_t cond);
+uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
/*
- * @brief Computes p_result = (p_left + p_right) % p_mod.
- *
- * @param p_result OUT -- result buffer.
- * @param p_left IN -- buffer p_left in (p_left + p_right) % p_mod.
- * @param p_right IN -- buffer p_right in (p_left + p_right) % p_mod.
- * @param p_mod IN -- module.
- *
- * @note Assumes that p_left < p_mod and p_right < p_mod, p_result != p_mod.
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief Computes (left * right) % mod
+ * @param result OUT -- (left * right) % mod
+ * @param left IN -- left term in product
+ * @param right IN -- right term in product
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
*/
-void vli_modAdd(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod);
+void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
/*
- * @brief Computes p_result = (p_left - p_right) % p_mod.
- *
- * @param p_result OUT -- result buffer.
- * @param p_left IN -- buffer p_left in (p_left - p_right) % p_mod.
- * @param p_right IN -- buffer p_right in (p_left - p_right) % p_mod.
- * @param p_mod IN -- module.
- *
- * @note Assumes that p_left < p_mod and p_right < p_mod, p_result != p_mod.
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief Computes (1 / input) % mod
+ * @note All VLIs are the same size.
+ * @note See "Euclid's GCD to Montgomery Multiplication to the Great Divide"
+ * @param result OUT -- (1 / input) % mod
+ * @param input IN -- value to be modular inverted
+ * @param mod IN -- mod
+ * @param num_words -- number of words
*/
-void vli_modSub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod);
+void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input,
+ const uECC_word_t *mod, wordcount_t num_words);
/*
- * @brief Computes p_result = (p_left * p_right) % curve_p.
- *
- * @param p_result OUT -- result buffer.
- * @param p_left IN -- buffer p_left in (p_left * p_right) % curve_p.
- * @param p_right IN -- buffer p_right in (p_left * p_right) % curve_p.
+ * @brief Sets dest = src.
+ * @param dest OUT -- destination buffer
+ * @param src IN -- origin buffer
+ * @param num_words IN -- number of words
*/
-void vli_modMult_fast(uint32_t *p_result, uint32_t *p_left,
- uint32_t *p_right);
+void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src,
+ wordcount_t num_words);
/*
- * @brief Computes p_result = p_left^2 % curve_p.
- *
- * @param p_result OUT -- result buffer.
- * @param p_left IN -- buffer p_left in (p_left^2 % curve_p).
+ * @brief Computes (left + right) % mod.
+ * @note Assumes that (left < mod) and right < mod), and that result does not
+ * overlap mod.
+ * @param result OUT -- (left + right) % mod.
+ * @param left IN -- left term in addition
+ * @param right IN -- right term in addition
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
*/
-void vli_modSquare_fast(uint32_t *p_result, uint32_t *p_left);
+void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
/*
- * @brief Computes p_result = (p_left * p_right) % p_mod.
- *
- * @param p_result OUT -- result buffer.
- * @param p_left IN -- buffer p_left in (p_left * p_right) % p_mod.
- * @param p_right IN -- buffer p_right in (p_left * p_right) % p_mod.
- * @param p_mod IN -- module.
- * @param p_barrett IN -- used for Barrett reduction.
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief Counts the number of bits required to represent vli.
+ * @param vli IN -- very long integer
+ * @param max_words IN -- number of words
+ * @return number of bits in given vli
*/
-void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod, uint32_t *p_barrett);
+bitcount_t uECC_vli_numBits(const uECC_word_t *vli,
+ const wordcount_t max_words);
/*
- * @brief Computes modular inversion: (1/p_intput) % p_mod.
- *
- * @param p_result OUT -- result buffer.
- * @param p_input IN -- buffer p_input in (1/p_intput) % p_mod.
- * @param p_mod IN -- module.
- * @param p_barrett IN -- used for Barrett reduction.
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief Erases (set to 0) vli
+ * @param vli IN -- very long integer
+ * @param num_words IN -- number of words
*/
-void vli_modInv(uint32_t *p_result, uint32_t *p_input,
- uint32_t *p_mod, uint32_t *p_barrett);
+void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words);
/*
- * @brief modular reduction based on Barrett's method
- * @param p_result OUT -- p_product % p_mod.
- * @param p_product IN -- buffer p_product in (p_product % p_mod).
- * @param p_mod IN -- buffer p_mod in (p_product % p_mod).
- * @param p_barrett -- used for Barrett reduction.
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @brief check if it is a valid point in the curve
+ * @param point IN -- point to be checked
+ * @param curve IN -- elliptic curve
+ * @return 0 if point is valid
+ * @exception returns -1 if it is a point at infinity
+ * @exception returns -2 if x or y is smaller than p,
+ * @exception returns -3 if y^2 != x^3 + ax + b.
*/
-void vli_mmod_barrett(
- uint32_t *p_result,
- uint32_t *p_product,
- uint32_t *p_mod,
- uint32_t *p_barrett);
+int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve);
/*
- * @brief Check if a point is zero.
- * @return Returns 1 if p_point is the point at infinity, 0 otherwise.
+ * @brief Check if a public key is valid.
+ * @param public_key IN -- The public key to be checked.
+ * @return returns 0 if the public key is valid
+ * @exception returns -1 if it is a point at infinity
+ * @exception returns -2 if x or y is smaller than p,
+ * @exception returns -3 if y^2 != x^3 + ax + b.
+ * @exception returns -4 if public key is the group generator.
*
- * @param p_point IN -- point to be checked.
+ * @note Note that you are not required to check for a valid public key before
+ * using any other uECC functions. However, you may wish to avoid spending CPU
+ * time computing a shared secret or verifying a signature using an invalid
+ * public key.
*/
-uint32_t EccPoint_isZero(EccPoint *p_point);
+int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve);
+
+ /*
+ * @brief Converts an integer in uECC native format to big-endian bytes.
+ * @param bytes OUT -- bytes representation
+ * @param num_bytes IN -- number of bytes
+ * @param native IN -- uECC native representation
+ */
+void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes,
+ const unsigned int *native);
/*
- * @brief Check if point in Jacobi coordinates is zero.
- * @return Returns 1 if p_point_jacobi is the point at infinity, 0 otherwise.
- *
- * @param p_point IN -- point to be checked.
+ * @brief Converts big-endian bytes to an integer in uECC native format.
+ * @param native OUT -- uECC native representation
+ * @param bytes IN -- bytes representation
+ * @param num_bytes IN -- number of bytes
*/
-uint32_t EccPointJacobi_isZero(EccPointJacobi *p_point_jacobi);
-
-/*
- * @brief Conversion from Jacobi coordinates to Affine coordinates.
- *
- * @param p_point OUT -- point in Affine coordinates.
- * @param p_point_jacobi OUT -- point in Jacobi coordinates.
- */
-void EccPoint_toAffine(EccPoint *p_point, EccPointJacobi *p_point_jacobi);
-
-/*
- * @brief Elliptic curve point addition in Jacobi coordinates: P1 = P1 + P2.
- *
- * @param P1 IN/OUT -- P1 in P1 = P1 + P2.
- * @param P2 IN -- P2 in P1 = P1 + P2.
- */
-void EccPoint_add(EccPointJacobi *P1, EccPointJacobi *P2);
-
-/*
- * @brief Elliptic curve scalar multiplication with result in Jacobi coordinates
- *
- * @param p_result OUT -- Product of p_point by p_scalar.
- * @param p_point IN -- Elliptic curve point
- * @param p_scalar IN -- Scalar integer
- * @note Side-channel countermeasure: algorithm strengthened against timing
- * attack.
- */
-void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point,
- uint32_t *p_scalar);
-
-/*
- * @brief Fast elliptic curve scalar multiplication with result in Jacobi
- * coordinates
- * @note non constant time
- * @param p_result OUT -- Product of p_point by p_scalar.
- * @param p_point IN -- Elliptic curve point
- * @param p_scalar IN -- Scalar integer
- * @note algorithm NOT strengthened against timing attack.
- */
-void EccPoint_mult_unsafe(
- EccPointJacobi *p_result,
- EccPoint *p_point,
- uint32_t *p_scalar);
-
-/*
- * @brief Convert an integer in standard octet representation to native format.
- * @return returns TC_CRYPTO_SUCCESS (1)
- * returns TC_CRYPTO_FAIL (0) if:
- * out == NULL or
- * c == NULL or
- * ((plen > 0) and (payload == NULL)) or
- * ((alen > 0) and (associated_data == NULL)) or
- * (alen >= TC_CCM_AAD_MAX_BYTES) or
- * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
- *
- * @param p_native OUT -- will be filled in with the native integer value.
- * @param p_bytes IN -- standard octet representation of the integer to convert.
- *
- */
-void ecc_bytes2native(uint32_t p_native[NUM_ECC_DIGITS],
- uint8_t p_bytes[NUM_ECC_DIGITS*4]);
-
-
-/*
- * @brief Convert an integer in native format to standard octet representation.
- * @return returns TC_CRYPTO_SUCCESS (1)
- * returns TC_CRYPTO_FAIL (0) if:
- * out == NULL or
- * c == NULL or
- * ((plen > 0) and (payload == NULL)) or
- * ((alen > 0) and (associated_data == NULL)) or
- * (alen >= TC_CCM_AAD_MAX_BYTES) or
- * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
- *
- * @param p_bytes OUT -- will be filled in with the standard octet
- * representation of the integer.
- * @param p_native IN -- native integer value to convert.
- *
- */
-void ecc_native2bytes(uint8_t p_bytes[NUM_ECC_DIGITS*4],
- uint32_t p_native[NUM_ECC_DIGITS]);
+void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes,
+ int num_bytes);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_UECC_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h b/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
index 778fee2..b828e19 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
@@ -1,10 +1,8 @@
/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */
/*
- * =============================================================================
- * Copyright (c) 2013, Kenneth MacKay
+ * Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
- * https://github.com/kmackay/micro-ecc
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -27,9 +25,9 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
- *
- * =============================================================================
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ */
+
+/* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -66,7 +64,6 @@
* uses curve NIST p-256.
*
* Security: The curve NIST p-256 provides approximately 128 bits of security.
- *
*/
#ifndef __TC_ECC_DH_H__
@@ -80,63 +77,55 @@
/**
* @brief Create a public/private key pair.
- * @return returns TC_CRYPTO_SUCCESS (1) if key pair was generated successfully
- * returns TC_CRYPTO_FAIL (0) if:
- * the private key is 0
+ * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully
+ * returns TC_CRYPTO_FAIL (0) if error while generating key pair
*
- * @param p_publicKey OUT -- the point representing the public key.
- * @param p_privateKey OUT -- the private key.
- * @param p_random IN -- The random number to use to generate the key pair.
- *
- * @note You must use a new non-predictable random number to generate each
- * new key pair.
- * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate
- * bias in keys.
+ * @param p_public_key OUT -- Will be filled in with the public key. Must be at
+ * least 2 * the curve size (in bytes) long. For curve secp256r1, p_public_key
+ * must be 64 bytes long.
+ * @param p_private_key OUT -- Will be filled in with the private key. Must be as
+ * long as the curve order (for secp256r1, p_private_key must be 32 bytes long).
*
* @note side-channel countermeasure: algorithm strengthened against timing
* attack.
+ * @warning A cryptographically-secure PRNG function must be set (using
+ * uECC_set_rng()) before calling uECC_make_key().
*/
-int32_t ecc_make_key(EccPoint *p_publicKey,
- uint32_t p_privateKey[NUM_ECC_DIGITS],
- uint32_t p_random[2 * NUM_ECC_DIGITS]);
+int uECC_make_key(uint8_t *p_public_key, uint8_t *p_private_key, uECC_Curve curve);
+
+#ifdef ENABLE_TESTS
/**
- * @brief Determine whether or not a given point is on the chosen elliptic curve
- * (ie, is a valid public key).
- * @return returns 0 if the given point is valid
- * returns -1 if: the point is zero
- * returns -2 if: curve_p - p_publicKey->x != 1 or
- * curve_p - p_publicKey->y != 1
- * returns -3 if: y^2 != x^3 + ax + b
- * returns -4 if: public key is the group generator
+ * @brief Create a public/private key pair given a specific d.
*
- * @param p_publicKey IN -- The point to be checked.
+ * @note THIS FUNCTION SHOULD BE CALLED ONLY FOR TEST PURPOSES. Refer to
+ * uECC_make_key() function for real applications.
*/
-int32_t ecc_valid_public_key(EccPoint *p_publicKey);
+int uECC_make_key_with_d(uint8_t *p_public_key, uint8_t *p_private_key,
+ unsigned int *d, uECC_Curve curve);
+#endif
/**
* @brief Compute a shared secret given your secret key and someone else's
* public key.
- * @return returns TC_CRYPTO_SUCCESS (1) if the secret was computed successfully
+ * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully
* returns TC_CRYPTO_FAIL (0) otherwise
*
- * @param p_secret OUT -- The shared secret value.
- * @param p_publicKey IN -- The public key of the remote party.
- * @param p_privateKey IN -- Your private key.
+ * @param p_secret OUT -- Will be filled in with the shared secret value. Must be
+ * the same size as the curve size (for curve secp256r1, secret must be 32 bytes
+ * long.
+ * @param p_public_key IN -- The public key of the remote party.
+ * @param p_private_key IN -- Your private key.
*
- * @note Optionally, you can provide a random multiplier for resistance to DPA
- * attacks. The random multiplier should probably be different for each
- * invocation of ecdh_shared_secret().
- *
- * @warning It is recommended to use the output of ecdh_shared_secret() as the
+ * @warning It is recommended to use the output of uECC_shared_secret() as the
* input of a recommended Key Derivation Function (see NIST SP 800-108) in
- * order to produce a symmetric key.
+ * order to produce a cryptographically secure symmetric key.
*/
-int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS], EccPoint *p_publicKey,
- uint32_t p_privateKey[NUM_ECC_DIGITS]);
+int uECC_shared_secret(const uint8_t *p_public_key, const uint8_t *p_private_key,
+ uint8_t *p_secret, uECC_Curve curve);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_ECC_DH_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h b/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
index a037fa5..aca00bc 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
@@ -1,10 +1,8 @@
/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */
/*
- * =============================================================================
- * Copyright (c) 2013, Kenneth MacKay
+ * Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
- * https://github.com/kmackay/micro-ecc
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -27,9 +25,10 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
- *
- * =============================================================================
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ */
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -87,49 +86,54 @@
/**
* @brief Generate an ECDSA signature for a given hash value.
- * @return returns TC_CRYPTO_SUCCESS (1) if the the signature generated successfully
- * returns TC_CRYPTO_FAIL (0) if:
- * r == 0 or
- * p_random == 0
+ * @return returns TC_CRYPTO_SUCCESS (1) if the signature generated successfully
+ * returns TC_CRYPTO_FAIL (0) if an error occurred.
*
- * @param r OUT -- to be filled with the signature values.
- * @param s OUT -- to be filled with the signature values.
- * @param p_privateKey IN -- Your private key.
- * @param p_random IN -- The random number to use in generating ephemeral DSA
- * keys.
- * @param p_hash IN -- The message hash to sign.
+ * @param p_private_key IN -- Your private key.
+ * @param p_message_hash IN -- The hash of the message to sign.
+ * @param p_hash_size IN -- The size of p_message_hash in bytes.
+ * @param p_signature OUT -- Will be filled in with the signature value. Must be
+ * at least 2 * curve size long (for secp256r1, signature must be 64 bytes long).
*
- * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate
- * bias in keys.
- *
+ * @warning A cryptographically-secure PRNG function must be set (using
+ * uECC_set_rng()) before calling uECC_sign().
+ * @note Usage: Compute a hash of the data you wish to sign (SHA-2 is
+ * recommended) and pass it in to this function along with your private key.
* @note side-channel countermeasure: algorithm strengthened against timing
* attack.
*/
-int32_t ecdsa_sign(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
- uint32_t p_privateKey[NUM_ECC_DIGITS], uint32_t p_random[NUM_ECC_DIGITS * 2],
- uint32_t p_hash[NUM_ECC_DIGITS]);
+int uECC_sign(const uint8_t *p_private_key, const uint8_t *p_message_hash,
+ unsigned p_hash_size, uint8_t *p_signature, uECC_Curve curve);
+#ifdef ENABLE_TESTS
+/*
+ * THIS FUNCTION SHOULD BE CALLED FOR TEST PURPOSES ONLY.
+ * Refer to uECC_sign() function for real applications.
+ */
+int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned int hash_size, uECC_word_t *k, uint8_t *signature,
+ uECC_Curve curve);
+#endif
/**
* @brief Verify an ECDSA signature.
- * @return returns TC_CRYPTO_SUCCESS (1) if the the signature generated successfully
- * returns TC_CRYPTO_FAIL (0) if:
- * r == 0 or
- * p_random == 0
+ * @return returns TC_SUCCESS (1) if the signature is valid
+ * returns TC_FAIL (0) if the signature is invalid.
*
- * @param p_publicKey IN -- The signer's public key.
- * @param p_hash IN -- The hash of the signed data.
- * @param r IN -- The signature values.
- * @param s IN -- The signature values.
+ * @param p_public_key IN -- The signer's public key.
+ * @param p_message_hash IN -- The hash of the signed data.
+ * @param p_hash_size IN -- The size of p_message_hash in bytes.
+ * @param p_signature IN -- The signature values.
*
- * @note side-channel countermeasure: algorithm strengthened against timing
- * attack.
+ * @note Usage: Compute the hash of the signed data using the same hash as the
+ * signer and pass it to this function along with the signer's public key and
+ * the signature values (hash_size and signature).
*/
-int32_t ecdsa_verify(EccPoint *p_publicKey, uint32_t p_hash[NUM_ECC_DIGITS],
- uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS]);
+int uECC_verify(const uint8_t *p_public_key, const uint8_t *p_message_hash,
+ unsigned int p_hash_size, const uint8_t *p_signature, uECC_Curve curve);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_ECC_DSA_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc_platform_specific.h b/ext/tinycrypt/lib/include/tinycrypt/ecc_platform_specific.h
new file mode 100644
index 0000000..e2c8823
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc_platform_specific.h
@@ -0,0 +1,81 @@
+/* uECC_platform_specific.h - Interface to platform specific functions*/
+
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * uECC_platform_specific.h -- Interface to platform specific functions
+ */
+
+#ifndef __UECC_PLATFORM_SPECIFIC_H_
+#define __UECC_PLATFORM_SPECIFIC_H_
+
+/*
+ * The RNG function should fill 'size' random bytes into 'dest'. It should
+ * return 1 if 'dest' was filled with random data, or 0 if the random data could
+ * not be generated. The filled-in values should be either truly random, or from
+ * a cryptographically-secure PRNG.
+ *
+ * A cryptographically-secure PRNG function must be set (using uECC_set_rng())
+ * before calling uECC_make_key() or uECC_sign().
+ *
+ * Setting a cryptographically-secure PRNG function improves the resistance to
+ * side-channel attacks for uECC_shared_secret().
+ *
+ * A correct PRNG function is set by default (default_RNG_defined = 1) and works
+ * for some platforms, such as Unix and Linux. For other platforms, you may need
+ * to provide another PRNG function.
+*/
+#define default_RNG_defined 1
+
+int default_CSPRNG(uint8_t *dest, unsigned int size);
+
+#endif /* __UECC_PLATFORM_SPECIFIC_H_ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/hmac.h b/ext/tinycrypt/lib/include/tinycrypt/hmac.h
index 26f6cfe..3a08149 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/hmac.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/hmac.h
@@ -1,7 +1,7 @@
/* hmac.h - TinyCrypt interface to an HMAC implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -89,9 +89,8 @@
* @param key IN -- the HMAC key to configure
* @param key_size IN -- the HMAC key size
*/
-int32_t tc_hmac_set_key(TCHmacState_t ctx,
- const uint8_t *key,
- uint32_t key_size);
+int tc_hmac_set_key(TCHmacState_t ctx, const uint8_t *key,
+ unsigned int key_size);
/**
* @brief HMAC init procedure
@@ -100,7 +99,7 @@
* returns TC_CRYPTO_FAIL (0) if: ctx == NULL or key == NULL
* @param ctx IN/OUT -- struct tc_hmac_state_struct buffer to init
*/
-int32_t tc_hmac_init(TCHmacState_t ctx);
+int tc_hmac_init(TCHmacState_t ctx);
/**
* @brief HMAC update procedure
@@ -112,9 +111,8 @@
* @param data IN -- data to incorporate into state
* @param data_length IN -- size of data in bytes
*/
-int32_t tc_hmac_update(TCHmacState_t ctx,
- const void *data,
- uint32_t data_length);
+int tc_hmac_update(TCHmacState_t ctx, const void *data,
+ unsigned int data_length);
/**
* @brief HMAC final procedure
@@ -125,17 +123,17 @@
* ctx == NULL or
* key == NULL or
* taglen != TC_SHA256_DIGEST_SIZE
- * @note 'ctx' is erased before exiting (this must never be changed/removed).
+ * @note ctx is erased before exiting. This should never be changed/removed.
* @note Assumes the tag bufer is at least sizeof(hmac_tag_size(state)) bytes
* state has been initialized by tc_hmac_init
* @param tag IN/OUT -- buffer to receive computed HMAC tag
* @param taglen IN -- size of tag in bytes
* @param ctx IN/OUT -- the HMAC state for computing tag
*/
-int32_t tc_hmac_final(uint8_t *tag, uint32_t taglen, TCHmacState_t ctx);
+int tc_hmac_final(uint8_t *tag, unsigned int taglen, TCHmacState_t ctx);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /*__TC_HMAC_H__*/
diff --git a/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h b/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
index b631c2c..ad12cbb 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
@@ -1,7 +1,7 @@
/* hmac_prng.h - TinyCrypt interface to an HMAC-PRNG implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -85,7 +85,7 @@
/* PRNG state */
uint8_t v[TC_SHA256_DIGEST_SIZE];
/* calls to tc_hmac_prng_generate left before re-seed */
- uint32_t countdown;
+ unsigned int countdown;
};
typedef struct tc_hmac_prng_struct *TCHmacPrng_t;
@@ -112,15 +112,15 @@
* @param personalization IN -- personalization string
* @param plen IN -- personalization length in bytes
*/
-int32_t tc_hmac_prng_init(TCHmacPrng_t prng,
- const uint8_t *personalization,
- uint32_t plen);
+int tc_hmac_prng_init(TCHmacPrng_t prng,
+ const uint8_t *personalization,
+ unsigned int plen);
/**
* @brief HMAC-PRNG reseed procedure
* Mixes seed into prng, enables tc_hmac_prng_generate
* @return returns TC_CRYPTO_SUCCESS (1)
- * returns TC_CRYPTO_FAIL (0) if:
+ * returns TC_CRYPTO_FAIL (0) if:
* prng == NULL,
* seed == NULL,
* seedlen < MIN_SLEN,
@@ -136,16 +136,16 @@
* @param additional_input IN -- additional input to the prng
* @param additionallen IN -- additional input length in bytes
*/
-int32_t tc_hmac_prng_reseed(TCHmacPrng_t prng, const uint8_t *seed,
- uint32_t seedlen, const uint8_t *additional_input,
- uint32_t additionallen);
+int tc_hmac_prng_reseed(TCHmacPrng_t prng, const uint8_t *seed,
+ unsigned int seedlen, const uint8_t *additional_input,
+ unsigned int additionallen);
/**
* @brief HMAC-PRNG generate procedure
* Generates outlen pseudo-random bytes into out buffer, updates prng
* @return returns TC_CRYPTO_SUCCESS (1)
* returns TC_HMAC_PRNG_RESEED_REQ (-1) if a reseed is needed
- * returns TC_CRYPTO_FAIL (0) if:
+ * returns TC_CRYPTO_FAIL (0) if:
* out == NULL,
* prng == NULL,
* outlen == 0,
@@ -155,10 +155,10 @@
* @param outlen IN -- size of out buffer in bytes
* @param prng IN/OUT -- the PRNG state
*/
-int32_t tc_hmac_prng_generate(uint8_t *out, uint32_t outlen, TCHmacPrng_t prng);
+int tc_hmac_prng_generate(uint8_t *out, unsigned int outlen, TCHmacPrng_t prng);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_HMAC_PRNG_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/sha256.h b/ext/tinycrypt/lib/include/tinycrypt/sha256.h
index d1e1f61..af5e8ba 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/sha256.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/sha256.h
@@ -1,7 +1,7 @@
/* sha256.h - TinyCrypt interface to a SHA-256 implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -69,7 +69,7 @@
#define TC_SHA256_STATE_BLOCKS (TC_SHA256_DIGEST_SIZE/4)
struct tc_sha256_state_struct {
- uint32_t iv[TC_SHA256_STATE_BLOCKS];
+ unsigned int iv[TC_SHA256_STATE_BLOCKS];
uint64_t bits_hashed;
uint8_t leftover[TC_SHA256_BLOCK_SIZE];
size_t leftover_offset;
@@ -84,7 +84,7 @@
* returns TC_CRYPTO_FAIL (0) if s == NULL
* @param s Sha256 state struct
*/
-int32_t tc_sha256_init(TCSha256State_t s);
+int tc_sha256_init(TCSha256State_t s);
/**
* @brief SHA256 update procedure
@@ -102,9 +102,7 @@
* @param data message to hash
* @param datalen length of message to hash
*/
-int32_t tc_sha256_update(TCSha256State_t s,
- const uint8_t *data,
- size_t datalen);
+int tc_sha256_update (TCSha256State_t s, const uint8_t *data, size_t datalen);
/**
* @brief SHA256 final procedure
@@ -122,10 +120,10 @@
* @param digest unsigned eight bit integer
* @param Sha256 state struct
*/
-int32_t tc_sha256_final(uint8_t *digest, TCSha256State_t s);
+int tc_sha256_final(uint8_t *digest, TCSha256State_t s);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_SHA256_H__ */
diff --git a/ext/tinycrypt/lib/include/tinycrypt/utils.h b/ext/tinycrypt/lib/include/tinycrypt/utils.h
index 429934e..bab5c32 100644
--- a/ext/tinycrypt/lib/include/tinycrypt/utils.h
+++ b/ext/tinycrypt/lib/include/tinycrypt/utils.h
@@ -1,7 +1,7 @@
/* utils.h - TinyCrypt interface to platform-dependent run-time operations */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -57,8 +57,8 @@
* @param from IN -- origin buffer
* @param from_len IN -- length of origin buffer
*/
-uint32_t _copy(uint8_t *to, uint32_t to_len,
- const uint8_t *from, uint32_t from_len);
+unsigned int _copy(uint8_t *to, unsigned int to_len,
+ const uint8_t *from, unsigned int from_len);
/**
* @brief Set the value 'val' into the buffer 'to', 'len' times.
@@ -67,7 +67,7 @@
* @param val IN -- value to be set in 'to'
* @param len IN -- number of times the value will be copied
*/
-void _set(void *to, uint8_t val, uint32_t len);
+void _set(void *to, uint8_t val, unsigned int len);
/*
* @brief AES specific doubling function, which utilizes
@@ -86,10 +86,10 @@
* @param b IN -- sequence of bytes b
* @param size IN -- size of sequences a and b
*/
-int32_t _compare(const uint8_t *a, const uint8_t *b, size_t size);
+int _compare(const uint8_t *a, const uint8_t *b, size_t size);
#ifdef __cplusplus
}
#endif
-#endif
+#endif /* __TC_UTILS_H__ */
diff --git a/ext/tinycrypt/lib/source/Makefile b/ext/tinycrypt/lib/source/Makefile
deleted file mode 100644
index b61b05c..0000000
--- a/ext/tinycrypt/lib/source/Makefile
+++ /dev/null
@@ -1,4 +0,0 @@
-# Zephyr makefile.
-# subdir-ccflags-y += -I$(PROJECT)/ext/tinycrypt/lib/include
-
-obj-y += ecc.o ecc_dsa.o sha256.o utils.o
diff --git a/ext/tinycrypt/lib/source/Makefile.inc b/ext/tinycrypt/lib/source/Makefile.inc
deleted file mode 100644
index ebb101a..0000000
--- a/ext/tinycrypt/lib/source/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-# vim: ft=make
-
-subdir-ccflags-$(NEED_TINYCRYPT) += -I$(PROJECT)/ext/tinycrypt/lib/include
diff --git a/ext/tinycrypt/lib/source/aes_decrypt.c b/ext/tinycrypt/lib/source/aes_decrypt.c
index 2e4e3bc..993a618 100644
--- a/ext/tinycrypt/lib/source/aes_decrypt.c
+++ b/ext/tinycrypt/lib/source/aes_decrypt.c
@@ -1,7 +1,7 @@
/* aes_decrypt.c - TinyCrypt implementation of AES decryption procedure */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,8 +34,6 @@
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
-#define ZERO_BYTE 0x00
-
static const uint8_t inv_sbox[256] = {
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -61,7 +59,7 @@
0x55, 0x21, 0x0c, 0x7d
};
-int32_t tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k)
+int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k)
{
return tc_aes128_set_encrypt_key(s, k);
}
@@ -91,7 +89,7 @@
(void)_copy(s, sizeof(t), t, sizeof(t));
}
-static inline void add_round_key(uint8_t *s, const uint32_t *k)
+static inline void add_round_key(uint8_t *s, const unsigned int *k)
{
s[0] ^= (uint8_t)(k[0] >> 24); s[1] ^= (uint8_t)(k[0] >> 16);
s[2] ^= (uint8_t)(k[0] >> 8); s[3] ^= (uint8_t)(k[0]);
@@ -105,7 +103,7 @@
static inline void inv_sub_bytes(uint8_t *s)
{
- uint32_t i;
+ unsigned int i;
for (i = 0; i < (Nb*Nk); ++i) {
s[i] = inv_sbox[s[i]];
@@ -128,10 +126,10 @@
(void)_copy(s, sizeof(t), t, sizeof(t));
}
-int32_t tc_aes_decrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
+int tc_aes_decrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
{
uint8_t state[Nk*Nb];
- uint32_t i;
+ unsigned int i;
if (out == (uint8_t *) 0) {
return TC_CRYPTO_FAIL;
@@ -145,7 +143,7 @@
add_round_key(state, s->words + Nb*Nr);
- for (i = Nr-1; i > 0; --i) {
+ for (i = Nr - 1; i > 0; --i) {
inv_shift_rows(state);
inv_sub_bytes(state);
add_round_key(state, s->words + Nb*i);
@@ -157,8 +155,10 @@
add_round_key(state, s->words);
(void)_copy(out, sizeof(state), state, sizeof(state));
- /*zeroing out one byte state buffer */
- _set(state, ZERO_BYTE, sizeof(state));
+
+ /*zeroing out the state buffer */
+ _set(state, TC_ZERO_BYTE, sizeof(state));
+
return TC_CRYPTO_SUCCESS;
}
diff --git a/ext/tinycrypt/lib/source/aes_encrypt.c b/ext/tinycrypt/lib/source/aes_encrypt.c
index 6bc73a5..8991aee 100644
--- a/ext/tinycrypt/lib/source/aes_encrypt.c
+++ b/ext/tinycrypt/lib/source/aes_encrypt.c
@@ -1,7 +1,7 @@
/* aes_encrypt.c - TinyCrypt implementation of AES encryption procedure */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -59,7 +59,7 @@
0xb0, 0x54, 0xbb, 0x16
};
-static inline uint32_t rotword(uint32_t a)
+static inline unsigned int rotword(unsigned int a)
{
return (((a) >> 24)|((a) << 8));
}
@@ -67,14 +67,14 @@
#define subbyte(a, o)(sbox[((a) >> (o))&0xff] << (o))
#define subword(a)(subbyte(a, 24)|subbyte(a, 16)|subbyte(a, 8)|subbyte(a, 0))
-int32_t tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k)
+int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k)
{
- const uint32_t rconst[11] = {
- 0x00000000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
- 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
+ const unsigned int rconst[11] = {
+ 0x00000000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
+ 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
};
- uint32_t i;
- uint32_t t;
+ unsigned int i;
+ unsigned int t;
if (s == (TCAesKeySched_t) 0) {
return TC_CRYPTO_FAIL;
@@ -87,7 +87,7 @@
(k[Nb*i+2]<<8) | (k[Nb*i+3]);
}
- for (; i < (Nb*(Nr+1)); ++i) {
+ for (; i < (Nb * (Nr + 1)); ++i) {
t = s->words[i-1];
if ((i % Nk) == 0) {
t = subword(rotword(t)) ^ rconst[i/Nk];
@@ -98,7 +98,7 @@
return TC_CRYPTO_SUCCESS;
}
-static inline void add_round_key(uint8_t *s, const uint32_t *k)
+static inline void add_round_key(uint8_t *s, const unsigned int *k)
{
s[0] ^= (uint8_t)(k[0] >> 24); s[1] ^= (uint8_t)(k[0] >> 16);
s[2] ^= (uint8_t)(k[0] >> 8); s[3] ^= (uint8_t)(k[0]);
@@ -112,9 +112,9 @@
static inline void sub_bytes(uint8_t *s)
{
- uint32_t i;
+ unsigned int i;
- for (i = 0; i < (Nb*Nk); ++i) {
+ for (i = 0; i < (Nb * Nk); ++i) {
s[i] = sbox[s[i]];
}
}
@@ -135,8 +135,8 @@
mult_row_column(t, s);
mult_row_column(&t[Nb], s+Nb);
- mult_row_column(&t[2*Nb], s+(2*Nb));
- mult_row_column(&t[3*Nb], s+(3*Nb));
+ mult_row_column(&t[2 * Nb], s + (2 * Nb));
+ mult_row_column(&t[3 * Nb], s + (3 * Nb));
(void) _copy(s, sizeof(t), t, sizeof(t));
}
@@ -146,7 +146,7 @@
*/
static inline void shift_rows(uint8_t *s)
{
- uint8_t t[Nb*Nk];
+ uint8_t t[Nb * Nk];
t[0] = s[0]; t[1] = s[5]; t[2] = s[10]; t[3] = s[15];
t[4] = s[4]; t[5] = s[9]; t[6] = s[14]; t[7] = s[3];
@@ -155,10 +155,10 @@
(void) _copy(s, sizeof(t), t, sizeof(t));
}
-int32_t tc_aes_encrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
+int tc_aes_encrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
{
uint8_t state[Nk*Nb];
- uint32_t i;
+ unsigned int i;
if (out == (uint8_t *) 0) {
return TC_CRYPTO_FAIL;
@@ -171,7 +171,7 @@
(void)_copy(state, sizeof(state), in, sizeof(state));
add_round_key(state, s->words);
- for (i = 0; i < (Nr-1); ++i) {
+ for (i = 0; i < (Nr - 1); ++i) {
sub_bytes(state);
shift_rows(state);
mix_columns(state);
diff --git a/ext/tinycrypt/lib/source/cbc_mode.c b/ext/tinycrypt/lib/source/cbc_mode.c
index 8163e0d..62d7879 100644
--- a/ext/tinycrypt/lib/source/cbc_mode.c
+++ b/ext/tinycrypt/lib/source/cbc_mode.c
@@ -1,7 +1,7 @@
/* cbc_mode.c - TinyCrypt implementation of CBC mode encryption & decryption */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,13 +34,13 @@
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
-int32_t tc_cbc_mode_encrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, const uint8_t *iv,
+int tc_cbc_mode_encrypt(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, const uint8_t *iv,
const TCAesKeySched_t sched)
{
uint8_t buffer[TC_AES_BLOCK_SIZE];
- uint32_t n, m;
+ unsigned int n, m;
/* input sanity check: */
if (out == (uint8_t *) 0 ||
@@ -74,13 +74,14 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_cbc_mode_decrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, const uint8_t *iv,
+int tc_cbc_mode_decrypt(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, const uint8_t *iv,
const TCAesKeySched_t sched)
{
+
uint8_t buffer[TC_AES_BLOCK_SIZE];
const uint8_t *p;
- uint32_t n, m;
+ unsigned int n, m;
/* sanity check the inputs */
if (out == (uint8_t *) 0 ||
diff --git a/ext/tinycrypt/lib/source/ccm_mode.c b/ext/tinycrypt/lib/source/ccm_mode.c
index 7b6d485..929adac 100644
--- a/ext/tinycrypt/lib/source/ccm_mode.c
+++ b/ext/tinycrypt/lib/source/ccm_mode.c
@@ -1,7 +1,7 @@
/* ccm_mode.c - TinyCrypt implementation of CCM mode */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -36,8 +36,8 @@
#include <stdio.h>
-int32_t tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
- uint32_t nlen, uint32_t mlen)
+int tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
+ unsigned int nlen, unsigned int mlen)
{
/* input sanity check: */
@@ -61,11 +61,11 @@
/**
* Variation of CBC-MAC mode used in CCM.
*/
-static void ccm_cbc_mac(uint8_t *T, const uint8_t *data, uint32_t dlen,
- uint32_t flag, TCAesKeySched_t sched)
+static void ccm_cbc_mac(uint8_t *T, const uint8_t *data, unsigned int dlen,
+ unsigned int flag, TCAesKeySched_t sched)
{
- uint32_t i;
+ unsigned int i;
if (flag > 0) {
T[0] ^= (uint8_t)(dlen >> 8);
@@ -90,14 +90,14 @@
* encryption). Besides, it is assumed that the counter is stored in the last
* 2 bytes of the nonce.
*/
-static int32_t ccm_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched)
+static int ccm_ctr_mode(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, uint8_t *ctr, const TCAesKeySched_t sched)
{
uint8_t buffer[TC_AES_BLOCK_SIZE];
uint8_t nonce[TC_AES_BLOCK_SIZE];
uint16_t block_num;
- uint32_t i;
+ unsigned int i;
/* input sanity check: */
if (out == (uint8_t *) 0 ||
@@ -134,23 +134,26 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_ccm_generation_encryption(uint8_t *out, const uint8_t *associated_data,
- uint32_t alen, const uint8_t *payload,
- uint32_t plen, TCCcmMode_t c)
+int tc_ccm_generation_encryption(uint8_t *out, unsigned int olen,
+ const uint8_t *associated_data,
+ unsigned int alen, const uint8_t *payload,
+ unsigned int plen, TCCcmMode_t c)
{
+
/* input sanity check: */
if ((out == (uint8_t *) 0) ||
- (c == (TCCcmMode_t) 0) ||
- ((plen > 0) && (payload == (uint8_t *) 0)) ||
- ((alen > 0) && (associated_data == (uint8_t *) 0)) ||
- (alen >= TC_CCM_AAD_MAX_BYTES) || /* associated data size unsupported */
- (plen >= TC_CCM_PAYLOAD_MAX_BYTES)) { /* payload size unsupported */
+ (c == (TCCcmMode_t) 0) ||
+ ((plen > 0) && (payload == (uint8_t *) 0)) ||
+ ((alen > 0) && (associated_data == (uint8_t *) 0)) ||
+ (alen >= TC_CCM_AAD_MAX_BYTES) || /* associated data size unsupported */
+ (plen >= TC_CCM_PAYLOAD_MAX_BYTES) || /* payload size unsupported */
+ (olen < (plen + c->mlen))) { /* invalid output buffer size */
return TC_CRYPTO_FAIL;
}
uint8_t b[Nb * Nk];
uint8_t tag[Nb * Nk];
- uint32_t i;
+ unsigned int i;
/* GENERATING THE AUTHENTICATION TAG: */
@@ -192,23 +195,26 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_ccm_decryption_verification(uint8_t *out, const uint8_t *associated_data,
- uint32_t alen, const uint8_t *payload,
- uint32_t plen, TCCcmMode_t c)
-{
+int tc_ccm_decryption_verification(uint8_t *out, unsigned int olen,
+ const uint8_t *associated_data,
+ unsigned int alen, const uint8_t *payload,
+ unsigned int plen, TCCcmMode_t c)
+{
+
/* input sanity check: */
- if ((out == (uint8_t *) 0) ||
+ if ((out == (uint8_t *) 0) ||
(c == (TCCcmMode_t) 0) ||
((plen > 0) && (payload == (uint8_t *) 0)) ||
((alen > 0) && (associated_data == (uint8_t *) 0)) ||
(alen >= TC_CCM_AAD_MAX_BYTES) || /* associated data size unsupported */
- (plen >= TC_CCM_PAYLOAD_MAX_BYTES)) { /* payload size unsupported */
+ (plen >= TC_CCM_PAYLOAD_MAX_BYTES) || /* payload size unsupported */
+ (olen < plen - c->mlen)) { /* invalid output buffer size */
return TC_CRYPTO_FAIL;
- }
+ }
uint8_t b[Nb * Nk];
uint8_t tag[Nb * Nk];
- uint32_t i;
+ unsigned int i;
/* DECRYPTION: */
@@ -250,11 +256,11 @@
}
/* comparing the received tag and the computed one: */
- if (_compare(b, tag, c->mlen) != 0) {
+ if (_compare(b, tag, c->mlen) == 0) {
+ return TC_CRYPTO_SUCCESS;
+ } else {
/* erase the decrypted buffer in case of mac validation failure: */
- _set(out, 0, sizeof(*out));
+ _set(out, 0, plen - c->mlen);
return TC_CRYPTO_FAIL;
}
-
- return TC_CRYPTO_SUCCESS;
}
diff --git a/ext/tinycrypt/lib/source/cmac_mode.c b/ext/tinycrypt/lib/source/cmac_mode.c
index 3b31c3e..96d147e 100644
--- a/ext/tinycrypt/lib/source/cmac_mode.c
+++ b/ext/tinycrypt/lib/source/cmac_mode.c
@@ -1,7 +1,7 @@
/* cmac_mode.c - TinyCrypt CMAC mode implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -36,7 +36,7 @@
#include <tinycrypt/utils.h>
/* max number of calls until change the key (2^48).*/
-static uint64_t MAX_CALLS = ((uint64_t)1 << 48);
+const static uint64_t MAX_CALLS = ((uint64_t)1 << 48);
/*
* gf_wrap -- In our implementation, GF(2^128) is represented as a 16 byte
@@ -94,7 +94,7 @@
}
}
-int32_t tc_cmac_setup(TCCmacState_t s, const uint8_t *key, TCAesKeySched_t sched)
+int tc_cmac_setup(TCCmacState_t s, const uint8_t *key, TCAesKeySched_t sched)
{
/* input sanity check: */
@@ -122,7 +122,7 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_cmac_erase(TCCmacState_t s)
+int tc_cmac_erase(TCCmacState_t s)
{
if (s == (TCCmacState_t) 0) {
return TC_CRYPTO_FAIL;
@@ -134,7 +134,7 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_cmac_init(TCCmacState_t s)
+int tc_cmac_init(TCCmacState_t s)
{
/* input sanity check: */
if (s == (TCCmacState_t) 0) {
@@ -154,9 +154,9 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t data_length)
+int tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t data_length)
{
- uint32_t i;
+ unsigned int i;
/* input sanity check: */
if (s == (TCCmacState_t) 0) {
@@ -219,10 +219,10 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_cmac_final(uint8_t *tag, TCCmacState_t s)
+int tc_cmac_final(uint8_t *tag, TCCmacState_t s)
{
uint8_t *k;
- uint32_t i;
+ unsigned int i;
/* input sanity check: */
if (tag == (uint8_t *) 0 ||
diff --git a/ext/tinycrypt/lib/source/ctr_mode.c b/ext/tinycrypt/lib/source/ctr_mode.c
index 7ba53d0..1dfb92d 100644
--- a/ext/tinycrypt/lib/source/ctr_mode.c
+++ b/ext/tinycrypt/lib/source/ctr_mode.c
@@ -1,7 +1,7 @@
/* ctr_mode.c - TinyCrypt CTR mode implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,14 +34,14 @@
#include <tinycrypt/ctr_mode.h>
#include <tinycrypt/utils.h>
-int32_t tc_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
- uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched)
+int tc_ctr_mode(uint8_t *out, unsigned int outlen, const uint8_t *in,
+ unsigned int inlen, uint8_t *ctr, const TCAesKeySched_t sched)
{
uint8_t buffer[TC_AES_BLOCK_SIZE];
uint8_t nonce[TC_AES_BLOCK_SIZE];
- uint32_t block_num;
- uint32_t i;
+ unsigned int block_num;
+ unsigned int i;
/* input sanity check: */
if (out == (uint8_t *) 0 ||
diff --git a/ext/tinycrypt/lib/source/ctr_prng.c b/ext/tinycrypt/lib/source/ctr_prng.c
index bac81d8..cac2cc4 100644
--- a/ext/tinycrypt/lib/source/ctr_prng.c
+++ b/ext/tinycrypt/lib/source/ctr_prng.c
@@ -50,15 +50,12 @@
* @param arr IN/OUT -- array to be incremented
* @param len IN -- size of arr in bytes
*/
-static void arrInc(uint8_t arr[], uint32_t len)
+static void arrInc(uint8_t arr[], unsigned int len)
{
- uint32_t i;
- if (0 != arr)
- {
- for (i = len; i > 0U; i--)
- {
- if (++arr[i-1] != 0U)
- {
+ unsigned int i;
+ if (0 != arr) {
+ for (i = len; i > 0U; i--) {
+ if (++arr[i-1] != 0U) {
break;
}
}
@@ -76,24 +73,21 @@
*/
static void tc_ctr_prng_update(TCCtrPrng_t * const ctx, uint8_t const * const providedData)
{
- if (0 != ctx)
- {
+ if (0 != ctx) {
/* 10.2.1.2 step 1 */
uint8_t temp[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
- uint32_t len = 0U;
+ unsigned int len = 0U;
/* 10.2.1.2 step 2 */
- while (len < sizeof temp)
- {
- uint32_t blocklen = sizeof(temp) - len;
+ while (len < sizeof temp) {
+ unsigned int blocklen = sizeof(temp) - len;
uint8_t output_block[TC_AES_BLOCK_SIZE];
/* 10.2.1.2 step 2.1 */
arrInc(ctx->V, sizeof ctx->V);
/* 10.2.1.2 step 2.2 */
- if (blocklen > TC_AES_BLOCK_SIZE)
- {
+ if (blocklen > TC_AES_BLOCK_SIZE) {
blocklen = TC_AES_BLOCK_SIZE;
}
(void)tc_aes_encrypt(output_block, ctx->V, &ctx->key);
@@ -105,11 +99,9 @@
}
/* 10.2.1.2 step 4 */
- if (0 != providedData)
- {
- uint32_t i;
- for (i = 0U; i < sizeof temp; i++)
- {
+ if (0 != providedData) {
+ unsigned int i;
+ for (i = 0U; i < sizeof temp; i++) {
temp[i] ^= providedData[i];
}
}
@@ -122,24 +114,22 @@
}
}
-int32_t tc_ctr_prng_init(TCCtrPrng_t * const ctx,
- uint8_t const * const entropy,
- uint32_t entropyLen,
- uint8_t const * const personalization,
- uint32_t pLen)
+int tc_ctr_prng_init(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ unsigned int entropyLen,
+ uint8_t const * const personalization,
+ unsigned int pLen)
{
- int32_t result = TC_CRYPTO_FAIL;
- uint32_t i;
+ int result = TC_CRYPTO_FAIL;
+ unsigned int i;
uint8_t personalization_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
uint8_t seed_material[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
uint8_t zeroArr[TC_AES_BLOCK_SIZE] = {0U};
- if (0 != personalization)
- {
+ if (0 != personalization) {
/* 10.2.1.3.1 step 1 */
- uint32_t len = pLen;
- if (len > sizeof personalization_buf)
- {
+ unsigned int len = pLen;
+ if (len > sizeof personalization_buf) {
len = sizeof personalization_buf;
}
@@ -147,12 +137,10 @@
memcpy(personalization_buf, personalization, len);
}
- if ((0 != ctx) && (0 != entropy) && (entropyLen >= sizeof seed_material))
- {
+ if ((0 != ctx) && (0 != entropy) && (entropyLen >= sizeof seed_material)) {
/* 10.2.1.3.1 step 3 */
memcpy(seed_material, entropy, sizeof seed_material);
- for (i = 0U; i < sizeof seed_material; i++)
- {
+ for (i = 0U; i < sizeof seed_material; i++) {
seed_material[i] ^= personalization_buf[i];
}
@@ -173,23 +161,21 @@
return result;
}
-int32_t tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
+int tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
uint8_t const * const entropy,
- uint32_t entropyLen,
+ unsigned int entropyLen,
uint8_t const * const additional_input,
- uint32_t additionallen)
+ unsigned int additionallen)
{
- uint32_t i;
- int32_t result = TC_CRYPTO_FAIL;
+ unsigned int i;
+ int result = TC_CRYPTO_FAIL;
uint8_t additional_input_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
uint8_t seed_material[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
- if (0 != additional_input)
- {
+ if (0 != additional_input) {
/* 10.2.1.4.1 step 1 */
- uint32_t len = additionallen;
- if (len > sizeof additional_input_buf)
- {
+ unsigned int len = additionallen;
+ if (len > sizeof additional_input_buf) {
len = sizeof additional_input_buf;
}
@@ -197,13 +183,11 @@
memcpy(additional_input_buf, additional_input, len);
}
- uint32_t seedlen = (uint32_t)TC_AES_KEY_SIZE + (uint32_t)TC_AES_BLOCK_SIZE;
- if ((0 != ctx) && (entropyLen >= seedlen))
- {
+ unsigned int seedlen = (unsigned int)TC_AES_KEY_SIZE + (unsigned int)TC_AES_BLOCK_SIZE;
+ if ((0 != ctx) && (entropyLen >= seedlen)) {
/* 10.2.1.4.1 step 3 */
memcpy(seed_material, entropy, sizeof seed_material);
- for (i = 0U; i < sizeof seed_material; i++)
- {
+ for (i = 0U; i < sizeof seed_material; i++) {
seed_material[i] ^= additional_input_buf[i];
}
@@ -218,36 +202,30 @@
return result;
}
-int32_t tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
+int tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
uint8_t const * const additional_input,
- uint32_t additionallen,
+ unsigned int additionallen,
uint8_t * const out,
- uint32_t outlen)
+ unsigned int outlen)
{
/* 2^48 - see section 10.2.1 */
static const uint64_t MAX_REQS_BEFORE_RESEED = 0x1000000000000ULL;
/* 2^19 bits - see section 10.2.1 */
- static const uint32_t MAX_BYTES_PER_REQ = 65536U;
+ static const unsigned int MAX_BYTES_PER_REQ = 65536U;
- int32_t result = TC_CRYPTO_FAIL;
+ unsigned int result = TC_CRYPTO_FAIL;
- if ((0 != ctx) && (0 != out) && (outlen < MAX_BYTES_PER_REQ))
- {
+ if ((0 != ctx) && (0 != out) && (outlen < MAX_BYTES_PER_REQ)) {
/* 10.2.1.5.1 step 1 */
- if (ctx->reseedCount > MAX_REQS_BEFORE_RESEED)
- {
+ if (ctx->reseedCount > MAX_REQS_BEFORE_RESEED) {
result = TC_CTR_PRNG_RESEED_REQ;
- }
- else
- {
+ } else {
uint8_t additional_input_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
- if (0 != additional_input)
- {
+ if (0 != additional_input) {
/* 10.2.1.5.1 step 2 */
- uint32_t len = additionallen;
- if (len > sizeof additional_input_buf)
- {
+ unsigned int len = additionallen;
+ if (len > sizeof additional_input_buf) {
len = sizeof additional_input_buf;
}
memcpy(additional_input_buf, additional_input, len);
@@ -257,10 +235,9 @@
/* 10.2.1.5.1 step 3 - implicit */
/* 10.2.1.5.1 step 4 */
- uint32_t len = 0U;
- while (len < outlen)
- {
- uint32_t blocklen = outlen - len;
+ unsigned int len = 0U;
+ while (len < outlen) {
+ unsigned int blocklen = outlen - len;
uint8_t output_block[TC_AES_BLOCK_SIZE];
/* 10.2.1.5.1 step 4.1 */
@@ -270,8 +247,7 @@
(void)tc_aes_encrypt(output_block, ctx->V, &ctx->key);
/* 10.2.1.5.1 step 4.3/step 5 */
- if (blocklen > TC_AES_BLOCK_SIZE)
- {
+ if (blocklen > TC_AES_BLOCK_SIZE) {
blocklen = TC_AES_BLOCK_SIZE;
}
memcpy(&(out[len]), output_block, blocklen);
@@ -295,8 +271,7 @@
void tc_ctr_prng_uninstantiate(TCCtrPrng_t * const ctx)
{
- if (0 != ctx)
- {
+ if (0 != ctx) {
memset(ctx->key.words, 0x00, sizeof ctx->key.words);
memset(ctx->V, 0x00, sizeof ctx->V);
ctx->reseedCount = 0U;
diff --git a/ext/tinycrypt/lib/source/ecc.c b/ext/tinycrypt/lib/source/ecc.c
index bfe6c5f..46080bf 100644
--- a/ext/tinycrypt/lib/source/ecc.c
+++ b/ext/tinycrypt/lib/source/ecc.c
@@ -1,625 +1,942 @@
-/* ecc.c - TinyCrypt implementation of ECC auxiliary functions */
+/* ecc.c - TinyCrypt implementation of common ECC functions */
/*
- *
- * Copyright (c) 2013, Kenneth MacKay
- * All rights reserved.
- * https://github.com/kmackay/micro-ecc
- *
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * - Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * - Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * - Neither the name of Intel Corporation nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_platform_specific.h>
+#include <string.h>
-/* ------ Curve NIST P-256 constants: ------ */
+/* IMPORTANT: Make sure a cryptographically-secure PRNG is set and the platform
+ * has access to enough entropy in order to feed the PRNG regularly. */
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
-#define Curve_P {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, \
- 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}
-
-#define Curve_B {0x27D2604B, 0x3BCE3C3E, 0xCC53B0F6, 0x651D06B0, \
- 0x769886BC, 0xB3EBBD55, 0xAA3A93E7, 0x5AC635D8}
-
-#define Curve_N {0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, \
- 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF}
-
-#define Curve_G {{0xD898C296, 0xF4A13945, 0x2DEB33A0, 0x77037D81, \
- 0x63A440F2, 0xF8BCE6E5, 0xE12C4247, 0x6B17D1F2}, \
- {0x37BF51F5, 0xCBB64068, 0x6B315ECE, 0x2BCE3357, \
- 0x7C0F9E16, 0x8EE7EB4A, 0xFE1A7F9B, 0x4FE342E2} }
-
-#define Curve_P_Barrett {0x00000003, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, \
- 0xFFFFFFFE, 0xFFFFFFFE, 0xFFFFFFFF, 0x00000000, 0x00000001}
-
-#define Curve_N_Barrett {0xEEDF9BFE, 0x012FFD85, 0xDF1A6C21, 0x43190552, \
- 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x00000000, 0x00000001}
-
-uint32_t curve_p[NUM_ECC_DIGITS] = Curve_P;
-uint32_t curve_b[NUM_ECC_DIGITS] = Curve_B;
-EccPoint curve_G = Curve_G;
-uint32_t curve_n[NUM_ECC_DIGITS] = Curve_N;
-uint32_t curve_pb[NUM_ECC_DIGITS + 1] = Curve_P_Barrett;
-uint32_t curve_nb[NUM_ECC_DIGITS + 1] = Curve_N_Barrett;
-
-/* ------ Static functions: ------ */
-
-/* Zeroing out p_vli. */
-static void vli_clear(uint32_t *p_vli)
+void uECC_set_rng(uECC_RNG_Function rng_function)
{
- uint32_t i;
+ g_rng_function = rng_function;
+}
- for (i = 0; i < NUM_ECC_DIGITS; ++i) {
- p_vli[i] = 0;
+uECC_RNG_Function uECC_get_rng(void)
+{
+ return g_rng_function;
+}
+
+int uECC_curve_private_key_size(uECC_Curve curve)
+{
+ return BITS_TO_BYTES(curve->num_n_bits);
+}
+
+int uECC_curve_public_key_size(uECC_Curve curve)
+{
+ return 2 * curve->num_bytes;
+}
+
+void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words)
+{
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ vli[i] = 0;
}
}
-/* Returns nonzero if bit p_bit of p_vli is set.
- * It is assumed that the value provided in 'bit' is within
- * the boundaries of the word-array 'p_vli'.*/
-static uint32_t vli_testBit(uint32_t *p_vli, uint32_t p_bit)
+uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words)
{
- return (p_vli[p_bit / 32] & (1 << (p_bit % 32)));
+ uECC_word_t bits = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ bits |= vli[i];
+ }
+ return (bits == 0);
}
-uint32_t vli_isZero(uint32_t *p_vli)
+uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit)
{
- uint32_t acc = 0;
+ return (vli[bit >> uECC_WORD_BITS_SHIFT] &
+ ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK)));
+}
- for (uint32_t i = 0; i < NUM_ECC_DIGITS; ++i) {
- acc |= p_vli[i];
+/* Counts the number of words in vli. */
+static wordcount_t vli_numDigits(const uECC_word_t *vli,
+ const wordcount_t max_words)
+{
+
+ wordcount_t i;
+ /* Search from the end until we find a non-zero digit. We do it in reverse
+ * because we expect that most digits will be nonzero. */
+ for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) {
}
- return (!acc);
+ return (i + 1);
}
-/*
- * Find the right-most nonzero 32-bit "digits" in p_vli.
- *
- * Side-channel countermeasure: algorithm strengthened against timing attack.
- */
-static uint32_t vli_numDigits(uint32_t *p_vli)
+bitcount_t uECC_vli_numBits(const uECC_word_t *vli,
+ const wordcount_t max_words)
{
- int32_t i;
- uint32_t digits = 0;
- for (i = NUM_ECC_DIGITS - 1; i >= 0 ; --i) {
- digits += p_vli[i] || digits;
+ uECC_word_t i;
+ uECC_word_t digit;
+
+ wordcount_t num_digits = vli_numDigits(vli, max_words);
+ if (num_digits == 0) {
+ return 0;
}
- return digits;
-}
-
-/*
- * Find the left-most non-zero bit in p_vli.
- *
- * Side-channel countermeasure: algorithm strengthened against timing attack.
- */
-static uint32_t vli_numBits(uint32_t *p_vli)
-{
- uint32_t l_digit;
- uint32_t i, acc = 32;
- uint32_t l_numDigits = vli_numDigits(p_vli);
-
- l_digit = p_vli[l_numDigits - 1];
-
- for (i = 0; i < 32; ++i) {
- acc -= !l_digit;
- l_digit >>= 1;
+ digit = vli[num_digits - 1];
+ for (i = 0; digit; ++i) {
+ digit >>= 1;
}
- return ((l_numDigits - 1) * 32 + acc);
+ return (((bitcount_t)(num_digits - 1) << uECC_WORD_BITS_SHIFT) + i);
}
-/*
- * Computes p_result = p_left + p_right, returns carry.
- *
- * Side-channel countermeasure: algorithm strengthened against timing attack.
- */
-static uint32_t vli_add(uint32_t *p_result, uint32_t *p_left,
- uint32_t *p_right)
+void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src,
+ wordcount_t num_words)
{
+ wordcount_t i;
- uint32_t l_carry = 0;
-
- for (uint32_t i = 0; i < NUM_ECC_DIGITS; ++i) {
- uint32_t l_sum = p_left[i] + p_right[i] + l_carry;
-
- l_carry = (l_sum < p_left[i]) | ((l_sum == p_left[i]) && l_carry);
- p_result[i] = l_sum;
- }
-
- return l_carry;
+ for (i = 0; i < num_words; ++i) {
+ dest[i] = src[i];
+ }
}
-
-/* Computes p_result = p_left * p_right. */
-static void vli_mult(uint32_t *p_result, uint32_t *p_left,
- uint32_t *p_right, uint32_t word_size)
+cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left,
+ const uECC_word_t *right,
+ wordcount_t num_words)
{
+ wordcount_t i;
- uint64_t r01 = 0;
- uint32_t r2 = 0;
-
- /* Compute each digit of p_result in sequence, maintaining the carries. */
- for (uint32_t k = 0; k < word_size*2 - 1; ++k) {
-
- uint32_t l_min = (k < word_size ? 0 : (k + 1) - word_size);
-
- for (uint32_t i = l_min; i <= k && i < word_size; ++i) {
-
- uint64_t l_product = (uint64_t)p_left[i] * p_right[k - i];
-
- r01 += l_product;
- r2 += (r01 < l_product);
+ for (i = num_words - 1; i >= 0; --i) {
+ if (left[i] > right[i]) {
+ return 1;
+ } else if (left[i] < right[i]) {
+ return -1;
}
- p_result[k] = (uint32_t)r01;
- r01 = (r01 >> 32) | (((uint64_t)r2) << 32);
+ }
+ return 0;
+}
+
+uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words)
+{
+
+ uECC_word_t diff = 0;
+ wordcount_t i;
+
+ for (i = num_words - 1; i >= 0; --i) {
+ diff |= (left[i] ^ right[i]);
+ }
+ return !(diff == 0);
+}
+
+uECC_word_t cond_set(uECC_word_t p_true, uECC_word_t p_false, unsigned int cond)
+{
+ return (p_true*(cond)) | (p_false*(!cond));
+}
+
+/* Computes result = left - right, returning borrow, in constant time.
+ * Can modify in place. */
+uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+ uECC_word_t borrow = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ uECC_word_t diff = left[i] - right[i] - borrow;
+ uECC_word_t val = (diff > left[i]);
+ borrow = cond_set(val, borrow, (diff != left[i]));
+
+ result[i] = diff;
+ }
+ return borrow;
+}
+
+/* Computes result = left + right, returning carry, in constant time.
+ * Can modify in place. */
+static uECC_word_t uECC_vli_add(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+ uECC_word_t carry = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ uECC_word_t sum = left[i] + right[i] + carry;
+ uECC_word_t val = (sum < left[i]);
+ carry = cond_set(val, carry, (sum != left[i]));
+ result[i] = sum;
+ }
+ return carry;
+}
+
+cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words)
+{
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words);
+ uECC_word_t equal = uECC_vli_isZero(tmp, num_words);
+ return (!equal - 2 * neg);
+}
+
+/* Computes vli = vli >> 1. */
+static void uECC_vli_rshift1(uECC_word_t *vli, wordcount_t num_words)
+{
+ uECC_word_t *end = vli;
+ uECC_word_t carry = 0;
+
+ vli += num_words;
+ while (vli-- > end) {
+ uECC_word_t temp = *vli;
+ *vli = (temp >> 1) | carry;
+ carry = temp << (uECC_WORD_BITS - 1);
+ }
+}
+
+static void muladd(uECC_word_t a, uECC_word_t b, uECC_word_t *r0,
+ uECC_word_t *r1, uECC_word_t *r2)
+{
+
+ uECC_dword_t p = (uECC_dword_t)a * b;
+ uECC_dword_t r01 = ((uECC_dword_t)(*r1) << uECC_WORD_BITS) | *r0;
+ r01 += p;
+ *r2 += (r01 < p);
+ *r1 = r01 >> uECC_WORD_BITS;
+ *r0 = (uECC_word_t)r01;
+
+}
+
+/* Computes result = left * right. Result must be 2 * num_words long. */
+static void uECC_vli_mult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+
+ uECC_word_t r0 = 0;
+ uECC_word_t r1 = 0;
+ uECC_word_t r2 = 0;
+ wordcount_t i, k;
+
+ /* Compute each digit of result in sequence, maintaining the carries. */
+ for (k = 0; k < num_words; ++k) {
+
+ for (i = 0; i <= k; ++i) {
+ muladd(left[i], right[k - i], &r0, &r1, &r2);
+ }
+
+ result[k] = r0;
+ r0 = r1;
+ r1 = r2;
r2 = 0;
}
- p_result[word_size * 2 - 1] = (uint32_t)r01;
+ for (k = num_words; k < num_words * 2 - 1; ++k) {
+
+ for (i = (k + 1) - num_words; i < num_words; ++i) {
+ muladd(left[i], right[k - i], &r0, &r1, &r2);
+ }
+ result[k] = r0;
+ r0 = r1;
+ r1 = r2;
+ r2 = 0;
+ }
+ result[num_words * 2 - 1] = r0;
}
-/* Computes p_result = p_left^2. */
-static void vli_square(uint32_t *p_result, uint32_t *p_left)
+void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
{
+ uECC_word_t carry = uECC_vli_add(result, left, right, num_words);
+ if (carry || uECC_vli_cmp_unsafe(mod, result, num_words) != 1) {
+ /* result > mod (result = mod + remainder), so subtract mod to get
+ * remainder. */
+ uECC_vli_sub(result, result, mod, num_words);
+ }
+}
- uint64_t r01 = 0;
- uint32_t r2 = 0;
- uint32_t i, k;
+void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+ uECC_word_t l_borrow = uECC_vli_sub(result, left, right, num_words);
+ if (l_borrow) {
+ /* In this case, result == -diff == (max int) - diff. Since -x % d == d - x,
+ * we can get the correct result from result + mod (with overflow). */
+ uECC_vli_add(result, result, mod, num_words);
+ }
+}
- for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; ++k) {
+/* Computes result = product % mod, where product is 2N words long. */
+/* Currently only designed to work for curve_p or curve_n. */
+void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
+ const uECC_word_t *mod, wordcount_t num_words)
+{
+ uECC_word_t mod_multiple[2 * NUM_ECC_WORDS];
+ uECC_word_t tmp[2 * NUM_ECC_WORDS];
+ uECC_word_t *v[2] = {tmp, product};
+ uECC_word_t index;
- uint32_t l_min = (k < NUM_ECC_DIGITS ? 0 : (k + 1) - NUM_ECC_DIGITS);
+ /* Shift mod so its highest set bit is at the maximum position. */
+ bitcount_t shift = (num_words * 2 * uECC_WORD_BITS) -
+ uECC_vli_numBits(mod, num_words);
+ wordcount_t word_shift = shift / uECC_WORD_BITS;
+ wordcount_t bit_shift = shift % uECC_WORD_BITS;
+ uECC_word_t carry = 0;
+ uECC_vli_clear(mod_multiple, word_shift);
+ if (bit_shift > 0) {
+ for(index = 0; index < (uECC_word_t)num_words; ++index) {
+ mod_multiple[word_shift + index] = (mod[index] << bit_shift) | carry;
+ carry = mod[index] >> (uECC_WORD_BITS - bit_shift);
+ }
+ } else {
+ uECC_vli_set(mod_multiple + word_shift, mod, num_words);
+ }
- for (i = l_min; i <= k && i <= k - i; ++i) {
-
- uint64_t l_product = (uint64_t)p_left[i] * p_left[k - i];
-
- if (i < k - i) {
-
- r2 += l_product >> 63;
- l_product *= 2;
+ for (index = 1; shift >= 0; --shift) {
+ uECC_word_t borrow = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words * 2; ++i) {
+ uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow;
+ if (diff != v[index][i]) {
+ borrow = (diff > v[index][i]);
}
- r01 += l_product;
- r2 += (r01 < l_product);
+ v[1 - index][i] = diff;
}
- p_result[k] = (uint32_t)r01;
- r01 = (r01 >> 32) | (((uint64_t)r2) << 32);
- r2 = 0;
+ /* Swap the index if there was no borrow */
+ index = !(index ^ borrow);
+ uECC_vli_rshift1(mod_multiple, num_words);
+ mod_multiple[num_words - 1] |= mod_multiple[num_words] <<
+ (uECC_WORD_BITS - 1);
+ uECC_vli_rshift1(mod_multiple + num_words, num_words);
}
-
- p_result[NUM_ECC_DIGITS * 2 - 1] = (uint32_t)r01;
+ uECC_vli_set(result, v[index], num_words);
}
-/* Computes p_result = p_product % curve_p using Barrett reduction. */
-void vli_mmod_barrett(uint32_t *p_result, uint32_t *p_product,
- uint32_t *p_mod, uint32_t *p_barrett)
+void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
{
- uint32_t i;
- uint32_t q1[NUM_ECC_DIGITS + 1];
+ uECC_word_t product[2 * NUM_ECC_WORDS];
+ uECC_vli_mult(product, left, right, num_words);
+ uECC_vli_mmod(result, product, mod, num_words);
+}
- for (i = NUM_ECC_DIGITS - 1; i < 2 * NUM_ECC_DIGITS; i++) {
- q1[i - (NUM_ECC_DIGITS - 1)] = p_product[i];
+void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, uECC_Curve curve)
+{
+ uECC_word_t product[2 * NUM_ECC_WORDS];
+ uECC_vli_mult(product, left, right, curve->num_words);
+
+ curve->mmod_fast(result, product);
+}
+
+static void uECC_vli_modSquare_fast(uECC_word_t *result,
+ const uECC_word_t *left,
+ uECC_Curve curve)
+{
+ uECC_vli_modMult_fast(result, left, left, curve);
+}
+
+
+#define EVEN(vli) (!(vli[0] & 1))
+
+static void vli_modInv_update(uECC_word_t *uv,
+ const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+
+ uECC_word_t carry = 0;
+
+ if (!EVEN(uv)) {
+ carry = uECC_vli_add(uv, uv, mod, num_words);
}
-
- uint32_t q2[2*NUM_ECC_DIGITS + 2];
-
- vli_mult(q2, q1, p_barrett, NUM_ECC_DIGITS + 1);
- for (i = NUM_ECC_DIGITS + 1; i < 2 * NUM_ECC_DIGITS + 2; i++) {
- q1[i - (NUM_ECC_DIGITS + 1)] = q2[i];
- }
-
- uint32_t prime2[2*NUM_ECC_DIGITS];
-
- for (i = 0; i < NUM_ECC_DIGITS; i++) {
- prime2[i] = p_mod[i];
- prime2[NUM_ECC_DIGITS + i] = 0;
- }
-
- vli_mult(q2, q1, prime2, NUM_ECC_DIGITS + 1);
- vli_sub(p_product, p_product, q2, 2 * NUM_ECC_DIGITS);
-
- uint32_t borrow;
-
- borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
- vli_cond_set(p_product, p_product, q1, borrow);
- p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
- borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
- vli_cond_set(p_product, p_product, q1, borrow);
- p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
- borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
- vli_cond_set(p_product, p_product, q1, borrow);
- p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
-
- for (i = 0; i < NUM_ECC_DIGITS; i++) {
- p_result[i] = p_product[i];
+ uECC_vli_rshift1(uv, num_words);
+ if (carry) {
+ uv[num_words - 1] |= HIGH_BIT_SET;
}
}
-/*
- * Computes modular exponentiation.
- *
- * Side-channel countermeasure: algorithm strengthened against timing attack.
- */
-static void vli_modExp(uint32_t *p_result, uint32_t *p_base,
- uint32_t *p_exp, uint32_t *p_mod, uint32_t *p_barrett)
+void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input,
+ const uECC_word_t *mod, wordcount_t num_words)
{
+ uECC_word_t a[NUM_ECC_WORDS], b[NUM_ECC_WORDS];
+ uECC_word_t u[NUM_ECC_WORDS], v[NUM_ECC_WORDS];
+ cmpresult_t cmpResult;
- uint32_t acc[NUM_ECC_DIGITS], tmp[NUM_ECC_DIGITS], product[2 * NUM_ECC_DIGITS];
- uint32_t j;
- int32_t i;
-
- vli_clear(acc);
- acc[0] = 1;
-
- for (i = NUM_ECC_DIGITS - 1; i >= 0; i--) {
- for (j = 1 << 31; j > 0; j = j >> 1) {
- vli_square(product, acc);
- vli_mmod_barrett(acc, product, p_mod, p_barrett);
- vli_mult(product, acc, p_base, NUM_ECC_DIGITS);
- vli_mmod_barrett(tmp, product, p_mod, p_barrett);
- vli_cond_set(acc, tmp, acc, j & p_exp[i]);
- }
- }
-
- vli_set(p_result, acc);
-}
-
-/* Conversion from Affine coordinates to Jacobi coordinates. */
-static void EccPoint_fromAffine(EccPointJacobi *p_point_jacobi,
- EccPoint *p_point) {
-
- vli_set(p_point_jacobi->X, p_point->x);
- vli_set(p_point_jacobi->Y, p_point->y);
- vli_clear(p_point_jacobi->Z);
- p_point_jacobi->Z[0] = 1;
-}
-
-/*
- * Elliptic curve point doubling in Jacobi coordinates: P = P + P.
- *
- * Requires 4 squares and 4 multiplications.
- */
-static void EccPoint_double(EccPointJacobi *P)
-{
-
- uint32_t m[NUM_ECC_DIGITS], s[NUM_ECC_DIGITS], t[NUM_ECC_DIGITS];
-
- vli_modSquare_fast(t, P->Z);
- vli_modSub(m, P->X, t, curve_p);
- vli_modAdd(s, P->X, t, curve_p);
- vli_modMult_fast(m, m, s);
- vli_modAdd(s, m, m, curve_p);
- vli_modAdd(m, s, m, curve_p); /* m = 3X^2 - 3Z^4 */
- vli_modSquare_fast(t, P->Y);
- vli_modMult_fast(s, P->X, t);
- vli_modAdd(s, s, s, curve_p);
- vli_modAdd(s, s, s, curve_p); /* s = 4XY^2 */
- vli_modMult_fast(P->Z, P->Y, P->Z);
- vli_modAdd(P->Z, P->Z, P->Z, curve_p); /* Z' = 2YZ */
- vli_modSquare_fast(P->X, m);
- vli_modSub(P->X, P->X, s, curve_p);
- vli_modSub(P->X, P->X, s, curve_p); /* X' = m^2 - 2s */
- vli_modSquare_fast(P->Y, t);
- vli_modAdd(P->Y, P->Y, P->Y, curve_p);
- vli_modAdd(P->Y, P->Y, P->Y, curve_p);
- vli_modAdd(P->Y, P->Y, P->Y, curve_p);
- vli_modSub(t, s, P->X, curve_p);
- vli_modMult_fast(t, t, m);
- vli_modSub(P->Y, t, P->Y, curve_p); /* Y' = m(s - X') - 8Y^4 */
-
-}
-
-/* Copy input to target. */
-static void EccPointJacobi_set(EccPointJacobi *target, EccPointJacobi *input)
-{
- vli_set(target->X, input->X);
- vli_set(target->Y, input->Y);
- vli_set(target->Z, input->Z);
-}
-
-/* ------ Externally visible functions (see header file for comments): ------ */
-
-void vli_set(uint32_t *p_dest, uint32_t *p_src)
-{
-
- uint32_t i;
-
- for (i = 0; i < NUM_ECC_DIGITS; ++i) {
- p_dest[i] = p_src[i];
- }
-}
-
-int32_t vli_cmp(uint32_t *p_left, uint32_t *p_right, int32_t word_size)
-{
-
- int32_t i, cmp = 0;
-
- for (i = word_size-1; i >= 0; --i) {
- cmp |= ((p_left[i] > p_right[i]) - (p_left[i] < p_right[i])) * (!cmp);
- }
-
- return cmp;
-}
-
-uint32_t vli_sub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t word_size)
-{
-
- uint32_t l_borrow = 0;
-
- for (uint32_t i = 0; i < word_size; ++i) {
- uint32_t l_diff = p_left[i] - p_right[i] - l_borrow;
-
- l_borrow = (l_diff > p_left[i]) | ((l_diff == p_left[i]) && l_borrow);
- p_result[i] = l_diff;
- }
-
- return l_borrow;
-}
-
-void vli_cond_set(uint32_t *output, uint32_t *p_true, uint32_t *p_false,
- uint32_t cond)
-{
- uint32_t i;
-
- cond = (!cond);
-
- for (i = 0; i < NUM_ECC_DIGITS; i++) {
- output[i] = (p_true[i]*(!cond)) | (p_false[i]*cond);
- }
-}
-
-void vli_modAdd(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod)
-{
- uint32_t l_carry = vli_add(p_result, p_left, p_right);
- uint32_t p_temp[NUM_ECC_DIGITS];
-
- l_carry = l_carry == vli_sub(p_temp, p_result, p_mod, NUM_ECC_DIGITS);
- vli_cond_set(p_result, p_temp, p_result, l_carry);
-}
-
-void vli_modSub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod)
-{
- uint32_t l_borrow = vli_sub(p_result, p_left, p_right, NUM_ECC_DIGITS);
- uint32_t p_temp[NUM_ECC_DIGITS];
-
- vli_add(p_temp, p_result, p_mod);
- vli_cond_set(p_result, p_temp, p_result, l_borrow);
-}
-
-void vli_modMult_fast(uint32_t *p_result, uint32_t *p_left,
- uint32_t *p_right)
-{
- uint32_t l_product[2 * NUM_ECC_DIGITS];
-
- vli_mult(l_product, p_left, p_right, NUM_ECC_DIGITS);
- vli_mmod_barrett(p_result, l_product, curve_p, curve_pb);
-}
-
-void vli_modSquare_fast(uint32_t *p_result, uint32_t *p_left)
-{
- uint32_t l_product[2 * NUM_ECC_DIGITS];
-
- vli_square(l_product, p_left);
- vli_mmod_barrett(p_result, l_product, curve_p, curve_pb);
-}
-
-void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
- uint32_t *p_mod, uint32_t *p_barrett)
-{
-
- uint32_t l_product[2 * NUM_ECC_DIGITS];
-
- vli_mult(l_product, p_left, p_right, NUM_ECC_DIGITS);
- vli_mmod_barrett(p_result, l_product, p_mod, p_barrett);
-}
-
-void vli_modInv(uint32_t *p_result, uint32_t *p_input, uint32_t *p_mod,
- uint32_t *p_barrett)
-{
- uint32_t p_power[NUM_ECC_DIGITS];
-
- vli_set(p_power, p_mod);
- p_power[0] -= 2;
- vli_modExp(p_result, p_input, p_power, p_mod, p_barrett);
-}
-
-uint32_t EccPoint_isZero(EccPoint *p_point)
-{
- return (vli_isZero(p_point->x) && vli_isZero(p_point->y));
-}
-
-uint32_t EccPointJacobi_isZero(EccPointJacobi *p_point_jacobi)
-{
- return vli_isZero(p_point_jacobi->Z);
-}
-
-void EccPoint_toAffine(EccPoint *p_point, EccPointJacobi *p_point_jacobi)
-{
-
- if (vli_isZero(p_point_jacobi->Z)) {
- vli_clear(p_point->x);
- vli_clear(p_point->y);
+ if (uECC_vli_isZero(input, num_words)) {
+ uECC_vli_clear(result, num_words);
return;
}
- uint32_t z[NUM_ECC_DIGITS];
-
- vli_set(z, p_point_jacobi->Z);
- vli_modInv(z, z, curve_p, curve_pb);
- vli_modSquare_fast(p_point->x, z);
- vli_modMult_fast(p_point->y, p_point->x, z);
- vli_modMult_fast(p_point->x, p_point->x, p_point_jacobi->X);
- vli_modMult_fast(p_point->y, p_point->y, p_point_jacobi->Y);
+ uECC_vli_set(a, input, num_words);
+ uECC_vli_set(b, mod, num_words);
+ uECC_vli_clear(u, num_words);
+ u[0] = 1;
+ uECC_vli_clear(v, num_words);
+ while ((cmpResult = uECC_vli_cmp_unsafe(a, b, num_words)) != 0) {
+ if (EVEN(a)) {
+ uECC_vli_rshift1(a, num_words);
+ vli_modInv_update(u, mod, num_words);
+ } else if (EVEN(b)) {
+ uECC_vli_rshift1(b, num_words);
+ vli_modInv_update(v, mod, num_words);
+ } else if (cmpResult > 0) {
+ uECC_vli_sub(a, a, b, num_words);
+ uECC_vli_rshift1(a, num_words);
+ if (uECC_vli_cmp_unsafe(u, v, num_words) < 0) {
+ uECC_vli_add(u, u, mod, num_words);
+ }
+ uECC_vli_sub(u, u, v, num_words);
+ vli_modInv_update(u, mod, num_words);
+ } else {
+ uECC_vli_sub(b, b, a, num_words);
+ uECC_vli_rshift1(b, num_words);
+ if (uECC_vli_cmp_unsafe(v, u, num_words) < 0) {
+ uECC_vli_add(v, v, mod, num_words);
+ }
+ uECC_vli_sub(v, v, u, num_words);
+ vli_modInv_update(v, mod, num_words);
+ }
+ }
+ uECC_vli_set(result, u, num_words);
}
-void EccPoint_add(EccPointJacobi *P1, EccPointJacobi *P2)
+/* ------ Point operations ------ */
+
+void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * Z1, uECC_Curve curve)
{
+ /* t1 = X, t2 = Y, t3 = Z */
+ uECC_word_t t4[NUM_ECC_WORDS];
+ uECC_word_t t5[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
- uint32_t s1[NUM_ECC_DIGITS], u1[NUM_ECC_DIGITS], t[NUM_ECC_DIGITS];
- uint32_t h[NUM_ECC_DIGITS], r[NUM_ECC_DIGITS];
-
- vli_modSquare_fast(r, P1->Z);
- vli_modSquare_fast(s1, P2->Z);
- vli_modMult_fast(u1, P1->X, s1); /* u1 = X1 Z2^2 */
- vli_modMult_fast(h, P2->X, r);
- vli_modMult_fast(s1, P1->Y, s1);
- vli_modMult_fast(s1, s1, P2->Z); /* s1 = Y1 Z2^3 */
- vli_modMult_fast(r, P2->Y, r);
- vli_modMult_fast(r, r, P1->Z);
- vli_modSub(h, h, u1, curve_p); /* h = X2 Z1^2 - u1 */
- vli_modSub(r, r, s1, curve_p); /* r = Y2 Z1^3 - s1 */
-
- if (vli_isZero(h)) {
- if (vli_isZero(r)) {
- /* P1 = P2 */
- EccPoint_double(P1);
- return;
- }
- /* point at infinity */
- vli_clear(P1->Z);
+ if (uECC_vli_isZero(Z1, num_words)) {
return;
}
- vli_modMult_fast(P1->Z, P1->Z, P2->Z);
- vli_modMult_fast(P1->Z, P1->Z, h); /* Z3 = h Z1 Z2 */
- vli_modSquare_fast(t, h);
- vli_modMult_fast(h, t, h);
- vli_modMult_fast(u1, u1, t);
- vli_modSquare_fast(P1->X, r);
- vli_modSub(P1->X, P1->X, h, curve_p);
- vli_modSub(P1->X, P1->X, u1, curve_p);
- vli_modSub(P1->X, P1->X, u1, curve_p); /* X3 = r^2 - h^3 - 2 u1 h^2 */
- vli_modMult_fast(t, s1, h);
- vli_modSub(P1->Y, u1, P1->X, curve_p);
- vli_modMult_fast(P1->Y, P1->Y, r);
- vli_modSub(P1->Y, P1->Y, t, curve_p); /* Y3 = r(u1 h^2 - X3) - s1 h^3 */
+ uECC_vli_modSquare_fast(t4, Y1, curve); /* t4 = y1^2 */
+ uECC_vli_modMult_fast(t5, X1, t4, curve); /* t5 = x1*y1^2 = A */
+ uECC_vli_modSquare_fast(t4, t4, curve); /* t4 = y1^4 */
+ uECC_vli_modMult_fast(Y1, Y1, Z1, curve); /* t2 = y1*z1 = z3 */
+ uECC_vli_modSquare_fast(Z1, Z1, curve); /* t3 = z1^2 */
+
+ uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */
+ uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */
+ uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */
+ uECC_vli_modMult_fast(X1, X1, Z1, curve); /* t1 = x1^2 - z1^4 */
+
+ uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */
+ uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */
+ if (uECC_vli_testBit(X1, 0)) {
+ uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words);
+ uECC_vli_rshift1(X1, num_words);
+ X1[num_words - 1] |= l_carry << (uECC_WORD_BITS - 1);
+ } else {
+ uECC_vli_rshift1(X1, num_words);
+ }
+
+ /* t1 = 3/2*(x1^2 - z1^4) = B */
+ uECC_vli_modSquare_fast(Z1, X1, curve); /* t3 = B^2 */
+ uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */
+ uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */
+ uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = B * (A - x3) */
+ /* t4 = B * (A - x3) - y1^4 = y3: */
+ uECC_vli_modSub(t4, X1, t4, curve->p, num_words);
+
+ uECC_vli_set(X1, Z1, num_words);
+ uECC_vli_set(Z1, Y1, num_words);
+ uECC_vli_set(Y1, t4, num_words);
}
-/*
- * Elliptic curve scalar multiplication with result in Jacobi coordinates:
- *
- * p_result = p_scalar * p_point.
+void x_side_default(uECC_word_t *result,
+ const uECC_word_t *x,
+ uECC_Curve curve)
+{
+ uECC_word_t _3[NUM_ECC_WORDS] = {3}; /* -a = 3 */
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */
+ uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */
+ uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */
+ /* r = x^3 - 3x + b: */
+ uECC_vli_modAdd(result, result, curve->b, curve->p, num_words);
+}
+
+uECC_Curve uECC_secp256r1(void)
+{
+ return &curve_secp256r1;
+}
+
+void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int*product)
+{
+ unsigned int tmp[NUM_ECC_WORDS];
+ int carry;
+
+ /* t */
+ uECC_vli_set(result, product, NUM_ECC_WORDS);
+
+ /* s1 */
+ tmp[0] = tmp[1] = tmp[2] = 0;
+ tmp[3] = product[11];
+ tmp[4] = product[12];
+ tmp[5] = product[13];
+ tmp[6] = product[14];
+ tmp[7] = product[15];
+ carry = uECC_vli_add(tmp, tmp, tmp, NUM_ECC_WORDS);
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s2 */
+ tmp[3] = product[12];
+ tmp[4] = product[13];
+ tmp[5] = product[14];
+ tmp[6] = product[15];
+ tmp[7] = 0;
+ carry += uECC_vli_add(tmp, tmp, tmp, NUM_ECC_WORDS);
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s3 */
+ tmp[0] = product[8];
+ tmp[1] = product[9];
+ tmp[2] = product[10];
+ tmp[3] = tmp[4] = tmp[5] = 0;
+ tmp[6] = product[14];
+ tmp[7] = product[15];
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s4 */
+ tmp[0] = product[9];
+ tmp[1] = product[10];
+ tmp[2] = product[11];
+ tmp[3] = product[13];
+ tmp[4] = product[14];
+ tmp[5] = product[15];
+ tmp[6] = product[13];
+ tmp[7] = product[8];
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d1 */
+ tmp[0] = product[11];
+ tmp[1] = product[12];
+ tmp[2] = product[13];
+ tmp[3] = tmp[4] = tmp[5] = 0;
+ tmp[6] = product[8];
+ tmp[7] = product[10];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d2 */
+ tmp[0] = product[12];
+ tmp[1] = product[13];
+ tmp[2] = product[14];
+ tmp[3] = product[15];
+ tmp[4] = tmp[5] = 0;
+ tmp[6] = product[9];
+ tmp[7] = product[11];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d3 */
+ tmp[0] = product[13];
+ tmp[1] = product[14];
+ tmp[2] = product[15];
+ tmp[3] = product[8];
+ tmp[4] = product[9];
+ tmp[5] = product[10];
+ tmp[6] = 0;
+ tmp[7] = product[12];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d4 */
+ tmp[0] = product[14];
+ tmp[1] = product[15];
+ tmp[2] = 0;
+ tmp[3] = product[9];
+ tmp[4] = product[10];
+ tmp[5] = product[11];
+ tmp[6] = 0;
+ tmp[7] = product[13];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ if (carry < 0) {
+ do {
+ carry += uECC_vli_add(result, result, curve_secp256r1.p, NUM_ECC_WORDS);
+ }
+ while (carry < 0);
+ } else {
+ while (carry ||
+ uECC_vli_cmp_unsafe(curve_secp256r1.p, result, NUM_ECC_WORDS) != 1) {
+ carry -= uECC_vli_sub(result, result, curve_secp256r1.p, NUM_ECC_WORDS);
+ }
+ }
+}
+
+uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve)
+{
+ return uECC_vli_isZero(point, curve->num_words * 2);
+}
+
+void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
+ uECC_Curve curve)
+{
+ uECC_word_t t1[NUM_ECC_WORDS];
+
+ uECC_vli_modSquare_fast(t1, Z, curve); /* z^2 */
+ uECC_vli_modMult_fast(X1, X1, t1, curve); /* x1 * z^2 */
+ uECC_vli_modMult_fast(t1, t1, Z, curve); /* z^3 */
+ uECC_vli_modMult_fast(Y1, Y1, t1, curve); /* y1 * z^3 */
+}
+
+/* P = (x1, y1) => 2P, (x2, y2) => P' */
+static void XYcZ_initial_double(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ const uECC_word_t * const initial_Z,
+ uECC_Curve curve)
+{
+ uECC_word_t z[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+ if (initial_Z) {
+ uECC_vli_set(z, initial_Z, num_words);
+ } else {
+ uECC_vli_clear(z, num_words);
+ z[0] = 1;
+ }
+
+ uECC_vli_set(X2, X1, num_words);
+ uECC_vli_set(Y2, Y1, num_words);
+
+ apply_z(X1, Y1, z, curve);
+ curve->double_jacobian(X1, Y1, z, curve);
+ apply_z(X2, Y2, z, curve);
+}
+
+void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ uECC_Curve curve)
+{
+ /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
+ uECC_word_t t5[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */
+ uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */
+ uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */
+ uECC_vli_modSquare_fast(t5, Y2, curve); /* t5 = (y2 - y1)^2 = D */
+
+ uECC_vli_modSub(t5, t5, X1, curve->p, num_words); /* t5 = D - B */
+ uECC_vli_modSub(t5, t5, X2, curve->p, num_words); /* t5 = D - B - C = x3 */
+ uECC_vli_modSub(X2, X2, X1, curve->p, num_words); /* t3 = C - B */
+ uECC_vli_modMult_fast(Y1, Y1, X2, curve); /* t2 = y1*(C - B) */
+ uECC_vli_modSub(X2, X1, t5, curve->p, num_words); /* t3 = B - x3 */
+ uECC_vli_modMult_fast(Y2, Y2, X2, curve); /* t4 = (y2 - y1)*(B - x3) */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y3 */
+
+ uECC_vli_set(X2, t5, num_words);
+}
+
+/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
+ Output P + Q = (x3, y3, Z3), P - Q = (x3', y3', Z3)
+ or P => P - Q, Q => P + Q
*/
-void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)
+static void XYcZ_addC(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ uECC_Curve curve)
+{
+ /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
+ uECC_word_t t5[NUM_ECC_WORDS];
+ uECC_word_t t6[NUM_ECC_WORDS];
+ uECC_word_t t7[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */
+ uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */
+ uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */
+ uECC_vli_modAdd(t5, Y2, Y1, curve->p, num_words); /* t5 = y2 + y1 */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */
+
+ uECC_vli_modSub(t6, X2, X1, curve->p, num_words); /* t6 = C - B */
+ uECC_vli_modMult_fast(Y1, Y1, t6, curve); /* t2 = y1 * (C - B) = E */
+ uECC_vli_modAdd(t6, X1, X2, curve->p, num_words); /* t6 = B + C */
+ uECC_vli_modSquare_fast(X2, Y2, curve); /* t3 = (y2 - y1)^2 = D */
+ uECC_vli_modSub(X2, X2, t6, curve->p, num_words); /* t3 = D - (B + C) = x3 */
+
+ uECC_vli_modSub(t7, X1, X2, curve->p, num_words); /* t7 = B - x3 */
+ uECC_vli_modMult_fast(Y2, Y2, t7, curve); /* t4 = (y2 - y1)*(B - x3) */
+ /* t4 = (y2 - y1)*(B - x3) - E = y3: */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words);
+
+ uECC_vli_modSquare_fast(t7, t5, curve); /* t7 = (y2 + y1)^2 = F */
+ uECC_vli_modSub(t7, t7, t6, curve->p, num_words); /* t7 = F - (B + C) = x3' */
+ uECC_vli_modSub(t6, t7, X1, curve->p, num_words); /* t6 = x3' - B */
+ uECC_vli_modMult_fast(t6, t6, t5, curve); /* t6 = (y2+y1)*(x3' - B) */
+ /* t2 = (y2+y1)*(x3' - B) - E = y3': */
+ uECC_vli_modSub(Y1, t6, Y1, curve->p, num_words);
+
+ uECC_vli_set(X1, t7, num_words);
+}
+
+void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
+ const uECC_word_t * scalar,
+ const uECC_word_t * initial_Z,
+ bitcount_t num_bits, uECC_Curve curve)
+{
+ /* R0 and R1 */
+ uECC_word_t Rx[2][NUM_ECC_WORDS];
+ uECC_word_t Ry[2][NUM_ECC_WORDS];
+ uECC_word_t z[NUM_ECC_WORDS];
+ bitcount_t i;
+ uECC_word_t nb;
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_set(Rx[1], point, num_words);
+ uECC_vli_set(Ry[1], point + num_words, num_words);
+
+ XYcZ_initial_double(Rx[1], Ry[1], Rx[0], Ry[0], initial_Z, curve);
+
+ for (i = num_bits - 2; i > 0; --i) {
+ nb = !uECC_vli_testBit(scalar, i);
+ XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve);
+ XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve);
+ }
+
+ nb = !uECC_vli_testBit(scalar, 0);
+ XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve);
+
+ /* Find final 1/Z value. */
+ uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */
+ uECC_vli_modMult_fast(z, z, Ry[1 - nb], curve); /* Yb * (X1 - X0) */
+ uECC_vli_modMult_fast(z, z, point, curve); /* xP * Yb * (X1 - X0) */
+ uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0))*/
+ /* yP / (xP * Yb * (X1 - X0)) */
+ uECC_vli_modMult_fast(z, z, point + num_words, curve);
+ /* Xb * yP / (xP * Yb * (X1 - X0)) */
+ uECC_vli_modMult_fast(z, z, Rx[1 - nb], curve);
+ /* End 1/Z calculation */
+
+ XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve);
+ apply_z(Rx[0], Ry[0], z, curve);
+
+ uECC_vli_set(result, Rx[0], num_words);
+ uECC_vli_set(result + num_words, Ry[0], num_words);
+}
+
+uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0,
+ uECC_word_t *k1, uECC_Curve curve)
{
- int32_t i;
- uint32_t bit;
- EccPointJacobi p_point_jacobi, p_tmp;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
- EccPoint_fromAffine(p_result, p_point);
- EccPoint_fromAffine(&p_point_jacobi, p_point);
+ bitcount_t num_n_bits = curve->num_n_bits;
- for (i = vli_numBits(p_scalar) - 2; i >= 0; i--) {
- EccPoint_double(p_result);
- EccPointJacobi_set(&p_tmp, p_result);
- EccPoint_add(&p_tmp, &p_point_jacobi);
- bit = vli_testBit(p_scalar, i);
- vli_cond_set(p_result->X, p_tmp.X, p_result->X, bit);
- vli_cond_set(p_result->Y, p_tmp.Y, p_result->Y, bit);
- vli_cond_set(p_result->Z, p_tmp.Z, p_result->Z, bit);
+ uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) ||
+ (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) &&
+ uECC_vli_testBit(k0, num_n_bits));
+
+ uECC_vli_add(k1, k0, curve->n, num_n_words);
+
+ return carry;
+}
+
+uECC_word_t EccPoint_compute_public_key(uECC_word_t *result,
+ uECC_word_t *private_key,
+ uECC_Curve curve)
+{
+
+ uECC_word_t tmp1[NUM_ECC_WORDS];
+ uECC_word_t tmp2[NUM_ECC_WORDS];
+ uECC_word_t *p2[2] = {tmp1, tmp2};
+ uECC_word_t carry;
+
+ /* Regularize the bitcount for the private key so that attackers cannot
+ * use a side channel attack to learn the number of leading zeros. */
+ carry = regularize_k(private_key, tmp1, tmp2, curve);
+
+ EccPoint_mult(result, curve->G, p2[!carry], 0, curve->num_n_bits + 1, curve);
+
+ if (EccPoint_isZero(result, curve)) {
+ return 0;
+ }
+ return 1;
+}
+
+/* Converts an integer in uECC native format to big-endian bytes. */
+void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes,
+ const unsigned int *native)
+{
+ wordcount_t i;
+ for (i = 0; i < num_bytes; ++i) {
+ unsigned b = num_bytes - 1 - i;
+ bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE));
}
}
-/* Ellptic curve scalar multiplication with result in Jacobi coordinates */
-/* p_result = p_scalar * p_point */
-void EccPoint_mult_unsafe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)
+/* Converts big-endian bytes to an integer in uECC native format. */
+void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes,
+ int num_bytes)
{
- int i;
- EccPointJacobi p_point_jacobi;
- EccPoint_fromAffine(p_result, p_point);
- EccPoint_fromAffine(&p_point_jacobi, p_point);
-
- for(i = vli_numBits(p_scalar) - 2; i >= 0; i--)
- {
- EccPoint_double(p_result);
- if (vli_testBit(p_scalar, i))
- {
- EccPoint_add(p_result, &p_point_jacobi);
- }
- }
+ wordcount_t i;
+ uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE);
+ for (i = 0; i < num_bytes; ++i) {
+ unsigned b = num_bytes - 1 - i;
+ native[b / uECC_WORD_SIZE] |=
+ (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE));
+ }
}
-/* -------- Conversions between big endian and little endian: -------- */
-
-void ecc_bytes2native(uint32_t p_native[NUM_ECC_DIGITS],
- uint8_t p_bytes[NUM_ECC_DIGITS * 4])
+int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
+ wordcount_t num_words)
{
+ uECC_word_t mask = (uECC_word_t)-1;
+ uECC_word_t tries;
+ bitcount_t num_bits = uECC_vli_numBits(top, num_words);
- uint32_t i;
-
- for (i = 0; i < NUM_ECC_DIGITS; ++i) {
- uint8_t *p_digit = p_bytes + 4 * (NUM_ECC_DIGITS - 1 - i);
-
- p_native[i] = ((uint32_t)p_digit[0] << 24) |
- ((uint32_t)p_digit[1] << 16) |
- ((uint32_t)p_digit[2] << 8) |
- (uint32_t)p_digit[3];
+ if (!g_rng_function) {
+ return 0;
}
+
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) {
+ return 0;
+ }
+ random[num_words - 1] &=
+ mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits));
+ if (!uECC_vli_isZero(random, num_words) &&
+ uECC_vli_cmp(top, random, num_words) == 1) {
+ return 1;
+ }
+ }
+ return 0;
}
-void ecc_native2bytes(uint8_t p_bytes[NUM_ECC_DIGITS * 4],
- uint32_t p_native[NUM_ECC_DIGITS])
+
+int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve)
+{
+ uECC_word_t tmp1[NUM_ECC_WORDS];
+ uECC_word_t tmp2[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ /* The point at infinity is invalid. */
+ if (EccPoint_isZero(point, curve)) {
+ return -1;
+ }
+
+ /* x and y must be smaller than p. */
+ if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 ||
+ uECC_vli_cmp_unsafe(curve->p, point + num_words, num_words) != 1) {
+ return -2;
+ }
+
+ uECC_vli_modSquare_fast(tmp1, point + num_words, curve);
+ curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */
+
+ /* Make sure that y^2 == x^3 + ax + b */
+ if (uECC_vli_equal(tmp1, tmp2, num_words) != 0)
+ return -3;
+
+ return 0;
+}
+
+int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve)
{
- uint32_t i;
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
- for (i = 0; i < NUM_ECC_DIGITS; ++i) {
- uint8_t *p_digit = p_bytes + 4 * (NUM_ECC_DIGITS - 1 - i);
+ uECC_vli_bytesToNative(_public, public_key, curve->num_bytes);
+ uECC_vli_bytesToNative(
+ _public + curve->num_words,
+ public_key + curve->num_bytes,
+ curve->num_bytes);
- p_digit[0] = p_native[i] >> 24;
- p_digit[1] = p_native[i] >> 16;
- p_digit[2] = p_native[i] >> 8;
- p_digit[3] = p_native[i];
+ if (uECC_vli_cmp_unsafe(_public, curve->G, NUM_ECC_WORDS * 2) == 0) {
+ return -4;
}
+
+ return uECC_valid_point(_public, curve);
}
+int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key,
+ uECC_Curve curve)
+{
+
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+
+ uECC_vli_bytesToNative(
+ _private,
+ private_key,
+ BITS_TO_BYTES(curve->num_n_bits));
+
+ /* Make sure the private key is in the range [1, n-1]. */
+ if (uECC_vli_isZero(_private, BITS_TO_WORDS(curve->num_n_bits))) {
+ return 0;
+ }
+
+ if (uECC_vli_cmp(curve->n, _private, BITS_TO_WORDS(curve->num_n_bits)) != 1) {
+ return 0;
+ }
+
+ /* Compute public key. */
+ if (!EccPoint_compute_public_key(_public, _private, curve)) {
+ return 0;
+ }
+
+ uECC_vli_nativeToBytes(public_key, curve->num_bytes, _public);
+ uECC_vli_nativeToBytes(
+ public_key +
+ curve->num_bytes, curve->num_bytes, _public + curve->num_words);
+ return 1;
+}
+
+
+
diff --git a/ext/tinycrypt/lib/source/ecc_dh.c b/ext/tinycrypt/lib/source/ecc_dh.c
index c2ab414..e5257d2 100644
--- a/ext/tinycrypt/lib/source/ecc_dh.c
+++ b/ext/tinycrypt/lib/source/ecc_dh.c
@@ -1,7 +1,32 @@
/* ec_dh.c - TinyCrypt implementation of EC-DH */
+/*
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -31,102 +56,145 @@
*/
#include <tinycrypt/constants.h>
#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dh.h>
+#include <string.h>
-extern uint32_t curve_p[NUM_ECC_DIGITS];
-extern uint32_t curve_b[NUM_ECC_DIGITS];
-extern uint32_t curve_n[NUM_ECC_DIGITS];
-extern uint32_t curve_pb[NUM_ECC_DIGITS + 1];
-extern EccPoint curve_G;
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
-int32_t ecc_make_key(EccPoint *p_publicKey, uint32_t p_privateKey[NUM_ECC_DIGITS],
- uint32_t p_random[NUM_ECC_DIGITS * 2])
-{
- // computing modular reduction of p_random (see FIPS 186.4 B.4.1):
- vli_mmod_barrett(p_privateKey, p_random, curve_p, curve_pb);
-
- /* Make sure the private key is in the range [1, n-1].
- * For the supported curve, n is always large enough
- * that we only need to subtract once at most.
- */
- uint32_t p_tmp[NUM_ECC_DIGITS];
- vli_sub(p_tmp, p_privateKey, curve_n, NUM_ECC_DIGITS);
-
- vli_cond_set(p_privateKey, p_privateKey, p_tmp,
- vli_cmp(curve_n, p_privateKey, NUM_ECC_DIGITS) == 1);
-
- /* erasing temporary buffer used to store secret: */
- for (uint32_t i = 0; i < NUM_ECC_DIGITS; i++)
- p_tmp[i] = 0;
-
- if (vli_isZero(p_privateKey)) {
- return TC_CRYPTO_FAIL; /* The private key cannot be 0 (mod p). */
- }
-
- EccPointJacobi P;
-
- EccPoint_mult_safe(&P, &curve_G, p_privateKey);
- EccPoint_toAffine(p_publicKey, &P);
-
- return TC_CRYPTO_SUCCESS;
-}
-
-/* Compute p_result = x^3 - 3x + b */
-static void curve_x_side(uint32_t p_result[NUM_ECC_DIGITS],
- uint32_t x[NUM_ECC_DIGITS])
+int uECC_make_key_with_d(uint8_t *public_key, uint8_t *private_key,
+ unsigned int *d, uECC_Curve curve)
{
- uint32_t _3[NUM_ECC_DIGITS] = {3}; /* -a = 3 */
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
- vli_modSquare_fast(p_result, x); /* r = x^2 */
- vli_modSub(p_result, p_result, _3, curve_p); /* r = x^2 - 3 */
- vli_modMult_fast(p_result, p_result, x); /* r = x^3 - 3x */
- vli_modAdd(p_result, p_result, curve_b, curve_p); /* r = x^3 - 3x + b */
+ /* This function is designed for test purposes-only (such as validating NIST
+ * test vectors) as it uses a provided value for d instead of generating
+ * it uniformly at random. */
+ memcpy (_private, d, NUM_ECC_BYTES);
-}
+ /* Computing public-key from private: */
+ if (EccPoint_compute_public_key(_public, _private, curve)) {
-int32_t ecc_valid_public_key(EccPoint *p_publicKey)
-{
- uint32_t l_tmp1[NUM_ECC_DIGITS];
- uint32_t l_tmp2[NUM_ECC_DIGITS];
+ /* Converting buffers to correct bit order: */
+ uECC_vli_nativeToBytes(private_key,
+ BITS_TO_BYTES(curve->num_n_bits),
+ _private);
+ uECC_vli_nativeToBytes(public_key,
+ curve->num_bytes,
+ _public);
+ uECC_vli_nativeToBytes(public_key + curve->num_bytes,
+ curve->num_bytes,
+ _public + curve->num_words);
- if (EccPoint_isZero(p_publicKey)) {
- return -1;
+ /* erasing temporary buffer used to store secret: */
+ memset(_private, 0, NUM_ECC_BYTES);
+
+ return 1;
}
-
- if ((vli_cmp(curve_p, p_publicKey->x, NUM_ECC_DIGITS) != 1) ||
- (vli_cmp(curve_p, p_publicKey->y, NUM_ECC_DIGITS) != 1)) {
- return -2;
- }
-
- vli_modSquare_fast(l_tmp1, p_publicKey->y); /* tmp1 = y^2 */
-
- curve_x_side(l_tmp2, p_publicKey->x); /* tmp2 = x^3 - 3x + b */
-
- /* Make sure that y^2 == x^3 + ax + b */
- if (vli_cmp(l_tmp1, l_tmp2, NUM_ECC_DIGITS) != 0) {
- return -3;
- }
-
- if (vli_cmp(p_publicKey->x, curve_G.x, NUM_ECC_DIGITS) == 0 &&
- vli_cmp(p_publicKey->y, curve_G.y, NUM_ECC_DIGITS) == 0 )
- return -4;
-
return 0;
}
-int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS],
- EccPoint *p_publicKey, uint32_t p_privateKey[NUM_ECC_DIGITS])
+int uECC_make_key(uint8_t *public_key, uint8_t *private_key, uECC_Curve curve)
{
- EccPoint p_point;
- EccPointJacobi P;
+ uECC_word_t _random[NUM_ECC_WORDS * 2];
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t tries;
- EccPoint_mult_safe(&P, p_publicKey, p_privateKey);
- if (EccPointJacobi_isZero(&P)) {
- return TC_CRYPTO_FAIL;
- }
- EccPoint_toAffine(&p_point, &P);
- vli_set(p_secret, p_point.x);
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ /* Generating _private uniformly at random: */
+ uECC_RNG_Function rng_function = uECC_get_rng();
+ if (!rng_function ||
+ !rng_function((uint8_t *)_random, 2 * NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+ return 0;
+ }
- return TC_CRYPTO_SUCCESS;
+ /* computing modular reduction of _random (see FIPS 186.4 B.4.1): */
+ uECC_vli_mmod(_private, _random, curve->n, BITS_TO_WORDS(curve->num_n_bits));
+
+ /* Computing public-key from private: */
+ if (EccPoint_compute_public_key(_public, _private, curve)) {
+
+ /* Converting buffers to correct bit order: */
+ uECC_vli_nativeToBytes(private_key,
+ BITS_TO_BYTES(curve->num_n_bits),
+ _private);
+ uECC_vli_nativeToBytes(public_key,
+ curve->num_bytes,
+ _public);
+ uECC_vli_nativeToBytes(public_key + curve->num_bytes,
+ curve->num_bytes,
+ _public + curve->num_words);
+
+ /* erasing temporary buffer that stored secret: */
+ memset(_private, 0, NUM_ECC_BYTES);
+
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
+ uint8_t *secret, uECC_Curve curve)
+{
+
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t _private[NUM_ECC_WORDS];
+
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t *p2[2] = {_private, tmp};
+ uECC_word_t *initial_Z = 0;
+ uECC_word_t carry;
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_bytes = curve->num_bytes;
+ int r;
+
+ /* Converting buffers to correct bit order: */
+ uECC_vli_bytesToNative(_private,
+ private_key,
+ BITS_TO_BYTES(curve->num_n_bits));
+ uECC_vli_bytesToNative(_public,
+ public_key,
+ num_bytes);
+ uECC_vli_bytesToNative(_public + num_words,
+ public_key + num_bytes,
+ num_bytes);
+
+ /* Regularize the bitcount for the private key so that attackers cannot use a
+ * side channel attack to learn the number of leading zeros. */
+ carry = regularize_k(_private, _private, tmp, curve);
+
+ /* If an RNG function was specified, try to get a random initial Z value to
+ * improve protection against side-channel attacks. */
+ if (g_rng_function) {
+ if (!uECC_generate_random_int(p2[carry], curve->p, num_words)) {
+ r = 0;
+ goto clear_and_out;
+ }
+ initial_Z = p2[carry];
+ }
+
+ EccPoint_mult(_public, _public, p2[!carry], initial_Z, curve->num_n_bits + 1,
+ curve);
+
+ uECC_vli_nativeToBytes(secret, num_bytes, _public);
+ r = !EccPoint_isZero(_public, curve);
+
+clear_and_out:
+ /* erasing temporary buffer used to store secret: */
+ memset(p2, 0, sizeof(p2));
+ __asm__ __volatile__("" :: "g"(p2) : "memory");
+ memset(tmp, 0, sizeof(tmp));
+ __asm__ __volatile__("" :: "g"(tmp) : "memory");
+ memset(_private, 0, sizeof(_private));
+ __asm__ __volatile__("" :: "g"(_private) : "memory");
+
+ return r;
}
diff --git a/ext/tinycrypt/lib/source/ecc_dsa.c b/ext/tinycrypt/lib/source/ecc_dsa.c
index dd84a18..064dfe5 100644
--- a/ext/tinycrypt/lib/source/ecc_dsa.c
+++ b/ext/tinycrypt/lib/source/ecc_dsa.c
@@ -1,7 +1,30 @@
/* ec_dsa.c - TinyCrypt implementation of EC-DSA */
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -32,84 +55,241 @@
#include <tinycrypt/constants.h>
#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dsa.h>
-extern uint32_t curve_n[NUM_ECC_DIGITS];
-extern EccPoint curve_G;
-extern uint32_t curve_nb[NUM_ECC_DIGITS + 1];
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
-int32_t ecdsa_sign(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
- uint32_t p_privateKey[NUM_ECC_DIGITS], uint32_t p_random[NUM_ECC_DIGITS],
- uint32_t p_hash[NUM_ECC_DIGITS])
+static void bits2int(uECC_word_t *native, const uint8_t *bits,
+ unsigned bits_size, uECC_Curve curve)
{
+ unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits);
+ unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ int shift;
+ uECC_word_t carry;
+ uECC_word_t *ptr;
- uint32_t k[NUM_ECC_DIGITS], tmp[NUM_ECC_DIGITS];
- EccPoint p_point;
- EccPointJacobi P;
-
- if (vli_isZero(p_random)) {
- return TC_CRYPTO_FAIL; /* The random number must not be 0. */
+ if (bits_size > num_n_bytes) {
+ bits_size = num_n_bytes;
}
- vli_set(k, p_random);
-
- vli_sub(tmp, k, curve_n, NUM_ECC_DIGITS);
- vli_cond_set(k, k, tmp, vli_cmp(curve_n, k, NUM_ECC_DIGITS) == 1);
-
- /* tmp = k * G */
- EccPoint_mult_safe(&P, &curve_G, k);
- EccPoint_toAffine(&p_point, &P);
-
- /* r = x1 (mod n) */
- vli_set(r, p_point.x);
- if (vli_cmp(curve_n, r, NUM_ECC_DIGITS) != 1) {
- vli_sub(r, r, curve_n, NUM_ECC_DIGITS);
+ uECC_vli_clear(native, num_n_words);
+ uECC_vli_bytesToNative(native, bits, bits_size);
+ if (bits_size * 8 <= (unsigned)curve->num_n_bits) {
+ return;
+ }
+ shift = bits_size * 8 - curve->num_n_bits;
+ carry = 0;
+ ptr = native + num_n_words;
+ while (ptr-- > native) {
+ uECC_word_t temp = *ptr;
+ *ptr = (temp >> shift) | carry;
+ carry = temp << (uECC_WORD_BITS - shift);
}
- if (vli_isZero(r)) {
- return TC_CRYPTO_FAIL; /* If r == 0, fail (need a different random number). */
+ /* Reduce mod curve_n */
+ if (uECC_vli_cmp_unsafe(curve->n, native, num_n_words) != 1) {
+ uECC_vli_sub(native, native, curve->n, num_n_words);
}
-
- vli_modMult(s, r, p_privateKey, curve_n, curve_nb); /* s = r*d */
- vli_modAdd(s, p_hash, s, curve_n); /* s = e + r*d */
- vli_modInv(k, k, curve_n, curve_nb); /* k = 1 / k */
- vli_modMult(s, s, k, curve_n, curve_nb); /* s = (e + r*d) / k */
-
- return TC_CRYPTO_SUCCESS;
}
-int32_t ecdsa_verify(EccPoint *p_publicKey, uint32_t p_hash[NUM_ECC_DIGITS],
- uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS])
+int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned hash_size, uECC_word_t *k, uint8_t *signature,
+ uECC_Curve curve)
{
- uint32_t u1[NUM_ECC_DIGITS], u2[NUM_ECC_DIGITS];
- uint32_t z[NUM_ECC_DIGITS];
- EccPointJacobi P, R;
- EccPoint p_point;
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t s[NUM_ECC_WORDS];
+ uECC_word_t *k2[2] = {tmp, s};
+ uECC_word_t p[NUM_ECC_WORDS * 2];
+ uECC_word_t carry;
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
- if (vli_isZero(r) || vli_isZero(s)) {
- return TC_CRYPTO_FAIL; /* r, s must not be 0. */
+ /* Make sure 0 < k < curve_n */
+ if (uECC_vli_isZero(k, num_words) ||
+ uECC_vli_cmp(curve->n, k, num_n_words) != 1) {
+ return 0;
}
- if ((vli_cmp(curve_n, r, NUM_ECC_DIGITS) != 1) ||
- (vli_cmp(curve_n, s, NUM_ECC_DIGITS) != 1)) {
- return TC_CRYPTO_FAIL; /* r, s must be < n. */
+ carry = regularize_k(k, tmp, s, curve);
+ EccPoint_mult(p, curve->G, k2[!carry], 0, num_n_bits + 1, curve);
+ if (uECC_vli_isZero(p, num_words)) {
+ return 0;
+ }
+
+ /* If an RNG function was specified, get a random number
+ to prevent side channel analysis of k. */
+ if (!g_rng_function) {
+ uECC_vli_clear(tmp, num_n_words);
+ tmp[0] = 1;
+ }
+ else if (!uECC_generate_random_int(tmp, curve->n, num_n_words)) {
+ return 0;
+ }
+
+ /* Prevent side channel analysis of uECC_vli_modInv() to determine
+ bits of k / the private key by premultiplying by a random number */
+ uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k' = rand * k */
+ uECC_vli_modInv(k, k, curve->n, num_n_words); /* k = 1 / k' */
+ uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k = 1 / k */
+
+ uECC_vli_nativeToBytes(signature, curve->num_bytes, p); /* store r */
+
+ /* tmp = d: */
+ uECC_vli_bytesToNative(tmp, private_key, BITS_TO_BYTES(curve->num_n_bits));
+
+ s[num_n_words - 1] = 0;
+ uECC_vli_set(s, p, num_words);
+ uECC_vli_modMult(s, tmp, s, curve->n, num_n_words); /* s = r*d */
+
+ bits2int(tmp, message_hash, hash_size, curve);
+ uECC_vli_modAdd(s, tmp, s, curve->n, num_n_words); /* s = e + r*d */
+ uECC_vli_modMult(s, s, k, curve->n, num_n_words); /* s = (e + r*d) / k */
+ if (uECC_vli_numBits(s, num_n_words) > (bitcount_t)curve->num_bytes * 8) {
+ return 0;
+ }
+
+ uECC_vli_nativeToBytes(signature + curve->num_bytes, curve->num_bytes, s);
+ return 1;
+}
+
+int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned hash_size, uint8_t *signature, uECC_Curve curve)
+{
+ uECC_word_t _random[2*NUM_ECC_WORDS];
+ uECC_word_t k[NUM_ECC_WORDS];
+ uECC_word_t tries;
+
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ /* Generating _random uniformly at random: */
+ uECC_RNG_Function rng_function = uECC_get_rng();
+ if (!rng_function ||
+ !rng_function((uint8_t *)_random, 2*NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+ return 0;
+ }
+
+ // computing k as modular reduction of _random (see FIPS 186.4 B.5.1):
+ uECC_vli_mmod(k, _random, curve->n, BITS_TO_WORDS(curve->num_n_bits));
+
+ if (uECC_sign_with_k(private_key, message_hash, hash_size, k, signature,
+ curve)) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static bitcount_t smax(bitcount_t a, bitcount_t b)
+{
+ return (a > b ? a : b);
+}
+
+int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
+ unsigned hash_size, const uint8_t *signature,
+ uECC_Curve curve)
+{
+
+ uECC_word_t u1[NUM_ECC_WORDS], u2[NUM_ECC_WORDS];
+ uECC_word_t z[NUM_ECC_WORDS];
+ uECC_word_t sum[NUM_ECC_WORDS * 2];
+ uECC_word_t rx[NUM_ECC_WORDS];
+ uECC_word_t ry[NUM_ECC_WORDS];
+ uECC_word_t tx[NUM_ECC_WORDS];
+ uECC_word_t ty[NUM_ECC_WORDS];
+ uECC_word_t tz[NUM_ECC_WORDS];
+ const uECC_word_t *points[4];
+ const uECC_word_t *point;
+ bitcount_t num_bits;
+ bitcount_t i;
+
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+
+ rx[num_n_words - 1] = 0;
+ r[num_n_words - 1] = 0;
+ s[num_n_words - 1] = 0;
+
+ uECC_vli_bytesToNative(_public, public_key, curve->num_bytes);
+ uECC_vli_bytesToNative(_public + num_words, public_key + curve->num_bytes,
+ curve->num_bytes);
+ uECC_vli_bytesToNative(r, signature, curve->num_bytes);
+ uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes);
+
+ /* r, s must not be 0. */
+ if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) {
+ return 0;
+ }
+
+ /* r, s must be < n. */
+ if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 ||
+ uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) {
+ return 0;
}
/* Calculate u1 and u2. */
- vli_modInv(z, s, curve_n, curve_nb); /* Z = s^-1 */
- vli_modMult(u1, p_hash, z, curve_n, curve_nb); /* u1 = e/s */
- vli_modMult(u2, r, z, curve_n, curve_nb); /* u2 = r/s */
+ uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */
+ u1[num_n_words - 1] = 0;
+ bits2int(u1, message_hash, hash_size, curve);
+ uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); /* u1 = e/s */
+ uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */
- /* calculate P = u1*G + u2*Q */
- EccPoint_mult_unsafe(&P, &curve_G, u1);
- EccPoint_mult_unsafe(&R, p_publicKey, u2);
- EccPoint_add(&P, &R);
- EccPoint_toAffine(&p_point, &P);
+ /* Calculate sum = G + Q. */
+ uECC_vli_set(sum, _public, num_words);
+ uECC_vli_set(sum + num_words, _public + num_words, num_words);
+ uECC_vli_set(tx, curve->G, num_words);
+ uECC_vli_set(ty, curve->G + num_words, num_words);
+ uECC_vli_modSub(z, sum, tx, curve->p, num_words); /* z = x2 - x1 */
+ XYcZ_add(tx, ty, sum, sum + num_words, curve);
+ uECC_vli_modInv(z, z, curve->p, num_words); /* z = 1/z */
+ apply_z(sum, sum + num_words, z, curve);
- /* Accept only if P.x == r. */
- if (!vli_sub(z, p_point.x, curve_n, NUM_ECC_DIGITS)) {
- vli_set(p_point.x, z);
+ /* Use Shamir's trick to calculate u1*G + u2*Q */
+ points[0] = 0;
+ points[1] = curve->G;
+ points[2] = _public;
+ points[3] = sum;
+ num_bits = smax(uECC_vli_numBits(u1, num_n_words),
+ uECC_vli_numBits(u2, num_n_words));
+
+ point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) |
+ ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)];
+ uECC_vli_set(rx, point, num_words);
+ uECC_vli_set(ry, point + num_words, num_words);
+ uECC_vli_clear(z, num_words);
+ z[0] = 1;
+
+ for (i = num_bits - 2; i >= 0; --i) {
+ uECC_word_t index;
+ curve->double_jacobian(rx, ry, z, curve);
+
+ index = (!!uECC_vli_testBit(u1, i)) | ((!!uECC_vli_testBit(u2, i)) << 1);
+ point = points[index];
+ if (point) {
+ uECC_vli_set(tx, point, num_words);
+ uECC_vli_set(ty, point + num_words, num_words);
+ apply_z(tx, ty, z, curve);
+ uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */
+ XYcZ_add(tx, ty, rx, ry, curve);
+ uECC_vli_modMult_fast(z, z, tz, curve);
+ }
+ }
+
+ uECC_vli_modInv(z, z, curve->p, num_words); /* Z = 1/Z */
+ apply_z(rx, ry, z, curve);
+
+ /* v = x1 (mod n) */
+ if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) {
+ uECC_vli_sub(rx, rx, curve->n, num_n_words);
}
- return (vli_cmp(p_point.x, r, NUM_ECC_DIGITS) == 0);
+ /* Accept only if v == r. */
+ return (int)(uECC_vli_equal(rx, r, num_words) == 0);
}
+
diff --git a/ext/tinycrypt/lib/source/ecc_platform_specific.c b/ext/tinycrypt/lib/source/ecc_platform_specific.c
new file mode 100644
index 0000000..1867988
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ecc_platform_specific.c
@@ -0,0 +1,105 @@
+/* uECC_platform_specific.c - Implementation of platform specific functions*/
+
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * uECC_platform_specific.c -- Implementation of platform specific functions
+ */
+
+
+#if defined(unix) || defined(__linux__) || defined(__unix__) || \
+ defined(__unix) | (defined(__APPLE__) && defined(__MACH__)) || \
+ defined(uECC_POSIX)
+
+/* Some POSIX-like system with /dev/urandom or /dev/random. */
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <stdint.h>
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+int default_CSPRNG(uint8_t *dest, unsigned int size) {
+
+ /* input sanity check: */
+ if (dest == (uint8_t *) 0 || (size <= 0))
+ return 0;
+
+ int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
+ if (fd == -1) {
+ fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
+ if (fd == -1) {
+ return 0;
+ }
+ }
+
+ char *ptr = (char *)dest;
+ size_t left = (size_t) size;
+ while (left > 0) {
+ ssize_t bytes_read = read(fd, ptr, left);
+ if (bytes_read <= 0) { // read failed
+ close(fd);
+ return 0;
+ }
+ left -= bytes_read;
+ ptr += bytes_read;
+ }
+
+ close(fd);
+ return 1;
+}
+
+#endif /* platform */
+
diff --git a/ext/tinycrypt/lib/source/hmac.c b/ext/tinycrypt/lib/source/hmac.c
index e256846..89878ce 100644
--- a/ext/tinycrypt/lib/source/hmac.c
+++ b/ext/tinycrypt/lib/source/hmac.c
@@ -1,7 +1,7 @@
/* hmac.c - TinyCrypt implementation of the HMAC algorithm */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,11 +34,11 @@
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
-static void rekey(uint8_t *key, const uint8_t *new_key, uint32_t key_size)
+static void rekey(uint8_t *key, const uint8_t *new_key, unsigned int key_size)
{
const uint8_t inner_pad = (uint8_t) 0x36;
const uint8_t outer_pad = (uint8_t) 0x5c;
- uint32_t i;
+ unsigned int i;
for (i = 0; i < key_size; ++i) {
key[i] = inner_pad ^ new_key[i];
@@ -49,10 +49,10 @@
}
}
-int32_t tc_hmac_set_key(TCHmacState_t ctx,
- const uint8_t *key,
- uint32_t key_size)
+int tc_hmac_set_key(TCHmacState_t ctx, const uint8_t *key,
+ unsigned int key_size)
{
+
/* input sanity check: */
if (ctx == (TCHmacState_t) 0 ||
key == (const uint8_t *) 0 ||
@@ -93,25 +93,25 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_hmac_init(TCHmacState_t ctx)
+int tc_hmac_init(TCHmacState_t ctx)
{
+
/* input sanity check: */
if (ctx == (TCHmacState_t) 0) {
return TC_CRYPTO_FAIL;
}
- (void)tc_sha256_init(&ctx->hash_state);
- (void)tc_sha256_update(&ctx->hash_state,
- ctx->key,
- TC_SHA256_BLOCK_SIZE);
+ (void) tc_sha256_init(&ctx->hash_state);
+ (void) tc_sha256_update(&ctx->hash_state, ctx->key, TC_SHA256_BLOCK_SIZE);
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_hmac_update(TCHmacState_t ctx,
- const void *data,
- uint32_t data_length)
+int tc_hmac_update(TCHmacState_t ctx,
+ const void *data,
+ unsigned int data_length)
{
+
/* input sanity check: */
if (ctx == (TCHmacState_t) 0) {
return TC_CRYPTO_FAIL;
@@ -122,8 +122,9 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_hmac_final(uint8_t *tag, uint32_t taglen, TCHmacState_t ctx)
+int tc_hmac_final(uint8_t *tag, unsigned int taglen, TCHmacState_t ctx)
{
+
/* input sanity check: */
if (tag == (uint8_t *) 0 ||
taglen != TC_SHA256_DIGEST_SIZE ||
diff --git a/ext/tinycrypt/lib/source/hmac_prng.c b/ext/tinycrypt/lib/source/hmac_prng.c
index ceac27f..68b5b1f 100644
--- a/ext/tinycrypt/lib/source/hmac_prng.c
+++ b/ext/tinycrypt/lib/source/hmac_prng.c
@@ -1,7 +1,7 @@
/* hmac_prng.c - TinyCrypt implementation of HMAC-PRNG */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -39,43 +39,43 @@
* min bytes in the seed string.
* MIN_SLEN*8 must be at least the expected security level.
*/
-static const uint32_t MIN_SLEN = 32;
+static const unsigned int MIN_SLEN = 32;
/*
* max bytes in the seed string;
* SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
*/
-static const uint32_t MAX_SLEN = UINT32_MAX;
+static const unsigned int MAX_SLEN = UINT32_MAX;
/*
* max bytes in the personalization string;
* SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
*/
-static const uint32_t MAX_PLEN = UINT32_MAX;
+static const unsigned int MAX_PLEN = UINT32_MAX;
/*
* max bytes in the additional_info string;
* SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
*/
-static const uint32_t MAX_ALEN = UINT32_MAX;
+static const unsigned int MAX_ALEN = UINT32_MAX;
/*
* max number of generates between re-seeds;
* TinyCrypt accepts up to (2^32 - 1) which is the maximal value of
- * a uint32_t variable, while SP800-90A specifies a maximum of 2^48.
+ * a 32-bit unsigned int variable, while SP800-90A specifies a maximum of 2^48.
*/
-static const uint32_t MAX_GENS = UINT32_MAX;
+static const unsigned int MAX_GENS = UINT32_MAX;
/*
* maximum bytes per generate call;
* SP800-90A specifies a maximum up to 2^19.
*/
-static const uint32_t MAX_OUT = (1 << 19);
+static const unsigned int MAX_OUT = (1 << 19);
/*
* Assumes: prng != NULL, e != NULL, len >= 0.
*/
-static void update(TCHmacPrng_t prng, const uint8_t *e, uint32_t len)
+static void update(TCHmacPrng_t prng, const uint8_t *e, unsigned int len)
{
const uint8_t separator0 = 0x00;
const uint8_t separator1 = 0x01;
@@ -109,10 +109,11 @@
(void)tc_hmac_final(prng->v, sizeof(prng->v), &prng->h);
}
-int32_t tc_hmac_prng_init(TCHmacPrng_t prng,
- const uint8_t *personalization,
- uint32_t plen)
+int tc_hmac_prng_init(TCHmacPrng_t prng,
+ const uint8_t *personalization,
+ unsigned int plen)
{
+
/* input sanity check: */
if (prng == (TCHmacPrng_t) 0 ||
personalization == (uint8_t *) 0 ||
@@ -134,12 +135,13 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_hmac_prng_reseed(TCHmacPrng_t prng,
- const uint8_t *seed,
- uint32_t seedlen,
- const uint8_t *additional_input,
- uint32_t additionallen)
+int tc_hmac_prng_reseed(TCHmacPrng_t prng,
+ const uint8_t *seed,
+ unsigned int seedlen,
+ const uint8_t *additional_input,
+ unsigned int additionallen)
{
+
/* input sanity check: */
if (prng == (TCHmacPrng_t) 0 ||
seed == (const uint8_t *) 0 ||
@@ -172,9 +174,9 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_hmac_prng_generate(uint8_t *out, uint32_t outlen, TCHmacPrng_t prng)
+int tc_hmac_prng_generate(uint8_t *out, unsigned int outlen, TCHmacPrng_t prng)
{
- uint32_t bufferlen;
+ unsigned int bufferlen;
/* input sanity check: */
if (out == (uint8_t *) 0 ||
diff --git a/ext/tinycrypt/lib/source/sha256.c b/ext/tinycrypt/lib/source/sha256.c
index c27d3e1..b4efd20 100644
--- a/ext/tinycrypt/lib/source/sha256.c
+++ b/ext/tinycrypt/lib/source/sha256.c
@@ -1,7 +1,7 @@
/* sha256.c - TinyCrypt SHA-256 crypto hash algorithm implementation */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,9 +34,9 @@
#include <tinycrypt/constants.h>
#include <tinycrypt/utils.h>
-static void compress(uint32_t *iv, const uint8_t *data);
+static void compress(unsigned int *iv, const uint8_t *data);
-int32_t tc_sha256_init(TCSha256State_t s)
+int tc_sha256_init(TCSha256State_t s)
{
/* input sanity check: */
if (s == (TCSha256State_t) 0) {
@@ -62,7 +62,7 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_sha256_update(TCSha256State_t s, const uint8_t *data, size_t datalen)
+int tc_sha256_update(TCSha256State_t s, const uint8_t *data, size_t datalen)
{
/* input sanity check: */
if (s == (TCSha256State_t) 0 ||
@@ -84,9 +84,9 @@
return TC_CRYPTO_SUCCESS;
}
-int32_t tc_sha256_final(uint8_t *digest, TCSha256State_t s)
+int tc_sha256_final(uint8_t *digest, TCSha256State_t s)
{
- uint32_t i;
+ unsigned int i;
/* input sanity check: */
if (digest == (uint8_t *) 0 ||
@@ -122,7 +122,7 @@
/* copy the iv out to digest */
for (i = 0; i < TC_SHA256_STATE_BLOCKS; ++i) {
- uint32_t t = *((uint32_t *) &s->iv[i]);
+ unsigned int t = *((unsigned int *) &s->iv[i]);
*digest++ = (uint8_t)(t >> 24);
*digest++ = (uint8_t)(t >> 16);
*digest++ = (uint8_t)(t >> 8);
@@ -140,7 +140,7 @@
* These values correspond to the first 32 bits of the fractional parts of the
* cube roots of the first 64 primes between 2 and 311.
*/
-static const uint32_t k256[64] = {
+static const unsigned int k256[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
@@ -154,7 +154,7 @@
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
-static inline uint32_t ROTR(uint32_t a, uint32_t n)
+static inline unsigned int ROTR(unsigned int a, unsigned int n)
{
return (((a) >> n) | ((a) << (32 - n)));
}
@@ -167,25 +167,25 @@
#define Ch(a, b, c)(((a) & (b)) ^ ((~(a)) & (c)))
#define Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)))
-static inline uint32_t BigEndian(const uint8_t **c)
+static inline unsigned int BigEndian(const uint8_t **c)
{
- uint32_t n = 0;
+ unsigned int n = 0;
- n = (((uint32_t)(*((*c)++))) << 24);
- n |= ((uint32_t)(*((*c)++)) << 16);
- n |= ((uint32_t)(*((*c)++)) << 8);
- n |= ((uint32_t)(*((*c)++)));
+ n = (((unsigned int)(*((*c)++))) << 24);
+ n |= ((unsigned int)(*((*c)++)) << 16);
+ n |= ((unsigned int)(*((*c)++)) << 8);
+ n |= ((unsigned int)(*((*c)++)));
return n;
}
-static void compress(uint32_t *iv, const uint8_t *data)
+static void compress(unsigned int *iv, const uint8_t *data)
{
- uint32_t a, b, c, d, e, f, g, h;
- uint32_t s0, s1;
- uint32_t t1, t2;
- uint32_t work_space[16];
- uint32_t n;
- uint32_t i;
+ unsigned int a, b, c, d, e, f, g, h;
+ unsigned int s0, s1;
+ unsigned int t1, t2;
+ unsigned int work_space[16];
+ unsigned int n;
+ unsigned int i;
a = iv[0]; b = iv[1]; c = iv[2]; d = iv[3];
e = iv[4]; f = iv[5]; g = iv[6]; h = iv[7];
diff --git a/ext/tinycrypt/lib/source/utils.c b/ext/tinycrypt/lib/source/utils.c
index 147d8d4..13cc495 100644
--- a/ext/tinycrypt/lib/source/utils.c
+++ b/ext/tinycrypt/lib/source/utils.c
@@ -1,7 +1,7 @@
/* utils.c - TinyCrypt platform-dependent run-time operations */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -35,11 +35,10 @@
#include <string.h>
-#define MASK_MOST_SIG_BIT 0x80
#define MASK_TWENTY_SEVEN 0x1b
-uint32_t _copy(uint8_t *to, uint32_t to_len,
- const uint8_t *from, uint32_t from_len)
+unsigned int _copy(uint8_t *to, unsigned int to_len,
+ const uint8_t *from, unsigned int from_len)
{
if (from_len <= to_len) {
(void)memcpy(to, from, from_len);
@@ -49,7 +48,7 @@
}
}
-void _set(void *to, uint8_t val, uint32_t len)
+void _set(void *to, uint8_t val, unsigned int len)
{
(void)memset(to, val, len);
}
@@ -62,13 +61,13 @@
return ((a<<1) ^ ((a>>7) * MASK_TWENTY_SEVEN));
}
-int32_t _compare(const uint8_t *a, const uint8_t *b, size_t size)
+int _compare(const uint8_t *a, const uint8_t *b, size_t size)
{
const uint8_t *tempa = a;
const uint8_t *tempb = b;
uint8_t result = 0;
- for (uint32_t i = 0; i < size; i++) {
+ for (unsigned int i = 0; i < size; i++) {
result |= tempa[i] ^ tempb[i];
}
return result;
diff --git a/ext/tinycrypt/tests/Makefile b/ext/tinycrypt/tests/Makefile
index 8067a1d..eff5a88 100644
--- a/ext/tinycrypt/tests/Makefile
+++ b/ext/tinycrypt/tests/Makefile
@@ -1,6 +1,6 @@
################################################################################
#
-# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+# Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
#
# Tests Makefile.
#
@@ -56,11 +56,11 @@
test_sha256$(DOTEXE): test_sha256.o sha256.o utils.o
$(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
-test_ecc_dh$(DOTEXE): test_ecc_dh.o ecc.o ecc_dh.o test_ecc_utils.o
+test_ecc_dh$(DOTEXE): test_ecc_dh.o ecc.o ecc_dh.o test_ecc_utils.o ecc_platform_specific.o
$(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
test_ecc_dsa$(DOTEXE): test_ecc_dsa.o ecc.o utils.o ecc_dh.o \
- ecc_dsa.o sha256.o test_ecc_utils.o
+ ecc_dsa.o sha256.o test_ecc_utils.o ecc_platform_specific.o
$(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
diff --git a/ext/tinycrypt/tests/include/test_ecc_utils.h b/ext/tinycrypt/tests/include/test_ecc_utils.h
index 97c183c..4e29054 100644
--- a/ext/tinycrypt/tests/include/test_ecc_utils.h
+++ b/ext/tinycrypt/tests/include/test_ecc_utils.h
@@ -1,7 +1,30 @@
/* test_ecc_utils.h - TinyCrypt interface to common functions for ECC tests */
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -35,48 +58,43 @@
#ifndef __TEST_ECC_UTILS_H__
#define __TEST_ECC_UTILS_H__
-#include <stdlib.h>
-#include <stdbool.h>
-#include <tinycrypt/constants.h>
-
-EccPoint keygen_vectors(char **d_vec,
- char **qx_vec,
- char **qy_vec,
- int tests,
- bool verbose);
-
-void getRandomBytes(void *p_dest, unsigned p_size);
-
-void string2host(uint32_t *native, const uint8_t *bytes, size_t len);
+#include <tinycrypt/ecc_dh.h>
+#include <tinycrypt/ecc.h>
+#include <test_utils.h>
int hex2int (char hex);
-int hex2bin(
- uint8_t *buf,
- const size_t buflen,
- const char *hex,
- const size_t hexlen);
-void string2scalar(uint32_t * scalar, uint32_t num_word32, char *str);
+/*
+ * Convert hex string to byte string
+ * Return number of bytes written to buf, or 0 on error
+ */
+int hex2bin(uint8_t *buf, const size_t buflen, const char *hex,
+ const size_t hexlen);
-void vli_print(uint32_t *p_vli, unsigned int p_size);
+/*
+ * Convert hex string to zero-padded nanoECC scalar
+ */
+void string2scalar(unsigned int * scalar, unsigned int num_word32, char *str);
-void print_ecc_scalar(
- const char *label,
- const uint32_t * p_vli,
- uint32_t num_word32);
-void check_code(const int num,
- const char *name,
- const int expected,
- const int computed,
- const int verbose);
+void print_ecc_scalar(const char *label, const unsigned int * p_vli,
+ unsigned int num_word32);
-void check_ecc_result(const int num, const char *name,
- const uint32_t *expected,
- const uint32_t *computed,
- const uint32_t num_word32,
- const bool verbose);
+int check_ecc_result(const int num, const char *name,
+ const unsigned int *expected,
+ const unsigned int *computed,
+ const unsigned int num_word32, const bool verbose);
-#endif
+/* Test ecc_make_keys, and also as keygen part of other tests */
+int keygen_vectors(char **d_vec, char **qx_vec, char **qy_vec, int tests, bool verbose);
+
+void vli_print_bytes(uint8_t *vli, unsigned int size);
+
+
+int check_code(const int num, const char *name, const int expected,
+ const int computed, const int verbose);
+
+
+#endif /* __TEST_ECC_UTILS_H__ */
diff --git a/ext/tinycrypt/tests/include/test_utils.h b/ext/tinycrypt/tests/include/test_utils.h
index 5f51511..055f91b 100644
--- a/ext/tinycrypt/tests/include/test_utils.h
+++ b/ext/tinycrypt/tests/include/test_utils.h
@@ -1,7 +1,7 @@
/* test_utils.h - TinyCrypt interface to common functions for tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -83,18 +83,19 @@
"PROJECT EXECUTION %s\n", \
result == TC_PASS ? "SUCCESSFUL" : "FAILED"); \
} while (0)
+
static inline void show_str(const char *label, const uint8_t *s, size_t len)
{
- uint32_t i;
+ unsigned int i;
TC_PRINT("%s = ", label);
- for (i = 0; i < (uint32_t) len; ++i) {
+ for (i = 0; i < (unsigned int) len; ++i) {
TC_PRINT("%02x", s[i]);
}
TC_PRINT("\n");
}
-static inline void fatal(uint32_t testnum, const void *expected, size_t expectedlen,
+static inline void fatal(unsigned int testnum, const void *expected, size_t expectedlen,
const void *computed, size_t computedlen)
{
@@ -104,10 +105,10 @@
TC_PRINT("\n");
}
-static inline uint32_t check_result(uint32_t testnum, const void *expected, size_t expectedlen,
+static inline unsigned int check_result(unsigned int testnum, const void *expected, size_t expectedlen,
const void *computed, size_t computedlen)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
if (expectedlen != computedlen) {
TC_ERROR("The length of the computed buffer (%zu)", computedlen);
@@ -121,4 +122,4 @@
return result;
}
-#endif
+#endif /* __TEST_UTILS_H__ */
diff --git a/ext/tinycrypt/tests/pseudo-random-data.bin b/ext/tinycrypt/tests/pseudo-random-data.bin
new file mode 100644
index 0000000..4f174c5
--- /dev/null
+++ b/ext/tinycrypt/tests/pseudo-random-data.bin
Binary files differ
diff --git a/ext/tinycrypt/tests/test_aes.c b/ext/tinycrypt/tests/test_aes.c
index 40c89fa..ea3e2da 100644
--- a/ext/tinycrypt/tests/test_aes.c
+++ b/ext/tinycrypt/tests/test_aes.c
@@ -1,9 +1,7 @@
-/* test_aes.c - TinyCrypt
- * Implementation of some AES-128 tests (including NIST tests)
- */
+/* test_aes.c - TinyCrypt AES-128 tests (including NIST tests) */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -73,7 +71,8 @@
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
- const struct tc_aes_key_sched_struct expected = {{
+ const struct tc_aes_key_sched_struct expected = {
+ {
0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c,
0xa0fafe17, 0x88542cb1, 0x23a33939, 0x2a6c7605,
0xf2c295f2, 0x7a96b943, 0x5935807a, 0x7359f67f,
@@ -85,7 +84,8 @@
0xead27321, 0xb58dbad2, 0x312bf560, 0x7f8d292f,
0xac7766f3, 0x19fadc21, 0x28d12941, 0x575c006e,
0xd014f9a8, 0xc9ee2589, 0xe13f0cc8, 0xb6630ca6
- } };
+ }
+ };
struct tc_aes_key_sched_struct s;
TC_PRINT("AES128 %s (NIST key schedule test):\n", __func__);
@@ -97,11 +97,10 @@
goto exitTest1;
}
- result = check_result(1, expected.words,
- sizeof(expected.words),
- s.words, sizeof(s.words));
+ result = check_result(1, expected.words, sizeof(expected.words), s.words,
+ sizeof(s.words));
- exitTest1:
+exitTest1:
TC_END_RESULT(result);
return result;
}
@@ -137,16 +136,16 @@
goto exitTest2;
}
- result = check_result(2, expected, sizeof(expected),
- ciphertext, sizeof(ciphertext));
+ result = check_result(2, expected, sizeof(expected), ciphertext,
+ sizeof(ciphertext));
- exitTest2:
+exitTest2:
TC_END_RESULT(result);
return result;
}
-int var_text_test(uint32_t r, const uint8_t *in, const uint8_t *out,
+int var_text_test(unsigned int r, const uint8_t *in, const uint8_t *out,
TCAesKeySched_t s)
{
uint8_t ciphertext[NUM_OF_NIST_KEYS];
@@ -154,8 +153,8 @@
int result = TC_PASS;
(void)tc_aes_encrypt(ciphertext, in, s);
- result = check_result(r, out, NUM_OF_NIST_KEYS,
- ciphertext, sizeof(ciphertext));
+ result = check_result(r, out, NUM_OF_NIST_KEYS, ciphertext,
+ sizeof(ciphertext));
if (result != TC_FAIL) {
if (tc_aes_decrypt(decrypted, ciphertext, s) == 0) {
TC_ERROR("aes_decrypt failed\n");
@@ -1078,7 +1077,7 @@
} }
};
struct tc_aes_key_sched_struct s;
- uint32_t i;
+ unsigned int i;
TC_PRINT("AES128 %s (NIST fixed-key and variable-text):\n", __func__);
@@ -1096,7 +1095,7 @@
return result;
}
-int var_key_test(uint32_t r, const uint8_t *in, const uint8_t *out)
+int var_key_test(unsigned int r, const uint8_t *in, const uint8_t *out)
{
int result = TC_PASS;
@@ -1110,8 +1109,8 @@
(void)tc_aes128_set_encrypt_key(&s, in);
(void)tc_aes_encrypt(ciphertext, plaintext, &s);
- result = check_result(r, out, NUM_OF_NIST_KEYS,
- ciphertext, sizeof(ciphertext));
+ result = check_result(r, out, NUM_OF_NIST_KEYS, ciphertext,
+ sizeof(ciphertext));
return result;
}
@@ -2020,7 +2019,7 @@
0x89, 0x64, 0x48, 0x45, 0x38, 0xbf, 0xc9, 0x2c
} }
};
- uint32_t i;
+ unsigned int i;
TC_PRINT("AES128 test #4 (NIST variable-key and fixed-text):\n");
diff --git a/ext/tinycrypt/tests/test_cbc_mode.c b/ext/tinycrypt/tests/test_cbc_mode.c
index 24fe14b..ffa0a88 100644
--- a/ext/tinycrypt/tests/test_cbc_mode.c
+++ b/ext/tinycrypt/tests/test_cbc_mode.c
@@ -1,7 +1,7 @@
/* test_cbc_mode.c - TinyCrypt implementation of some AES-CBC tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -108,7 +108,7 @@
uint8_t encrypted[80];
uint8_t decrypted[64];
uint8_t *p;
- uint32_t length;
+ unsigned int length;
int result = TC_PASS;
(void)tc_aes128_set_encrypt_key(&a, key);
@@ -116,36 +116,34 @@
(void)memcpy(iv_buffer, iv, TC_AES_BLOCK_SIZE);
TC_PRINT("CBC test #1 (encryption SP 800-38a tests):\n");
- if (tc_cbc_mode_encrypt(encrypted,
- sizeof(plaintext) + TC_AES_BLOCK_SIZE,
- plaintext, sizeof(plaintext),
- iv_buffer, &a) == 0) {
+ if (tc_cbc_mode_encrypt(encrypted, sizeof(plaintext) + TC_AES_BLOCK_SIZE,
+ plaintext, sizeof(plaintext), iv_buffer, &a) == 0) {
TC_ERROR("CBC test #1 (encryption SP 800-38a tests) failed in "
"%s.\n", __func__);
result = TC_FAIL;
goto exitTest1;
}
- result = check_result(1, ciphertext, sizeof(encrypted),
- encrypted, sizeof(encrypted));
+ result = check_result(1, ciphertext, sizeof(encrypted), encrypted,
+ sizeof(encrypted));
TC_END_RESULT(result);
TC_PRINT("CBC test #2 (decryption SP 800-38a tests):\n");
(void)tc_aes128_set_decrypt_key(&a, key);
p = &encrypted[TC_AES_BLOCK_SIZE];
- length = ((uint32_t) sizeof(encrypted)) - TC_AES_BLOCK_SIZE;
+ length = ((unsigned int) sizeof(encrypted)) - TC_AES_BLOCK_SIZE;
- if (tc_cbc_mode_decrypt(decrypted, length - TC_AES_BLOCK_SIZE, p,
- length, encrypted, &a) == 0) {
+ if (tc_cbc_mode_decrypt(decrypted, length - TC_AES_BLOCK_SIZE, p, length,
+ encrypted, &a) == 0) {
TC_ERROR("CBC test #2 (decryption SP 800-38a tests) failed in. "
"%s\n", __func__);
result = TC_FAIL;
goto exitTest1;
}
- result = check_result(2, plaintext, sizeof(decrypted),
- decrypted, sizeof(decrypted));
+ result = check_result(2, plaintext, sizeof(decrypted), decrypted,
+ sizeof(decrypted));
exitTest1:
TC_END_RESULT(result);
@@ -163,7 +161,8 @@
TC_PRINT("Performing CBC tests:\n");
result = test_1_and_2();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CBC test #1 failed.\n");
goto exitTest;
}
diff --git a/ext/tinycrypt/tests/test_ccm_mode.c b/ext/tinycrypt/tests/test_ccm_mode.c
index 4ed0f51..878edb3 100644
--- a/ext/tinycrypt/tests/test_ccm_mode.c
+++ b/ext/tinycrypt/tests/test_ccm_mode.c
@@ -1,7 +1,7 @@
/* test_ccm_mode.c - TinyCrypt AES-CCM tests (RFC 3610 tests) */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -51,8 +51,8 @@
#include <string.h>
-#define CIPHERTEXT_LEN 50
-#define DECRYPTED_LEN 25
+#define TC_CCM_MAX_CT_SIZE 50
+#define TC_CCM_MAX_PT_SIZE 25
#define NUM_NIST_KEYS 16
#define NONCE_LEN 13
#define HEADER_LEN 8
@@ -67,16 +67,17 @@
#define EXPECTED_BUF_LEN34 34
#define EXPECTED_BUF_LEN35 35
-int do_test(const uint8_t *key,
- uint8_t *nonce, size_t nlen,
- const uint8_t *hdr, size_t hlen,
- const uint8_t *data, size_t dlen,
- const uint8_t *expected, size_t elen,
- const int mlen)
+int do_test(const uint8_t *key, uint8_t *nonce,
+ size_t nlen, const uint8_t *hdr,
+ size_t hlen, const uint8_t *data,
+ size_t dlen, const uint8_t *expected,
+ size_t elen, const int mlen)
{
+
int result = TC_PASS;
- uint8_t ciphertext[CIPHERTEXT_LEN];
- uint8_t decrypted[DECRYPTED_LEN];
+
+ uint8_t ciphertext[TC_CCM_MAX_CT_SIZE];
+ uint8_t decrypted[TC_CCM_MAX_PT_SIZE];
struct tc_ccm_mode_struct c;
struct tc_aes_key_sched_struct sched;
@@ -90,8 +91,8 @@
goto exitTest1;
}
- result = tc_ccm_generation_encryption(ciphertext, hdr, hlen,
- data, dlen, &c);
+ result = tc_ccm_generation_encryption(ciphertext, TC_CCM_MAX_CT_SIZE, hdr,
+ hlen, data, dlen, &c);
if (result == 0) {
TC_ERROR("ccm_encrypt failed in %s.\n", __func__);
@@ -110,8 +111,8 @@
goto exitTest1;
}
- result = tc_ccm_decryption_verification(decrypted, hdr, hlen,
- ciphertext, dlen + mlen, &c);
+ result = tc_ccm_decryption_verification(decrypted, TC_CCM_MAX_PT_SIZE, hdr,
+ hlen, ciphertext, dlen+mlen, &c);
if (result == 0) {
TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
show_str("\t\tExpected", data, dlen);
@@ -378,8 +379,8 @@
};
struct tc_ccm_mode_struct c;
struct tc_aes_key_sched_struct sched;
- uint8_t decrypted[DECRYPTED_LEN];
- uint8_t ciphertext[CIPHERTEXT_LEN];
+ uint8_t decrypted[TC_CCM_MAX_PT_SIZE];
+ uint8_t ciphertext[TC_CCM_MAX_CT_SIZE];
uint16_t mlen = M_LEN10;
TC_PRINT("%s: Performing CCM test #7 (no associated data):\n",
@@ -393,8 +394,8 @@
goto exitTest1;
}
- result = tc_ccm_generation_encryption(ciphertext, hdr, 0,
- data, sizeof(data), &c);
+ result = tc_ccm_generation_encryption(ciphertext, TC_CCM_MAX_CT_SIZE, hdr,
+ 0, data, sizeof(data), &c);
if (result == 0) {
TC_ERROR("ccm_encryption failed in %s.\n", __func__);
@@ -402,8 +403,8 @@
goto exitTest1;
}
- result = tc_ccm_decryption_verification(decrypted, hdr, 0, ciphertext,
- sizeof(data) + mlen, &c);
+ result = tc_ccm_decryption_verification (decrypted, TC_CCM_MAX_PT_SIZE, hdr,
+ 0, ciphertext, sizeof(data)+mlen, &c);
if (result == 0) {
TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
show_str("\t\tExpected", data, sizeof(data));
@@ -436,11 +437,15 @@
const uint8_t hdr[8] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
- uint8_t data[] = {};
+
+ uint8_t *data = NULL;
+
struct tc_ccm_mode_struct c;
struct tc_aes_key_sched_struct sched;
- uint8_t decrypted[DECRYPTED_LEN];
- uint8_t ciphertext[CIPHERTEXT_LEN];
+
+ uint8_t decrypted[TC_CCM_MAX_PT_SIZE];
+ uint8_t ciphertext[TC_CCM_MAX_CT_SIZE];
+
uint16_t mlen = M_LEN10;
TC_PRINT("%s: Performing CCM test #8 (no payload data):\n", __func__);
@@ -453,8 +458,8 @@
goto exitTest1;
}
- result = tc_ccm_generation_encryption(ciphertext, hdr, sizeof(hdr),
- data, sizeof(data), &c);
+ result = tc_ccm_generation_encryption(ciphertext, TC_CCM_MAX_CT_SIZE, hdr,
+ sizeof(hdr), data, 0, &c);
if (result == 0) {
TC_ERROR("ccm_encrypt failed in %s.\n", __func__);
@@ -462,8 +467,8 @@
goto exitTest1;
}
- result = tc_ccm_decryption_verification(decrypted, hdr, sizeof(hdr),
- ciphertext, mlen, &c);
+ result = tc_ccm_decryption_verification(decrypted, TC_CCM_MAX_PT_SIZE, hdr,
+ sizeof(hdr), ciphertext, mlen, &c);
if (result == 0) {
TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
show_str("\t\tExpected", data, sizeof(data));
diff --git a/ext/tinycrypt/tests/test_cmac_mode.c b/ext/tinycrypt/tests/test_cmac_mode.c
index 759c330..dc757fe 100644
--- a/ext/tinycrypt/tests/test_cmac_mode.c
+++ b/ext/tinycrypt/tests/test_cmac_mode.c
@@ -1,7 +1,7 @@
/* test_cmac_mode.c - TinyCrypt AES-CMAC tests (including SP 800-38B tests) */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -38,7 +38,7 @@
* - CMAC test #2 null msg (SP 800-38B test vector #1)
* - CMAC test #3 1 block msg (SP 800-38B test vector #2)
* - CMAC test #4 320 bit msg (SP 800-38B test vector #3)
- * - CMAC test #5 512 bit msg(SP 800-38B test vector #4)
+ * - CMAC test #5 512 bit msg (SP 800-38B test vector #4)
*/
#include <tinycrypt/cmac_mode.h>
@@ -53,7 +53,7 @@
static void show(const char *label, const uint8_t *s, size_t slen)
{
- uint32_t i;
+ unsigned int i;
TC_PRINT("%s\t", label);
for (i = 0; i < slen; ++i) {
@@ -65,7 +65,7 @@
extern void gf_double(uint8_t *out, uint8_t *in);
static int verify_gf_2_128_double(uint8_t *K1, uint8_t *K2,
- struct tc_cmac_struct s)
+ struct tc_cmac_struct s)
{
int result = TC_PASS;
@@ -249,6 +249,8 @@
/*
* Main task to test CMAC
+ * effects: returns 1 if all tests pass
+ * exceptions: returns a negative value if some test fails
*/
int main(void)
{
@@ -268,31 +270,36 @@
(void) tc_cmac_setup(&state, key, &sched);
result = verify_gf_2_128_double(K1, K2, state);
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CMAC test #1 (128 double) failed.\n");
goto exitTest;
}
(void) tc_cmac_setup(&state, key, &sched);
result = verify_cmac_null_msg(&state);
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CMAC test #2 (null msg) failed.\n");
goto exitTest;
}
(void) tc_cmac_setup(&state, key, &sched);
result = verify_cmac_1_block_msg(&state);
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CMAC test #3 (1 block msg)failed.\n");
goto exitTest;
}
(void) tc_cmac_setup(&state, key, &sched);
result = verify_cmac_320_bit_msg(&state);
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CMAC test #4 (320 bit msg) failed.\n");
goto exitTest;
}
(void) tc_cmac_setup(&state, key, &sched);
result = verify_cmac_512_bit_msg(&state);
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("CMAC test #5 (512 bit msg)failed.\n");
goto exitTest;
}
diff --git a/ext/tinycrypt/tests/test_ctr_mode.c b/ext/tinycrypt/tests/test_ctr_mode.c
index d185aee..daf3787 100644
--- a/ext/tinycrypt/tests/test_ctr_mode.c
+++ b/ext/tinycrypt/tests/test_ctr_mode.c
@@ -1,7 +1,7 @@
/* test_ctr_mode.c - TinyCrypt implementation of some AES-CTR tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -50,37 +50,37 @@
/*
* NIST SP 800-38a CTR Test for encryption and decryption.
*/
-uint32_t test_1_and_2(void)
+unsigned int test_1_and_2(void)
{
const uint8_t key[16] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88,
- 0x09, 0xcf, 0x4f, 0x3c
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88,
+ 0x09, 0xcf, 0x4f, 0x3c
};
uint8_t ctr[16] = {
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff
};
const uint8_t plaintext[64] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11,
- 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
- 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
- 0xe6, 0x6c, 0x37, 0x10
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11,
+ 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
+ 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
+ 0xe6, 0x6c, 0x37, 0x10
};
const uint8_t ciphertext[80] = {
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff, 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
- 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, 0xf6, 0x6b,
- 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
- 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02,
- 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
- 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff, 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, 0xf6, 0x6b,
+ 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
+ 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02,
+ 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
+ 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
};
struct tc_aes_key_sched_struct sched;
uint8_t out[80];
uint8_t decrypted[64];
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_PRINT("CTR test #1 (encryption SP 800-38a tests):\n");
(void)tc_aes128_set_encrypt_key(&sched, key);
@@ -99,7 +99,7 @@
TC_PRINT("CTR test #2 (decryption SP 800-38a tests):\n");
(void) memcpy(ctr, out, sizeof(ctr));
if (tc_ctr_mode(decrypted, sizeof(decrypted), &out[TC_AES_BLOCK_SIZE],
- sizeof(decrypted), ctr, &sched) == 0) {
+ sizeof(decrypted), ctr, &sched) == 0) {
TC_ERROR("CTR test #2 (decryption SP 800-38a tests) failed in %s.\n", __func__);
result = TC_FAIL;
goto exitTest1;
@@ -119,7 +119,7 @@
int main(void)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_START("Performing AES128-CTR mode tests:");
diff --git a/ext/tinycrypt/tests/test_ctr_prng.c b/ext/tinycrypt/tests/test_ctr_prng.c
index b429670..e95f7f1 100644
--- a/ext/tinycrypt/tests/test_ctr_prng.c
+++ b/ext/tinycrypt/tests/test_ctr_prng.c
@@ -60,18 +60,17 @@
uint8_t *p;
int len, i;
- len = strlen(inhex) / 2;
+ len = strlen(inhex) / 2;
retval = (uint8_t *)malloc(len+1);
for(i=0, p = (uint8_t *) inhex; i<len; i++) {
retval[i] = (nibbleFromChar(*p) << 4) | nibbleFromChar(*(p+1));
p += 2;
}
- retval[len] = 0;
+ retval[len] = 0;
return retval;
}
-typedef struct
-{
+typedef struct {
char * entropyString;
char * personalizationString; /* may be null */
char * additionalInputString1; /* may be null */
@@ -87,19 +86,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "ce50f33da5d4c1d3d4004eb35244b7f2cd7f2e5076fbf6780a7ff634b249a5fc",
- 0,
- 0,
- 0,
- "6545c0529d372443b392ceb3ae3a99a30f963eaf313280f1d1a1e87f9db373d361e75d18018266499cccd64d9bbb8de0185f213383080faddec46bae1f784e5a",
+ "ce50f33da5d4c1d3d4004eb35244b7f2cd7f2e5076fbf6780a7ff634b249a5fc",
+ 0,
+ 0,
+ 0,
+ "6545c0529d372443b392ceb3ae3a99a30f963eaf313280f1d1a1e87f9db373d361e75d18018266499cccd64d9bbb8de0185f213383080faddec46bae1f784e5a",
},
{ /* Count 1 */
- "a385f70a4d450321dfd18d8379ef8e7736fee5fbf0a0aea53b76696094e8aa93",
- 0,
- 0,
- 0,
- "1a062553ab60457ed1f1c52f5aca5a3be564a27545358c112ed92c6eae2cb7597cfcc2e0a5dd81c5bfecc941da5e8152a9010d4845170734676c8c1b6b3073a5",
+ "a385f70a4d450321dfd18d8379ef8e7736fee5fbf0a0aea53b76696094e8aa93",
+ 0,
+ 0,
+ 0,
+ "1a062553ab60457ed1f1c52f5aca5a3be564a27545358c112ed92c6eae2cb7597cfcc2e0a5dd81c5bfecc941da5e8152a9010d4845170734676c8c1b6b3073a5",
},
/*
@@ -108,19 +107,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "6bd4f2ae649fc99350951ff0c5d460c1a9214154e7384975ee54b34b7cae0704",
- 0,
- "ecd4893b979ac92db1894ae3724518a2f78cf2dbe2f6bbc6fda596df87c7a4ae",
- "b23e9188687c88768b26738862c4791fa52f92502e1f94bf66af017c4228a0dc",
- "5b2bf7a5c60d8ab6591110cbd61cd387b02de19784f496d1a109123d8b3562a5de2dd6d5d1aef957a6c4f371cecd93c15799d82e34d6a0dba7e915a27d8e65f3",
+ "6bd4f2ae649fc99350951ff0c5d460c1a9214154e7384975ee54b34b7cae0704",
+ 0,
+ "ecd4893b979ac92db1894ae3724518a2f78cf2dbe2f6bbc6fda596df87c7a4ae",
+ "b23e9188687c88768b26738862c4791fa52f92502e1f94bf66af017c4228a0dc",
+ "5b2bf7a5c60d8ab6591110cbd61cd387b02de19784f496d1a109123d8b3562a5de2dd6d5d1aef957a6c4f371cecd93c15799d82e34d6a0dba7e915a27d8e65f3",
},
{ /* Count 1 */
- "e2addbde2a76e769fc7aa3f45b31402f482b73bbe7067ad6254621f06d3ef68b",
- 0,
- "ad11643b019e31245e4ea41f18f7680458310580fa6efad275c5833e7f800dae",
- "b5d849616b3123c9725d188cd0005003220768d1200f9e7cc29ef6d88afb7b9a",
- "132d0d50c8477a400bb8935be5928f916a85da9ffcf1a8f6e9f9a14cca861036cda14cf66d8953dab456b632cf687cd539b4b807926561d0b3562b9d3334fb61",
+ "e2addbde2a76e769fc7aa3f45b31402f482b73bbe7067ad6254621f06d3ef68b",
+ 0,
+ "ad11643b019e31245e4ea41f18f7680458310580fa6efad275c5833e7f800dae",
+ "b5d849616b3123c9725d188cd0005003220768d1200f9e7cc29ef6d88afb7b9a",
+ "132d0d50c8477a400bb8935be5928f916a85da9ffcf1a8f6e9f9a14cca861036cda14cf66d8953dab456b632cf687cd539b4b807926561d0b3562b9d3334fb61",
},
/*
@@ -129,19 +128,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "cee23de86a69c7ef57f6e1e12bd16e35e51624226fa19597bf93ec476a44b0f2",
- "a2ef16f226ea324f23abd59d5e3c660561c25e73638fe21c87566e86a9e04c3e",
- 0,
- 0,
- "2a76d71b329f449c98dc08fff1d205a2fbd9e4ade120c7611c225c984eac8531288dd3049f3dc3bb3671501ab8fbf9ad49c86cce307653bd8caf29cb0cf07764",
+ "cee23de86a69c7ef57f6e1e12bd16e35e51624226fa19597bf93ec476a44b0f2",
+ "a2ef16f226ea324f23abd59d5e3c660561c25e73638fe21c87566e86a9e04c3e",
+ 0,
+ 0,
+ "2a76d71b329f449c98dc08fff1d205a2fbd9e4ade120c7611c225c984eac8531288dd3049f3dc3bb3671501ab8fbf9ad49c86cce307653bd8caf29cb0cf07764",
},
{ /* Count 1 */
- "b09eb4a82a39066ec945bb7c6aef6a0682a62c3e674bd900297d4271a5f25b49",
- "a3b768adcfe76d61c972d900da8dffeeb2a42e740247aa719ed1c924d2d10bd4",
- 0,
- 0,
- "5a1c26803f3ffd4daf32042fdcc32c3812bb5ef13bc208cef82ea047d2890a6f5dcecf32bcc32a2585775ac5e1ffaa8de00664c54fe00a7674b985619e953c3a",
+ "b09eb4a82a39066ec945bb7c6aef6a0682a62c3e674bd900297d4271a5f25b49",
+ "a3b768adcfe76d61c972d900da8dffeeb2a42e740247aa719ed1c924d2d10bd4",
+ 0,
+ 0,
+ "5a1c26803f3ffd4daf32042fdcc32c3812bb5ef13bc208cef82ea047d2890a6f5dcecf32bcc32a2585775ac5e1ffaa8de00664c54fe00a7674b985619e953c3a",
},
/*
@@ -150,19 +149,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "50b96542a1f2b8b05074051fe8fb0e45adbbd5560e3594e12d485fe1bfcb741f",
- "820c3030f97b3ead81a93b88b871937278fd3d711d2085d9280cba394673b17e",
- "1f1632058806d6d8e231288f3b15a3c324e90ccef4891bd595f09c3e80e27469",
- "5cadc8bfd86d2a5d44f921f64c7d153001b9bdd7caa6618639b948ebfad5cb8a",
- "02b76a66f103e98d450e25e09c35337747d987471d2b3d81e03be24c7e985417a32acd72bc0a6eddd9871410dacb921c659249b4e2b368c4ac8580fb5db559bc",
+ "50b96542a1f2b8b05074051fe8fb0e45adbbd5560e3594e12d485fe1bfcb741f",
+ "820c3030f97b3ead81a93b88b871937278fd3d711d2085d9280cba394673b17e",
+ "1f1632058806d6d8e231288f3b15a3c324e90ccef4891bd595f09c3e80e27469",
+ "5cadc8bfd86d2a5d44f921f64c7d153001b9bdd7caa6618639b948ebfad5cb8a",
+ "02b76a66f103e98d450e25e09c35337747d987471d2b3d81e03be24c7e985417a32acd72bc0a6eddd9871410dacb921c659249b4e2b368c4ac8580fb5db559bc",
},
{ /* Count 1 */
- "ff5f4b754e8b364f6df0c5effba5f1c036de49c4b38cd8d230ee1f14d7234ef5",
- "994eb339f64034005d2e18352899e77df446e285c3430631d557498aac4f4280",
- "e1824832d5fc2a6dea544cac2ab73306d6566bde98cc8f9425d064b860a9b218",
- "c08b42433a78fd393a34ffc24724d479af08c36882799c134165d98b2866dc0a",
- "1efa34aed07dd57bde9741b8d1907d28e8c1ac71601df37ef4295e6ffb67f6a1c4c13e5def65d505e2408aeb82948999ca1f9c9113b99a6b59ff7f0cc3dc6e92",
+ "ff5f4b754e8b364f6df0c5effba5f1c036de49c4b38cd8d230ee1f14d7234ef5",
+ "994eb339f64034005d2e18352899e77df446e285c3430631d557498aac4f4280",
+ "e1824832d5fc2a6dea544cac2ab73306d6566bde98cc8f9425d064b860a9b218",
+ "c08b42433a78fd393a34ffc24724d479af08c36882799c134165d98b2866dc0a",
+ "1efa34aed07dd57bde9741b8d1907d28e8c1ac71601df37ef4295e6ffb67f6a1c4c13e5def65d505e2408aeb82948999ca1f9c9113b99a6b59ff7f0cc3dc6e92",
},
/*
@@ -171,19 +170,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "69a09f6bf5dda15cd4af29e14cf5e0cddd7d07ac39bba587f8bc331104f9c448",
- 0,
- 0,
- 0,
- "f78a4919a6ec899f7b6c69381febbbe083315f3d289e70346db0e4ec4360473ae0b3d916e9b6b964309f753ed66ae59de48da316cc1944bc8dfd0e2575d0ff6d",
+ "69a09f6bf5dda15cd4af29e14cf5e0cddd7d07ac39bba587f8bc331104f9c448",
+ 0,
+ 0,
+ 0,
+ "f78a4919a6ec899f7b6c69381febbbe083315f3d289e70346db0e4ec4360473ae0b3d916e9b6b964309f753ed66ae59de48da316cc1944bc8dfd0e2575d0ff6d",
},
{ /* Count 1 */
- "80bfbd340d79888f34f043ed6807a9f28b72b6644d9d9e9d777109482b80788a",
- 0,
- 0,
- 0,
- "80db048d2f130d864b19bfc547c92503e580cb1a8e1f74f3d97fdda6501fb1aa81fcedac0dd18b6ccfdc183ca28a44fc9f3a08834ba8751a2f4495367c54a185",
+ "80bfbd340d79888f34f043ed6807a9f28b72b6644d9d9e9d777109482b80788a",
+ 0,
+ 0,
+ 0,
+ "80db048d2f130d864b19bfc547c92503e580cb1a8e1f74f3d97fdda6501fb1aa81fcedac0dd18b6ccfdc183ca28a44fc9f3a08834ba8751a2f4495367c54a185",
},
/*
@@ -192,19 +191,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "7f40804693552e317523fda6935a5bc814353b1fbb7d334964ac4d1d12ddccce",
- 0,
- "95c04259f64fcd1fe00c183aa3fb76b8a73b4d1243b800d770e38515bc41143c",
- "5523102dbd7fe1228436b91a765b165ae6405eb0236e237afad4759cf0888941",
- "1abf6bccb4c2d64e5187b1e2e34e493eca204ee4eef0d964267e38228f5f20efba376430a266f3832916d0a45b2703f46401dfd145e447a0a1667ebd8b6ee748",
+ "7f40804693552e317523fda6935a5bc814353b1fbb7d334964ac4d1d12ddccce",
+ 0,
+ "95c04259f64fcd1fe00c183aa3fb76b8a73b4d1243b800d770e38515bc41143c",
+ "5523102dbd7fe1228436b91a765b165ae6405eb0236e237afad4759cf0888941",
+ "1abf6bccb4c2d64e5187b1e2e34e493eca204ee4eef0d964267e38228f5f20efba376430a266f3832916d0a45b2703f46401dfd145e447a0a1667ebd8b6ee748",
},
{ /* Count 1 */
- "350df677409a1dc297d01d3716a2abdfa6272cd030ab75f76839648582b47113",
- 0,
- "ba5709a12ae6634a5436b7ea06838b48f7b847a237f6654a0e27c776ebee9511",
- "f1b2c717c5e3a934127e10471d67accc65f4a45010ca53b35f54c88833dbd8e7",
- "1ef1ea279812e8abe54f7ffd12d04c80ae40741f4ccfe232a5fba3a78dfd3e2ed419b88ee9188df724160cbb3aea0f276e84a3c0ff01e3b89fe30ebcfa64cb86",
+ "350df677409a1dc297d01d3716a2abdfa6272cd030ab75f76839648582b47113",
+ 0,
+ "ba5709a12ae6634a5436b7ea06838b48f7b847a237f6654a0e27c776ebee9511",
+ "f1b2c717c5e3a934127e10471d67accc65f4a45010ca53b35f54c88833dbd8e7",
+ "1ef1ea279812e8abe54f7ffd12d04c80ae40741f4ccfe232a5fba3a78dfd3e2ed419b88ee9188df724160cbb3aea0f276e84a3c0ff01e3b89fe30ebcfa64cb86",
},
/*
@@ -213,19 +212,19 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "3fef762f0aa0677f61c65d749eeb10b013ff68ccc6314f150cfee752dcd8f987",
- "f56db099240c7590dac396372b8737404d418b2864a3df96a8a397967245735f",
- 0,
- 0,
- "af0afe0837442136fbb1959a1c91a9291c1d8188ede07c67d0e4dd6541303415e7a67999c302ba0df555324c26077514592a9b6db6be2f153fad2250161164e4",
+ "3fef762f0aa0677f61c65d749eeb10b013ff68ccc6314f150cfee752dcd8f987",
+ "f56db099240c7590dac396372b8737404d418b2864a3df96a8a397967245735f",
+ 0,
+ 0,
+ "af0afe0837442136fbb1959a1c91a9291c1d8188ede07c67d0e4dd6541303415e7a67999c302ba0df555324c26077514592a9b6db6be2f153fad2250161164e4",
},
{ /* Count 1 */
- "3eebe77db4631862e3eb7e39370515b8baa1cdd71a5b1b0cda79c14d0b5f48ea",
- "4be56a9b9c21242739c985ef12aa4d98e8c7da07c4c1dc6829f2e06833cfa148",
- 0,
- 0,
- "be9e18a753df261927473c8bb5fb7c3ea6e821df5ab49adc566a4ebf44f75fa825b1f9d8c154bcd469134c0bb688e07e3c3e45407ca350d540e1528cc2e64068",
+ "3eebe77db4631862e3eb7e39370515b8baa1cdd71a5b1b0cda79c14d0b5f48ea",
+ "4be56a9b9c21242739c985ef12aa4d98e8c7da07c4c1dc6829f2e06833cfa148",
+ 0,
+ 0,
+ "be9e18a753df261927473c8bb5fb7c3ea6e821df5ab49adc566a4ebf44f75fa825b1f9d8c154bcd469134c0bb688e07e3c3e45407ca350d540e1528cc2e64068",
},
/*
@@ -234,59 +233,56 @@
* ReturnedBitsLen = 512
*/
{ /* Count 0 */
- "c129c2732003bbf1d1dec244a933cd04cb47199bbce98fe080a1be880afb2155",
- "64e2b9ac5c20642e3e3ee454b7463861a7e93e0dd1bbf8c4a0c28a6cb3d811ba",
- "f94f0975760d52f47bd490d1623a9907e4df701f601cf2d573aba803a29d2b51",
- "6f99720b186e2028a5fcc586b3ea518458e437ff449c7c5a318e6d13f75b5db7",
- "7b8b3378b9031ab3101cec8af5b8ba5a9ca2a9af41432cd5f2e5e19716140bb219ed7f4ba88fc37b2d7e146037d2cac1128ffe14131c8691e581067a29cacf80",
+ "c129c2732003bbf1d1dec244a933cd04cb47199bbce98fe080a1be880afb2155",
+ "64e2b9ac5c20642e3e3ee454b7463861a7e93e0dd1bbf8c4a0c28a6cb3d811ba",
+ "f94f0975760d52f47bd490d1623a9907e4df701f601cf2d573aba803a29d2b51",
+ "6f99720b186e2028a5fcc586b3ea518458e437ff449c7c5a318e6d13f75b5db7",
+ "7b8b3378b9031ab3101cec8af5b8ba5a9ca2a9af41432cd5f2e5e19716140bb219ed7f4ba88fc37b2d7e146037d2cac1128ffe14131c8691e581067a29cacf80",
},
{ /* Count 1 */
- "7667643670254b3530e80a17b16b22406e84efa6a4b5ceef3ebc877495fc6048",
- "40b92969953acde756747005117e46eff6893d7132a8311ffb1062280367326b",
- "797a02ffbe8ff2c94ed0e5d39ebdc7847adaa762a88238242ed8f71f5635b194",
- "d617f0f0e609e90d814192ba2e5214293d485402cdf9f789cc78b05e8c374f18",
- "e8d6f89dca9825aed8927b43187492a98ca8648db30f0ac709556d401a8ac2b959c81350fc64332c4c0deb559a286a72e65dbb462bd872f9b28c0728f353dc10",
+ "7667643670254b3530e80a17b16b22406e84efa6a4b5ceef3ebc877495fc6048",
+ "40b92969953acde756747005117e46eff6893d7132a8311ffb1062280367326b",
+ "797a02ffbe8ff2c94ed0e5d39ebdc7847adaa762a88238242ed8f71f5635b194",
+ "d617f0f0e609e90d814192ba2e5214293d485402cdf9f789cc78b05e8c374f18",
+ "e8d6f89dca9825aed8927b43187492a98ca8648db30f0ac709556d401a8ac2b959c81350fc64332c4c0deb559a286a72e65dbb462bd872f9b28c0728f353dc10",
}
};
-static uint32_t executePRNG_TestVector(PRNG_Vector vector, uint32_t idx)
+static unsigned int executePRNG_TestVector(PRNG_Vector vector, unsigned int idx)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
uint8_t * entropy = hexStringToBytes(vector.entropyString);
- uint32_t entropylen = strlen(vector.entropyString) / 2U;
+ unsigned int entropylen = strlen(vector.entropyString) / 2U;
uint8_t * expected = hexStringToBytes(vector.expectedString);
- uint32_t expectedlen = strlen(vector.expectedString) / 2U;
+ unsigned int expectedlen = strlen(vector.expectedString) / 2U;
uint8_t * personalization = 0;
- uint32_t plen = 0U;
+ unsigned int plen = 0U;
uint8_t * additional_input1 = 0;
- uint32_t additionallen1 = 0U;
+ unsigned int additionallen1 = 0U;
uint8_t * additional_input2 = 0;
- uint32_t additionallen2 = 0U;
+ unsigned int additionallen2 = 0U;
uint8_t * output = (uint8_t *)malloc(expectedlen);
- uint32_t i;
+ unsigned int i;
TCCtrPrng_t ctx;
- if (0 != vector.personalizationString)
- {
+ if (0 != vector.personalizationString) {
personalization = hexStringToBytes(vector.personalizationString);
plen = strlen(vector.personalizationString) / 2U;
}
- if (0 != vector.additionalInputString1)
- {
+ if (0 != vector.additionalInputString1) {
additional_input1 = hexStringToBytes(vector.additionalInputString1);
additionallen1 = strlen(vector.additionalInputString1) / 2U;
}
- if (0 != vector.additionalInputString2)
- {
+ if (0 != vector.additionalInputString2) {
additional_input2 = hexStringToBytes(vector.additionalInputString2);
additionallen2 = strlen(vector.additionalInputString2) / 2U;
}
@@ -296,10 +292,8 @@
(void)tc_ctr_prng_generate(&ctx, additional_input1, additionallen1, output, expectedlen);
(void)tc_ctr_prng_generate(&ctx, additional_input2, additionallen2, output, expectedlen);
- for (i = 0U; i < expectedlen; i++)
- {
- if (output[i] != expected[i])
- {
+ for (i = 0U; i < expectedlen; i++) {
+ if (output[i] != expected[i]) {
TC_ERROR("CTR PRNG test #%d failed\n", idx);
result = TC_FAIL;
break;
@@ -316,15 +310,15 @@
return result;
}
-static int32_t test_reseed(void)
+static int test_reseed(void)
{
- int32_t result = TC_PASS;
+ int result = TC_PASS;
uint8_t entropy[32U] = {0U}; /* value not important */
uint8_t additional_input[32] = {0U};
uint8_t output[32];
TCCtrPrng_t ctx;
- int32_t ret;
- uint32_t i;
+ int ret;
+ unsigned int i;
(void)tc_ctr_prng_init(&ctx, entropy, sizeof entropy, 0, 0U);
@@ -332,16 +326,14 @@
ctx.reseedCount = 0x1000000000000ULL;
ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
- if (1 != ret)
- {
+ if (1 != ret) {
result = TC_FAIL;
goto exitTest;
}
/* expect further attempts to fail due to reaching reseed threshold */
ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
- if (-1 != ret)
- {
+ if (-1 != ret) {
result = TC_FAIL;
goto exitTest;
}
@@ -350,15 +342,13 @@
/* make entropy different from original value - not really important for the purpose of this test */
memset(entropy, 0xFF, sizeof entropy);
ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, additional_input, sizeof additional_input);
- if (1 != ret)
- {
+ if (1 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
- if (1 != ret)
- {
+ if (1 != ret) {
result = TC_FAIL;
goto exitTest;
}
@@ -366,13 +356,11 @@
/* confirm entropy and additional_input are being used correctly */
/* first, entropy only */
memset(&ctx, 0x0, sizeof ctx);
- for (i = 0U; i < sizeof entropy; i++)
- {
+ for (i = 0U; i < sizeof entropy; i++) {
entropy[i] = i;
}
ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, 0, 0U);
- if (1 != ret)
- {
+ if (1 != ret) {
result = TC_FAIL;
goto exitTest;
}
@@ -380,10 +368,8 @@
uint8_t expectedV[] =
{0x7EU, 0xE3U, 0xA0U, 0xCBU, 0x6DU, 0x5CU, 0x4BU, 0xC2U,
0x4BU, 0x7EU, 0x3CU, 0x48U, 0x88U, 0xC3U, 0x69U, 0x70U};
- for (i = 0U; i < sizeof expectedV; i++)
- {
- if (ctx.V[i] != expectedV[i])
- {
+ for (i = 0U; i < sizeof expectedV; i++) {
+ if (ctx.V[i] != expectedV[i]) {
result = TC_FAIL;
goto exitTest;
}
@@ -392,13 +378,11 @@
/* now, entropy and additional_input */
memset(&ctx, 0x0, sizeof ctx);
- for (i = 0U; i < sizeof additional_input; i++)
- {
+ for (i = 0U; i < sizeof additional_input; i++) {
additional_input[i] = i * 2U;
}
ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, additional_input, sizeof additional_input);
- if (1 != ret)
- {
+ if (1 != ret) {
result = TC_FAIL;
goto exitTest;
}
@@ -406,10 +390,8 @@
uint8_t expectedV[] =
{0x5EU, 0xC1U, 0x84U, 0xEDU, 0x45U, 0x76U, 0x67U, 0xECU,
0x7BU, 0x4CU, 0x08U, 0x7EU, 0xB0U, 0xF9U, 0x55U, 0x4EU};
- for (i = 0U; i < sizeof expectedV; i++)
- {
- if (ctx.V[i] != expectedV[i])
- {
+ for (i = 0U; i < sizeof expectedV; i++) {
+ if (ctx.V[i] != expectedV[i]) {
result = TC_FAIL;
goto exitTest;
}
@@ -417,17 +399,16 @@
}
exitTest:
- if (TC_FAIL == result)
- {
+ if (TC_FAIL == result) {
TC_ERROR("CTR PRNG reseed tests failed\n");
}
return result;
}
-static int32_t test_uninstantiate(void)
+static int test_uninstantiate(void)
{
- uint32_t i;
- int32_t result = TC_PASS;
+ unsigned int i;
+ int result = TC_PASS;
uint8_t entropy[32U] = {0U}; /* value not important */
TCCtrPrng_t ctx;
@@ -435,28 +416,23 @@
tc_ctr_prng_uninstantiate(&ctx);
/* show that state has been zeroised */
- for (i = 0U; i < sizeof ctx.V; i++)
- {
- if (0U != ctx.V[i])
- {
+ for (i = 0U; i < sizeof ctx.V; i++) {
+ if (0U != ctx.V[i]) {
TC_ERROR("CTR PRNG uninstantiate tests failed\n");
result = TC_FAIL;
break;
}
}
- for (i = 0U; i < sizeof ctx.key.words / sizeof ctx.key.words[0]; i++)
- {
- if (0U != ctx.key.words[i])
- {
+ for (i = 0U; i < sizeof ctx.key.words / sizeof ctx.key.words[0]; i++) {
+ if (0U != ctx.key.words[i]) {
TC_ERROR("CTR PRNG uninstantiate tests failed\n");
result = TC_FAIL;
break;
}
}
- if (0U != ctx.reseedCount)
- {
+ if (0U != ctx.reseedCount) {
TC_ERROR("CTR PRNG uninstantiate tests failed\n");
result = TC_FAIL;
}
@@ -464,10 +440,10 @@
return result;
}
-static int32_t test_robustness(void)
+static int test_robustness(void)
{
- int32_t result = TC_PASS;
- int32_t ret;
+ int result = TC_PASS;
+ int ret;
uint8_t entropy[32U] = {0U}; /* value not important */
uint8_t output[32];
TCCtrPrng_t ctx;
@@ -477,87 +453,75 @@
tc_ctr_prng_uninstantiate(0);
ret = tc_ctr_prng_generate(&ctx, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_generate(0, 0, 0, output, sizeof output);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_generate(0, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_reseed(&ctx, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
/* too little entropy */
ret = tc_ctr_prng_reseed(&ctx, entropy, (sizeof entropy) - 1U, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_reseed(0, entropy, sizeof entropy, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_reseed(0, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_init(&ctx, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
/* too little entropy */
ret = tc_ctr_prng_init(&ctx, entropy, (sizeof entropy) - 1U, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_init(0, entropy, sizeof entropy, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
ret = tc_ctr_prng_init(0, 0, 0, 0, 0);
- if (0 != ret)
- {
+ if (0 != ret) {
result = TC_FAIL;
goto exitTest;
}
exitTest:
- if (TC_FAIL == result)
- {
+ if (TC_FAIL == result) {
TC_ERROR("CTR PRNG reseed tests failed\n");
}
@@ -570,30 +534,25 @@
*/
int main(void)
{
- int32_t result = TC_PASS;
- uint32_t i;
+ int result = TC_PASS;
+ unsigned int i;
TC_START("Performing CTR-PRNG tests:");
- for (i = 0U; i < sizeof vectors / sizeof vectors[0]; i++)
- {
+ for (i = 0U; i < sizeof vectors / sizeof vectors[0]; i++) {
result = executePRNG_TestVector(vectors[i], i);
- if (TC_PASS != result)
- {
+ if (TC_PASS != result) {
goto exitTest;
}
}
- if (TC_PASS != test_reseed())
- {
+ if (TC_PASS != test_reseed()) {
goto exitTest;
}
- if (TC_PASS != test_uninstantiate())
- {
+ if (TC_PASS != test_uninstantiate()) {
goto exitTest;
}
- if (TC_PASS != test_robustness())
- {
+ if (TC_PASS != test_robustness()) {
goto exitTest;
}
diff --git a/ext/tinycrypt/tests/test_ecc_dh.c b/ext/tinycrypt/tests/test_ecc_dh.c
index 545f771..5cfd737 100644
--- a/ext/tinycrypt/tests/test_ecc_dh.c
+++ b/ext/tinycrypt/tests/test_ecc_dh.c
@@ -1,7 +1,30 @@
-/* test_ecc_ecdh.c - TinyCrypt implementation of some EC-DH tests */
+/* test_ecc_dh.c - TinyCrypt implementation of some EC-DH tests */
+
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -34,387 +57,465 @@
*/
#include <tinycrypt/ecc.h>
#include <tinycrypt/ecc_dh.h>
+#include <tinycrypt/ecc_platform_specific.h>
#include <test_ecc_utils.h>
#include <test_utils.h>
#include <tinycrypt/constants.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
-void ecdh_vectors(char **qx_vec,
- char **qy_vec,
- char **d_vec,
- char **z_vec,
- int tests,
- int verbose) {
+int ecdh_vectors(char **qx_vec, char **qy_vec, char **d_vec, char **z_vec,
+ int tests, int verbose)
+{
- EccPoint Q;
- uint32_t prv[NUM_ECC_DIGITS];
- uint32_t z[NUM_ECC_DIGITS];
+ unsigned int pub[2*NUM_ECC_WORDS];
+ unsigned int prv[NUM_ECC_WORDS];
+ unsigned int z[NUM_ECC_WORDS];
+ unsigned int result = TC_PASS;
- int rc;
- uint32_t exp_z[NUM_ECC_DIGITS];
+ int rc;
+ unsigned int exp_z[NUM_ECC_WORDS];
- for (int i=0; i<tests; i++) {
+ const struct uECC_Curve_t * curve = uECC_secp256r1();
- string2scalar(Q.x, NUM_ECC_DIGITS, qx_vec[i]);
- string2scalar(Q.y, NUM_ECC_DIGITS, qy_vec[i]);
- string2scalar(exp_z, NUM_ECC_DIGITS, z_vec[i]);
- string2scalar(prv, NUM_ECC_DIGITS, d_vec[i]);
+ for (int i = 0; i < tests; i++) {
- rc = ecdh_shared_secret(z, &Q, prv);
+ string2scalar(pub + NUM_ECC_WORDS, NUM_ECC_WORDS, qx_vec[i]);
+ string2scalar(pub, NUM_ECC_WORDS, qy_vec[i]);
+ string2scalar(exp_z, NUM_ECC_WORDS, z_vec[i]);
+ string2scalar(prv, NUM_ECC_WORDS, d_vec[i]);
- if (rc == TC_CRYPTO_FAIL) {
- printf("ECDH failure, exit.\n");
- exit(-1);
- }
- check_ecc_result(i, "Z", exp_z, z, NUM_ECC_DIGITS, verbose);
- }
+ uint8_t pub_bytes[2*NUM_ECC_BYTES];
+ uECC_vli_nativeToBytes(pub_bytes, 2*NUM_ECC_BYTES, pub);
+ uint8_t private_bytes[NUM_ECC_BYTES];
+ uECC_vli_nativeToBytes(private_bytes, NUM_ECC_BYTES, prv);
+ uint8_t z_bytes[NUM_ECC_BYTES];
+ uECC_vli_nativeToBytes(z_bytes, NUM_ECC_BYTES, exp_z);
+
+ rc = uECC_shared_secret(pub_bytes, private_bytes, z_bytes, curve);
+
+ if (rc == TC_CRYPTO_FAIL) {
+ TC_ERROR("ECDH failure, exit.\n");
+ result = TC_FAIL;
+ return result;;
+ }
+
+ uECC_vli_bytesToNative(z, z_bytes, NUM_ECC_BYTES);
+
+ result = check_ecc_result(i, "Z", exp_z, z, NUM_ECC_WORDS, verbose);
+ if (result == TC_FAIL) {
+ return result;
+ }
+ }
+ return result;
}
-void cavp_ecdh(bool verbose) {
+int cavp_ecdh(bool verbose)
+{
+ unsigned int result = TC_PASS;
+ /*
+ * P-256
+ */
+ char *d[] = {
+ "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
+ "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
+ "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
+ "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
+ "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
+ "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
+ "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
+ "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
+ "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
+ "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
+ "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
+ "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
+ "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
+ "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
+ "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
+ "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
+ "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
+ "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
+ "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
+ "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
+ "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
+ "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
+ "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
+ "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
+ "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
+ };
- /**
- * P-256
- */
- char *d[] = {
- "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
- "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
- "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
- "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
- "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
- "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
- "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
- "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
- "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
- "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
- "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
- "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
- "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
- "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
- "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
- "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
- "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
- "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
- "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
- "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
- "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
- "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
- "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
- "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
- "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
- };
+ char *x[] = {
+ "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
+ "809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7ae",
+ "a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3",
+ "df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed",
+ "41192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb922",
+ "33e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792",
+ "6a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba7",
+ "a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bb",
+ "94e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9",
+ "e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274f",
+ "f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff01658",
+ "2db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d",
+ "cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecb",
+ "15b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471",
+ "49c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa1",
+ "19b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c",
+ "2c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b099954",
+ "a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767",
+ "a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644",
+ "ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01f",
+ "c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4e",
+ "317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb6",
+ "45fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb1",
+ "a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6",
+ "356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b",
+ };
- char *x[] = {
- "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
- "809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7ae",
- "a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3",
- "df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed",
- "41192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb922",
- "33e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792",
- "6a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba7",
- "a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bb",
- "94e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9",
- "e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274f",
- "f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff01658",
- "2db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d",
- "cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecb",
- "15b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471",
- "49c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa1",
- "19b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c",
- "2c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b099954",
- "a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767",
- "a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644",
- "ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01f",
- "c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4e",
- "317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb6",
- "45fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb1",
- "a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6",
- "356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b",
- };
+ char *y[] = {
+ "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
+ "b29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
+ "ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
+ "422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
+ "1af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
+ "f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
+ "40f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
+ "f6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
+ "d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
+ "d9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
+ "33bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
+ "62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
+ "c3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
+ "cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
+ "8af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
+ "09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
+ "6cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
+ "dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
+ "563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
+ "e9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
+ "bf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
+ "09420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
+ "5c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
+ "e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
+ "57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
+ };
- char *y[] = {
- "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
- "b29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
- "ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
- "422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
- "1af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
- "f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
- "40f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
- "f6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
- "d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
- "d9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
- "33bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
- "62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
- "c3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
- "cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
- "8af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
- "09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
- "6cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
- "dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
- "563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
- "e9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
- "bf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
- "09420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
- "5c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
- "e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
- "57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
- };
+ char *Z[] = {
+ "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
+ "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
+ "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
+ "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
+ "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
+ "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
+ "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
+ "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
+ "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
+ "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
+ "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
+ "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
+ "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
+ "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
+ "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
+ "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
+ "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
+ "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
+ "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
+ "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
+ "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
+ "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
+ "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
+ "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
+ "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
+ };
- char *Z[] = {
- "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
- "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
- "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
- "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
- "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
- "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
- "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
- "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
- "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
- "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
- "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
- "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
- "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
- "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
- "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
- "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
- "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
- "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
- "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
- "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
- "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
- "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
- "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
- "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
- "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
- };
+ TC_PRINT("Test #1: ECDH");
+ TC_PRINT("NIST-p256\n");
- printf("Test #1: ECDH");
- printf("NIST-p256\n");
+ result = ecdh_vectors(x, y, d, Z, 25, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
- ecdh_vectors(x, y, d, Z, 25, verbose);
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
}
-void cavp_keygen(bool verbose) {
+int cavp_keygen(bool verbose)
+{
+ unsigned int result = TC_PASS;
+ /*
+ * [P-256, B.4.2 Key Pair Generation by Testing Candidates]
+ */
+ char *d[] = {
+ "c9806898a0334916c860748880a541f093b579a9b1f32934d86c363c39800357",
+ "710735c8388f48c684a97bd66751cc5f5a122d6b9a96a2dbe73662f78217446d",
+ "78d5d8b7b3e2c16b3e37e7e63becd8ceff61e2ce618757f514620ada8a11f6e4",
+ "2a61a0703860585fe17420c244e1de5a6ac8c25146b208ef88ad51ae34c8cb8c",
+ "01b965b45ff386f28c121c077f1d7b2710acc6b0cb58d8662d549391dcf5a883",
+ "fac92c13d374c53a085376fe4101618e1e181b5a63816a84a0648f3bdc24e519",
+ "f257a192dde44227b3568008ff73bcf599a5c45b32ab523b5b21ca582fef5a0a",
+ "add67e57c42a3d28708f0235eb86885a4ea68e0d8cfd76eb46134c596522abfd",
+ "4494860fd2c805c5c0d277e58f802cff6d731f76314eb1554142a637a9bc5538",
+ "d40b07b1ea7b86d4709ef9dc634c61229feb71abd63dc7fc85ef46711a87b210",
+ };
- /*
- * [P-256, B.4.2 Key Pair Generation by Testing Candidates]
- */
- char *d[] = {
- "c9806898a0334916c860748880a541f093b579a9b1f32934d86c363c39800357",
- "710735c8388f48c684a97bd66751cc5f5a122d6b9a96a2dbe73662f78217446d",
- "78d5d8b7b3e2c16b3e37e7e63becd8ceff61e2ce618757f514620ada8a11f6e4",
- "2a61a0703860585fe17420c244e1de5a6ac8c25146b208ef88ad51ae34c8cb8c",
- "01b965b45ff386f28c121c077f1d7b2710acc6b0cb58d8662d549391dcf5a883",
- "fac92c13d374c53a085376fe4101618e1e181b5a63816a84a0648f3bdc24e519",
- "f257a192dde44227b3568008ff73bcf599a5c45b32ab523b5b21ca582fef5a0a",
- "add67e57c42a3d28708f0235eb86885a4ea68e0d8cfd76eb46134c596522abfd",
- "4494860fd2c805c5c0d277e58f802cff6d731f76314eb1554142a637a9bc5538",
- "d40b07b1ea7b86d4709ef9dc634c61229feb71abd63dc7fc85ef46711a87b210",
- };
+ char *x[] = {
+ "d0720dc691aa80096ba32fed1cb97c2b620690d06de0317b8618d5ce65eb728f",
+ "f6836a8add91cb182d8d258dda6680690eb724a66dc3bb60d2322565c39e4ab9",
+ "76711126cbb2af4f6a5fe5665dad4c88d27b6cb018879e03e54f779f203a854e",
+ "e1aa7196ceeac088aaddeeba037abb18f67e1b55c0a5c4e71ec70ad666fcddc8",
+ "1f038c5422e88eec9e88b815e8f6b3e50852333fc423134348fc7d79ef8e8a10",
+ "7258f2ab96fc84ef6ccb33e308cd392d8b568ea635730ceb4ebd72fa870583b9",
+ "d2e01411817b5512b79bbbe14d606040a4c90deb09e827d25b9f2fc068997872",
+ "55bed2d9c029b7f230bde934c7124ed52b1330856f13cbac65a746f9175f85d7",
+ "5190277a0c14d8a3d289292f8a544ce6ea9183200e51aec08440e0c1a463a4e4",
+ "fbcea7c2827e0e8085d7707b23a3728823ea6f4878b24747fb4fd2842d406c73",
+ };
- char *x[] = {
- "d0720dc691aa80096ba32fed1cb97c2b620690d06de0317b8618d5ce65eb728f",
- "f6836a8add91cb182d8d258dda6680690eb724a66dc3bb60d2322565c39e4ab9",
- "76711126cbb2af4f6a5fe5665dad4c88d27b6cb018879e03e54f779f203a854e",
- "e1aa7196ceeac088aaddeeba037abb18f67e1b55c0a5c4e71ec70ad666fcddc8",
- "1f038c5422e88eec9e88b815e8f6b3e50852333fc423134348fc7d79ef8e8a10",
- "7258f2ab96fc84ef6ccb33e308cd392d8b568ea635730ceb4ebd72fa870583b9",
- "d2e01411817b5512b79bbbe14d606040a4c90deb09e827d25b9f2fc068997872",
- "55bed2d9c029b7f230bde934c7124ed52b1330856f13cbac65a746f9175f85d7",
- "5190277a0c14d8a3d289292f8a544ce6ea9183200e51aec08440e0c1a463a4e4",
- "fbcea7c2827e0e8085d7707b23a3728823ea6f4878b24747fb4fd2842d406c73",
- };
+ char *y[] = {
+ "9681b517b1cda17d0d83d335d9c4a8a9a9b0b1b3c7106d8f3c72bc5093dc275f",
+ "1f837aa32864870cb8e8d0ac2ff31f824e7beddc4bb7ad72c173ad974b289dc2",
+ "a26df39960ab5248fd3620fd018398e788bd89a3cea509b352452b69811e6856",
+ "d7d35bdce6dedc5de98a7ecb27a9cd066a08f586a733b59f5a2cdb54f971d5c8",
+ "43a047cb20e94b4ffb361ef68952b004c0700b2962e0c0635a70269bc789b849",
+ "489807ca55bdc29ca5c8fe69b94f227b0345cccdbe89975e75d385cc2f6bb1e2",
+ "503f138f8bab1df2c4507ff663a1fdf7f710e7adb8e7841eaa902703e314e793",
+ "32805e311d583b4e007c40668185e85323948e21912b6b0d2cda8557389ae7b0",
+ "ecd98514821bd5aaf3419ab79b71780569470e4fed3da3c1353b28fe137f36eb",
+ "2393c85f1f710c5afc115a39ba7e18abe03f19c9d4bb3d47d19468b818efa535",
+ };
- char *y[] = {
- "9681b517b1cda17d0d83d335d9c4a8a9a9b0b1b3c7106d8f3c72bc5093dc275f",
- "1f837aa32864870cb8e8d0ac2ff31f824e7beddc4bb7ad72c173ad974b289dc2",
- "a26df39960ab5248fd3620fd018398e788bd89a3cea509b352452b69811e6856",
- "d7d35bdce6dedc5de98a7ecb27a9cd066a08f586a733b59f5a2cdb54f971d5c8",
- "43a047cb20e94b4ffb361ef68952b004c0700b2962e0c0635a70269bc789b849",
- "489807ca55bdc29ca5c8fe69b94f227b0345cccdbe89975e75d385cc2f6bb1e2",
- "503f138f8bab1df2c4507ff663a1fdf7f710e7adb8e7841eaa902703e314e793",
- "32805e311d583b4e007c40668185e85323948e21912b6b0d2cda8557389ae7b0",
- "ecd98514821bd5aaf3419ab79b71780569470e4fed3da3c1353b28fe137f36eb",
- "2393c85f1f710c5afc115a39ba7e18abe03f19c9d4bb3d47d19468b818efa535",
- };
+ TC_PRINT("Test #2: ECC KeyGen ");
+ TC_PRINT("NIST-p256\n");
- printf("Test #2: ECC KeyGen ");
- printf("NIST-p256\n");
+ result = keygen_vectors(d, x, y, 10, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
- keygen_vectors(d, x, y, 10, verbose);
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
}
-
/* Test ecc_make_keys, and also as keygen part of other tests */
-void pkv_vectors(char **qx_vec,
- char **qy_vec,
- char **res_vec,
- int tests,
- bool verbose) {
+int pkv_vectors(char **qx_vec, char **qy_vec, char **res_vec, int tests,
+ bool verbose)
+{
- EccPoint pub;
- int rc;
- int exp_rc;
- char tmp;
+ unsigned int pub[2 * NUM_ECC_WORDS];
+ uint8_t _public[2 * NUM_ECC_BYTES];
+ int rc;
+ int exp_rc;
+ char tmp;
+ unsigned int result = TC_PASS;
+ const struct uECC_Curve_t * curve = uECC_secp256r1();
- for (int i=0; i<tests; i++) {
+ for (int i = 0; i < tests; i++) {
- if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
- printf("Error: failed to parse CAVP response.\n");
- exit(-1);
- }
+ if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
+ TC_ERROR("Error: failed to parse CAVP response.\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
- if (strlen(qx_vec[i]) > 2*NUM_ECC_BYTES ||
- strlen(qy_vec[i]) > 2*NUM_ECC_BYTES) {
- // invalid input to ECC digit conversion (string2native())
- rc = -2;
- } else {
- string2scalar(pub.x, NUM_ECC_DIGITS, qx_vec[i]);
- string2scalar(pub.y, NUM_ECC_DIGITS, qy_vec[i]);
- rc = ecc_valid_public_key(&pub);
- }
+ if (strlen(qx_vec[i]) > 2 * NUM_ECC_BYTES ||
+ strlen(qy_vec[i]) > 2 * NUM_ECC_BYTES) {
+ /* invalid input to ECC digit conversion (string2native()) */
+ rc = -2;
+ } else {
+ string2scalar(pub, NUM_ECC_WORDS, qx_vec[i]);
+ string2scalar(pub + NUM_ECC_WORDS, NUM_ECC_WORDS, qy_vec[i]);
- /*
- * map to CAVP error codes
- * 0 => 0 - success
- * -1 => ? - (x,y) = (0,0) (not covered)
- * -2 => 1 - out of bounds (pubverify or ecc import)
- * -3 => 2 - not on curve
- */
+ uECC_vli_nativeToBytes(_public, NUM_ECC_BYTES, pub);
+ uECC_vli_nativeToBytes(_public + NUM_ECC_BYTES, NUM_ECC_BYTES, pub+NUM_ECC_WORDS);
- if (rc == -3) rc = 2;
- if (rc == -2) rc = 1;
+ rc = uECC_valid_public_key(_public, curve);
+ }
- check_code(i, res_vec[i], exp_rc, rc, verbose);
- }
-}
+ /*
+ * map to CAVP error codes
+ * 0 => 0 - success
+ * -1 => ? - (x,y) = (0,0) (not covered)
+ * -2 => 1 - out of bounds (pubverify or ecc import)
+ * -3 => 2 - not on curve
+ * -4 => ? - public key is the group generator
+ */
-void cavp_pkv(bool verbose) {
+ if (rc == -3) rc = 2;
+ if (rc == -2) rc = 1;
- /*
- * [P-256]
- */
- char *x[] = {
- "e0f7449c5588f24492c338f2bc8f7865f755b958d48edb0f2d0056e50c3fd5b7",
- "d17c446237d9df87266ba3a91ff27f45abfdcb77bfd83536e92903efb861a9a9",
- "17875397ae87369365656d490e8ce956911bd97607f2aff41b56f6f3a61989826",
- "f2d1c0dc0852c3d8a2a2500a23a44813ccce1ac4e58444175b440469ffc12273",
- "10b0ca230fff7c04768f4b3d5c75fa9f6c539bea644dffbec5dc796a213061b58",
- "2c1052f25360a15062d204a056274e93cbe8fc4c4e9b9561134ad5c15ce525da",
- "a40d077a87dae157d93dcccf3fe3aca9c6479a75aa2669509d2ef05c7de6782f",
- "2633d398a3807b1895548adbb0ea2495ef4b930f91054891030817df87d4ac0a",
- "14bf57f76c260b51ec6bbc72dbd49f02a56eaed070b774dc4bad75a54653c3d56",
- "2fa74931ae816b426f484180e517f5050c92decfc8daf756cd91f54d51b302f1",
- "f8c6dd3181a76aa0e36c2790bba47041acbe7b1e473ff71eee39a824dc595ff0",
- "7a81a7e0b015252928d8b36e4ca37e92fdc328eb25c774b4f872693028c4be38",
- };
-
- char *y[] = {
- "86d7e9255d0f4b6f44fa2cd6f8ba3c0aa828321d6d8cc430ca6284ce1d5b43a0",
- "1eabb6a349ce2cd447d777b6739c5fc066add2002d2029052c408d0701066231c",
- "980a3c4f61b9692633fbba5ef04c9cb546dd05cdec9fa8428b8849670e2fba92",
- "32bfe992831b305d8c37b9672df5d29fcb5c29b4a40534683e3ace23d24647dd",
- "f5edf37c11052b75f771b7f9fa050e353e464221fec916684ed45b6fead38205",
- "ced9783713a8a2a09eff366987639c625753295d9a85d0f5325e32dedbcada0b",
- "503d86b87d743ba20804fd7e7884aa017414a7b5b5963e0d46e3a9611419ddf3",
- "d6b2f738e3873cc8364a2d364038ce7d0798bb092e3dd77cbdae7c263ba618d2",
- "7a231a23bf8b3aa31d9600d888a0678677a30e573decd3dc56b33f365cc11236",
- "5b994346137988c58c14ae2152ac2f6ad96d97decb33099bd8a0210114cd1141",
- "9c965f227f281b3072b95b8daf29e88b35284f3574462e268e529bbdc50e9e52",
- "08862f7335147261e7b1c3d055f9a316e4cab7daf99cc09d1c647f5dd6e7d5bb",
- };
-
- char *Result[] = {
- "P (0 )", "F (1 - Q_x or Q_y out of range)",
- "F (1 - Q_x or Q_y out of range)", "F (2 - Point not on curve)",
- "F (1 - Q_x or Q_y out of range)", "P (0 )",
- "F (2 - Point not on curve)", "P (0 )",
- "F (1 - Q_x or Q_y out of range)", "P (0 )",
- "F (2 - Point not on curve)", "F (2 - Point not on curve)",
- };
-
- printf("Test #3: PubKeyVerify ");
- printf("NIST-p256-SHA2-256\n");
-
- pkv_vectors(x, y, Result, 12, verbose);
-}
-
-int randfd;
-
-void montecarlo_ecdh(uint32_t num, bool verbose) {
-
- EccPoint l_Q1, l_Q2; /* public keys */
- uint32_t l_random1[2 * NUM_ECC_DIGITS];
- uint32_t l_random2[2 * NUM_ECC_DIGITS];
- uint32_t l_secret1[NUM_ECC_DIGITS];
- uint32_t l_secret2[NUM_ECC_DIGITS];
-
- uint32_t l_shared1[NUM_ECC_DIGITS];
- uint32_t l_shared2[NUM_ECC_DIGITS];
-
- randfd = open("/dev/urandom", O_RDONLY);
- if(randfd == -1) {
- printf("No access to urandom\n");
- exit(-1);
+ result = check_code(i, res_vec[i], exp_rc, rc, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
}
- printf("Test #4: Monte Carlo (Randomized EC-DH key-exchange) ");
- printf("NIST-p256\n");
-
- for(uint32_t i=0; i<num; ++i) {
- if (verbose) {
- fflush(stdout);
- printf(".");
- }
- getRandomBytes((char *)l_random1, 2 * NUM_ECC_DIGITS * sizeof(uint32_t));
- getRandomBytes((char *)l_random2, 2 * NUM_ECC_DIGITS * sizeof(uint32_t));
-
- ecc_make_key(&l_Q1, l_secret1, l_random1);
- ecc_make_key(&l_Q2, l_secret2, l_random2);
-
- if(!ecdh_shared_secret(l_shared1, &l_Q1, l_secret2)) {
- printf("shared_secret() failed (1)\n");
- exit(-1);
- }
-
- if(!ecdh_shared_secret(l_shared2, &l_Q2, l_secret1)) {
- printf("shared_secret() failed (2)\n");
- exit(-1);
- }
-
- if(memcmp(l_shared1, l_shared2, sizeof(l_shared1)) != 0) {
- printf("Shared secrets are not identical!\n");
- printf("Shared secret 1 = ");
- vli_print(l_shared1, NUM_ECC_DIGITS);
- printf("\n");
- printf("Shared secret 2 = ");
- vli_print(l_shared2, NUM_ECC_DIGITS);
- printf("\n");
- printf("Private key 1 = ");
- vli_print(l_secret1, NUM_ECC_DIGITS);
- printf("\n");
- printf("Private key 2 = ");
- vli_print(l_secret2, NUM_ECC_DIGITS);
- printf("\n");
- }
- }
- printf("\n");
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
}
-int main() {
+int cavp_pkv(bool verbose)
+{
+ /*
+ * [P-256]
+ */
+ char *x[] = {
+ "e0f7449c5588f24492c338f2bc8f7865f755b958d48edb0f2d0056e50c3fd5b7",
+ "d17c446237d9df87266ba3a91ff27f45abfdcb77bfd83536e92903efb861a9a9",
+ "17875397ae87369365656d490e8ce956911bd97607f2aff41b56f6f3a61989826",
+ "f2d1c0dc0852c3d8a2a2500a23a44813ccce1ac4e58444175b440469ffc12273",
+ "10b0ca230fff7c04768f4b3d5c75fa9f6c539bea644dffbec5dc796a213061b58",
+ "2c1052f25360a15062d204a056274e93cbe8fc4c4e9b9561134ad5c15ce525da",
+ "a40d077a87dae157d93dcccf3fe3aca9c6479a75aa2669509d2ef05c7de6782f",
+ "2633d398a3807b1895548adbb0ea2495ef4b930f91054891030817df87d4ac0a",
+ "14bf57f76c260b51ec6bbc72dbd49f02a56eaed070b774dc4bad75a54653c3d56",
+ "2fa74931ae816b426f484180e517f5050c92decfc8daf756cd91f54d51b302f1",
+ "f8c6dd3181a76aa0e36c2790bba47041acbe7b1e473ff71eee39a824dc595ff0",
+ "7a81a7e0b015252928d8b36e4ca37e92fdc328eb25c774b4f872693028c4be38",
+ };
- bool verbose = true;
+ char *y[] = {
+ "86d7e9255d0f4b6f44fa2cd6f8ba3c0aa828321d6d8cc430ca6284ce1d5b43a0",
+ "1eabb6a349ce2cd447d777b6739c5fc066add2002d2029052c408d0701066231c",
+ "980a3c4f61b9692633fbba5ef04c9cb546dd05cdec9fa8428b8849670e2fba92",
+ "32bfe992831b305d8c37b9672df5d29fcb5c29b4a40534683e3ace23d24647dd",
+ "f5edf37c11052b75f771b7f9fa050e353e464221fec916684ed45b6fead38205",
+ "ced9783713a8a2a09eff366987639c625753295d9a85d0f5325e32dedbcada0b",
+ "503d86b87d743ba20804fd7e7884aa017414a7b5b5963e0d46e3a9611419ddf3",
+ "d6b2f738e3873cc8364a2d364038ce7d0798bb092e3dd77cbdae7c263ba618d2",
+ "7a231a23bf8b3aa31d9600d888a0678677a30e573decd3dc56b33f365cc11236",
+ "5b994346137988c58c14ae2152ac2f6ad96d97decb33099bd8a0210114cd1141",
+ "9c965f227f281b3072b95b8daf29e88b35284f3574462e268e529bbdc50e9e52",
+ "08862f7335147261e7b1c3d055f9a316e4cab7daf99cc09d1c647f5dd6e7d5bb",
+ };
- cavp_ecdh(verbose);
- cavp_keygen(verbose);
- cavp_pkv(verbose);
- montecarlo_ecdh(10, verbose);
+ char *Result[] = {
+ "P (0 )", "F (1 - Q_x or Q_y out of range)",
+ "F (1 - Q_x or Q_y out of range)", "F (2 - Point not on curve)",
+ "F (1 - Q_x or Q_y out of range)", "P (0 )",
+ "F (2 - Point not on curve)", "P (0 )",
+ "F (1 - Q_x or Q_y out of range)", "P (0 )",
+ "F (2 - Point not on curve)", "F (2 - Point not on curve)",
+ };
- printf("\nAll ECC tests succeeded.\n");
+ TC_PRINT("Test #3: PubKeyVerify ");
+ TC_PRINT("NIST-p256-SHA2-256\n");
- return 0;
+ return pkv_vectors(x, y, Result, 12, verbose);
}
+int montecarlo_ecdh(int num_tests, bool verbose)
+{
+ int i;
+ uint8_t private1[NUM_ECC_BYTES] = {0};
+ uint8_t private2[NUM_ECC_BYTES] = {0};
+ uint8_t public1[2*NUM_ECC_BYTES] = {0};
+ uint8_t public2[2*NUM_ECC_BYTES] = {0};
+ uint8_t secret1[NUM_ECC_BYTES] = {0};
+ uint8_t secret2[NUM_ECC_BYTES] = {0};
+ unsigned int result = TC_PASS;
+
+ const struct uECC_Curve_t * curve = uECC_secp256r1();
+
+ TC_PRINT("Test #4: Monte Carlo (%d Randomized EC-DH key-exchange) ", num_tests);
+ TC_PRINT("NIST-p256\n ");
+
+ for (i = 0; i < num_tests; ++i) {
+ if (verbose) {
+ TC_PRINT(".");
+ fflush(stdout);
+ }
+
+ if (!uECC_make_key(public1, private1, curve) ||
+ !uECC_make_key(public2, private2, curve)) {
+ TC_ERROR("uECC_make_key() failed\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ if (!uECC_shared_secret(public2, private1, secret1, curve)) {
+ TC_ERROR("shared_secret() failed (1)\n");
+ result = TC_FAIL;
+ goto exitTest1;;
+ }
+
+ if (!uECC_shared_secret(public1, private2, secret2, curve)) {
+ TC_ERROR("shared_secret() failed (2)\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ if (memcmp(secret1, secret2, sizeof(secret1)) != 0) {
+ TC_PRINT("Shared secrets are not identical!\n");
+ TC_PRINT("Private key 1 = ");
+ vli_print_bytes(private1, 32);
+ TC_PRINT("\nPrivate key 2 = ");
+ vli_print_bytes(private2, 32);
+ TC_PRINT("\nPublic key 1 = ");
+ vli_print_bytes(public1, 64);
+ TC_PRINT("\nPublic key 2 = ");
+ vli_print_bytes(public2, 64);
+ TC_PRINT("\nShared secret 1 = ");
+ vli_print_bytes(secret1, 32);
+ TC_PRINT("\nShared secret 2 = ");
+ vli_print_bytes(secret2, 32);
+ TC_PRINT("\n");
+ }
+ }
+
+ TC_PRINT("\n");
+
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+int main()
+{
+ unsigned int result = TC_PASS;
+
+ TC_START("Performing ECC-DH tests:");
+
+ /* Setup of the Cryptographically Secure PRNG. */
+ uECC_set_rng(&default_CSPRNG);
+
+ bool verbose = true;
+
+ TC_PRINT("Performing cavp_ecdh test:\n");
+ result = cavp_ecdh(verbose);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("cavp_ecdh test failed.\n");
+ goto exitTest;
+ }
+ TC_PRINT("Performing cavp_keygen test:\n");
+ result = cavp_keygen(verbose);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("cavp_keygen test failed.\n");
+ goto exitTest;
+ }
+ TC_PRINT("Performing cavp_pkv test:\n");
+ result = cavp_pkv(verbose);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("cavp_pkv failed.\n");
+ goto exitTest;
+ }
+ TC_PRINT("Performing montecarlo_ecdh test:\n");
+ result = montecarlo_ecdh(10, verbose);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("montecarlo_ecdh test failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All EC-DH tests succeeded!\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+}
diff --git a/ext/tinycrypt/tests/test_ecc_dsa.c b/ext/tinycrypt/tests/test_ecc_dsa.c
index 9f7a8cd..d1e933c 100644
--- a/ext/tinycrypt/tests/test_ecc_dsa.c
+++ b/ext/tinycrypt/tests/test_ecc_dsa.c
@@ -1,7 +1,30 @@
/* test_ecc_ecdsa.c - TinyCrypt implementation of some EC-DSA tests */
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -32,580 +55,615 @@
* test_ecc_ecdsa.c -- Implementation of some EC-DSA tests
*
*/
-#include <tinycrypt/ecc_dsa.h>
#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_platform_specific.h>
+#include <tinycrypt/ecc_dsa.h>
#include <tinycrypt/ecc_dh.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/sha256.h>
#include <test_utils.h>
#include <test_ecc_utils.h>
-#include <tinycrypt/sha256.h>
-#include <tinycrypt/constants.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
+
#include <fcntl.h>
+/* Maximum size of message to be signed. */
#define BUF_SIZE 256
-int sign_vectors(TCSha256State_t hash,
- char **d_vec,
- char **k_vec,
- char **msg_vec,
- char **qx_vec,
- char **qy_vec,
- char **r_vec,
- char **s_vec,
- int tests,
- bool verbose) {
+int sign_vectors(TCSha256State_t hash, char **d_vec, char **k_vec,
+ char **msg_vec, char **qx_vec, char **qy_vec, char **r_vec,
+ char **s_vec, int tests, bool verbose)
+{
- uint32_t seed[2*NUM_ECC_DIGITS];
- uint32_t prv[NUM_ECC_DIGITS];
- uint32_t r[NUM_ECC_DIGITS];
- uint32_t s[NUM_ECC_DIGITS];
- uint8_t digest[TC_SHA256_DIGEST_SIZE];
- uint32_t dig32[NUM_ECC_DIGITS];
+ unsigned int k[NUM_ECC_WORDS];
+ unsigned int private[NUM_ECC_WORDS];
+ uint8_t private_bytes[NUM_ECC_BYTES];
+ unsigned int sig[2 * NUM_ECC_WORDS];
+ uint8_t sig_bytes[2 * NUM_ECC_BYTES];
+ unsigned int digest[TC_SHA256_DIGEST_SIZE / 4];
+ uint8_t digest_bytes[TC_SHA256_DIGEST_SIZE];
+ unsigned int result = TC_PASS;
- /* expected outputs (converted input vectors) */
- uint32_t exp_r[NUM_ECC_DIGITS];
- uint32_t exp_s[NUM_ECC_DIGITS];
+ /* expected outputs (converted input vectors) */
+ unsigned int exp_r[NUM_ECC_WORDS];
+ unsigned int exp_s[NUM_ECC_WORDS];
- uint8_t msg[BUF_SIZE];
- size_t msglen;
+ uint8_t msg[BUF_SIZE];
+ size_t msglen;
- for (int i=0; i<tests; i++) {
+ for (int i = 0; i < tests; i++) {
- // use keygen test to generate+validate pubkey
- keygen_vectors(d_vec+i, qx_vec+i, qy_vec+i, 1, false);
- string2scalar(prv, NUM_ECC_DIGITS, d_vec[i]);
+ /* use keygen test to generate and validate pubkey */
+ keygen_vectors(d_vec+i, qx_vec+i, qy_vec+i, 1, false);
+ string2scalar(private, NUM_ECC_WORDS, d_vec[i]);
+ uECC_vli_nativeToBytes(private_bytes, NUM_ECC_BYTES, private);
- // validate ECDSA: hash message, sign digest, check r+s
- memset(seed, 0, 2*NUM_ECC_BYTES);
- string2scalar(seed, NUM_ECC_DIGITS, k_vec[i]);
- string2scalar(exp_r, NUM_ECC_DIGITS, r_vec[i]);
- string2scalar(exp_s, NUM_ECC_DIGITS, s_vec[i]);
+ /* validate ECDSA: hash message, sign digest, check r+s */
+ memset(k, 0, NUM_ECC_BYTES);
+ string2scalar(k, NUM_ECC_WORDS, k_vec[i]);
+ string2scalar(exp_r, NUM_ECC_WORDS, r_vec[i]);
+ string2scalar(exp_s, NUM_ECC_WORDS, s_vec[i]);
- msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
+ msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
- if (msglen == false) {
- printf("failed to import message!\n");
- exit(-1);
- }
+ if (msglen == false) {
+ TC_ERROR("failed to import message!\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
- tc_sha256_init(hash);
- tc_sha256_update(hash, msg, msglen);
- tc_sha256_final(digest, hash);
+ tc_sha256_init(hash);
+ tc_sha256_update(hash, msg, msglen);
+ tc_sha256_final(digest_bytes, hash);
- // if digest larger than ECC scalar, drop the end
- // if digest smaller than ECC scalar, zero-pad front
- int hash_dwords = TC_SHA256_DIGEST_SIZE/4;
- if (NUM_ECC_DIGITS < hash_dwords)
- hash_dwords=NUM_ECC_DIGITS;
+ /* if digest larger than ECC scalar, drop the end
+ * if digest smaller than ECC scalar, zero-pad front */
+ int hash_dwords = TC_SHA256_DIGEST_SIZE / 4;
+ if (NUM_ECC_WORDS < hash_dwords) {
+ hash_dwords = NUM_ECC_WORDS;
+ }
- memset(dig32, 0, NUM_ECC_BYTES-4*hash_dwords);
- ecc_bytes2native(dig32+(NUM_ECC_DIGITS-hash_dwords), digest);
+ memset(digest, 0, NUM_ECC_BYTES - 4 * hash_dwords);
+ uECC_vli_bytesToNative(digest + (NUM_ECC_WORDS-hash_dwords),
+ digest_bytes, TC_SHA256_DIGEST_SIZE);
- if (true != ecdsa_sign(r, s, prv, seed, dig32)) {
- printf("ECDSA_sign failed!\n");
- exit(-1);
- }
+ if (uECC_sign_with_k(private_bytes, digest_bytes,
+ sizeof(digest_bytes), k, sig_bytes, uECC_secp256r1()) == 0) {
+ TC_ERROR("ECDSA_sign failed!\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
- check_ecc_result(i, "sig.r", exp_r, r, NUM_ECC_DIGITS, verbose);
- check_ecc_result(i, "sig.s", exp_s, s, NUM_ECC_DIGITS, verbose);
- }
- return 0;
+ uECC_vli_bytesToNative(sig, sig_bytes, NUM_ECC_BYTES);
+ uECC_vli_bytesToNative(sig + NUM_ECC_WORDS, sig_bytes+NUM_ECC_BYTES, NUM_ECC_BYTES);
+
+ result = check_ecc_result(i, "sig.r", exp_r, sig, NUM_ECC_WORDS, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
+ result = check_ecc_result(i, "sig.s", exp_s, sig + NUM_ECC_WORDS, NUM_ECC_WORDS, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
+ }
+
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
}
-void cavp_sign(bool verbose) {
+int cavp_sign(bool verbose)
+{
- /*
- * [P-256,SHA-256]
- */
- char *d[] = {
- "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464",
- "0f56db78ca460b055c500064824bed999a25aaf48ebb519ac201537b85479813",
- "e283871239837e13b95f789e6e1af63bf61c918c992e62bca040d64cad1fc2ef",
- "a3d2d3b7596f6592ce98b4bfe10d41837f10027a90d7bb75349490018cf72d07",
- "53a0e8a8fe93db01e7ae94e1a9882a102ebd079b3a535827d583626c272d280d",
- "4af107e8e2194c830ffb712a65511bc9186a133007855b49ab4b3833aefc4a1d",
- "78dfaa09f1076850b3e206e477494cddcfb822aaa0128475053592c48ebaf4ab",
- "80e692e3eb9fcd8c7d44e7de9f7a5952686407f90025a1d87e52c7096a62618a",
- "5e666c0db0214c3b627a8e48541cc84a8b6fd15f300da4dff5d18aec6c55b881",
- "f73f455271c877c4d5334627e37c278f68d143014b0a05aa62f308b2101c5308",
- "b20d705d9bd7c2b8dc60393a5357f632990e599a0975573ac67fd89b49187906",
- "d4234bebfbc821050341a37e1240efe5e33763cbbb2ef76a1c79e24724e5a5e7",
- "b58f5211dff440626bb56d0ad483193d606cf21f36d9830543327292f4d25d8c",
- "54c066711cdb061eda07e5275f7e95a9962c6764b84f6f1f3ab5a588e0a2afb1",
- "34fa4682bf6cb5b16783adcd18f0e6879b92185f76d7c920409f904f522db4b1",
- };
+ /*
+ * [P-256,SHA-256]
+ */
+ char *d[] = {
+ "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464",
+ "0f56db78ca460b055c500064824bed999a25aaf48ebb519ac201537b85479813",
+ "e283871239837e13b95f789e6e1af63bf61c918c992e62bca040d64cad1fc2ef",
+ "a3d2d3b7596f6592ce98b4bfe10d41837f10027a90d7bb75349490018cf72d07",
+ "53a0e8a8fe93db01e7ae94e1a9882a102ebd079b3a535827d583626c272d280d",
+ "4af107e8e2194c830ffb712a65511bc9186a133007855b49ab4b3833aefc4a1d",
+ "78dfaa09f1076850b3e206e477494cddcfb822aaa0128475053592c48ebaf4ab",
+ "80e692e3eb9fcd8c7d44e7de9f7a5952686407f90025a1d87e52c7096a62618a",
+ "5e666c0db0214c3b627a8e48541cc84a8b6fd15f300da4dff5d18aec6c55b881",
+ "f73f455271c877c4d5334627e37c278f68d143014b0a05aa62f308b2101c5308",
+ "b20d705d9bd7c2b8dc60393a5357f632990e599a0975573ac67fd89b49187906",
+ "d4234bebfbc821050341a37e1240efe5e33763cbbb2ef76a1c79e24724e5a5e7",
+ "b58f5211dff440626bb56d0ad483193d606cf21f36d9830543327292f4d25d8c",
+ "54c066711cdb061eda07e5275f7e95a9962c6764b84f6f1f3ab5a588e0a2afb1",
+ "34fa4682bf6cb5b16783adcd18f0e6879b92185f76d7c920409f904f522db4b1",
+ };
- char *k[] = {
- "94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de",
- "6d3e71882c3b83b156bb14e0ab184aa9fb728068d3ae9fac421187ae0b2f34c6",
- "ad5e887eb2b380b8d8280ad6e5ff8a60f4d26243e0124c2f31a297b5d0835de2",
- "24fc90e1da13f17ef9fe84cc96b9471ed1aaac17e3a4bae33a115df4e5834f18",
- "5d833e8d24cc7a402d7ee7ec852a3587cddeb48358cea71b0bedb8fabe84e0c4",
- "e18f96f84dfa2fd3cdfaec9159d4c338cd54ad314134f0b31e20591fc238d0ab",
- "295544dbb2da3da170741c9b2c6551d40af7ed4e891445f11a02b66a5c258a77",
- "7c80fd66d62cc076cef2d030c17c0a69c99611549cb32c4ff662475adbe84b22",
- "2e7625a48874d86c9e467f890aaa7cd6ebdf71c0102bfdcfa24565d6af3fdce9",
- "62f8665fd6e26b3fa069e85281777a9b1f0dfd2c0b9f54a086d0c109ff9fd615",
- "72b656f6b35b9ccbc712c9f1f3b1a14cbbebaec41c4bca8da18f492a062d6f6f",
- "d926fe10f1bfd9855610f4f5a3d666b1a149344057e35537373372ead8b1a778",
- "e158bf4a2d19a99149d9cdb879294ccb7aaeae03d75ddd616ef8ae51a6dc1071",
- "646fe933e96c3b8f9f507498e907fdd201f08478d0202c752a7c2cfebf4d061a",
- "a6f463ee72c9492bc792fe98163112837aebd07bab7a84aaed05be64db3086f4",
- };
+ char *k[] = {
+ "94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de",
+ "6d3e71882c3b83b156bb14e0ab184aa9fb728068d3ae9fac421187ae0b2f34c6",
+ "ad5e887eb2b380b8d8280ad6e5ff8a60f4d26243e0124c2f31a297b5d0835de2",
+ "24fc90e1da13f17ef9fe84cc96b9471ed1aaac17e3a4bae33a115df4e5834f18",
+ "5d833e8d24cc7a402d7ee7ec852a3587cddeb48358cea71b0bedb8fabe84e0c4",
+ "e18f96f84dfa2fd3cdfaec9159d4c338cd54ad314134f0b31e20591fc238d0ab",
+ "295544dbb2da3da170741c9b2c6551d40af7ed4e891445f11a02b66a5c258a77",
+ "7c80fd66d62cc076cef2d030c17c0a69c99611549cb32c4ff662475adbe84b22",
+ "2e7625a48874d86c9e467f890aaa7cd6ebdf71c0102bfdcfa24565d6af3fdce9",
+ "62f8665fd6e26b3fa069e85281777a9b1f0dfd2c0b9f54a086d0c109ff9fd615",
+ "72b656f6b35b9ccbc712c9f1f3b1a14cbbebaec41c4bca8da18f492a062d6f6f",
+ "d926fe10f1bfd9855610f4f5a3d666b1a149344057e35537373372ead8b1a778",
+ "e158bf4a2d19a99149d9cdb879294ccb7aaeae03d75ddd616ef8ae51a6dc1071",
+ "646fe933e96c3b8f9f507498e907fdd201f08478d0202c752a7c2cfebf4d061a",
+ "a6f463ee72c9492bc792fe98163112837aebd07bab7a84aaed05be64db3086f4",
+ };
- char *Msg[] = {
- "5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf416983fe16"
- "5b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5473e253605fb1ddfd280"
- "65b53cb5858a8ad28175bf9bd386a5e471ea7a65c17cc934a9d791e91491eb3754d0379979"
- "0fe2d308d16146d5c9b0d0debd97d79ce8",
- "c35e2f092553c55772926bdbe87c9796827d17024dbb9233a545366e2e5987dd344deb72df"
- "987144b8c6c43bc41b654b94cc856e16b96d7a821c8ec039b503e3d86728c494a967d83011"
- "a0e090b5d54cd47f4e366c0912bc808fbb2ea96efac88fb3ebec9342738e225f7c7c2b011c"
- "e375b56621a20642b4d36e060db4524af1",
- "3c054e333a94259c36af09ab5b4ff9beb3492f8d5b4282d16801daccb29f70fe61a0b37ffe"
- "f5c04cd1b70e85b1f549a1c4dc672985e50f43ea037efa9964f096b5f62f7ffdf8d6bfb2cc"
- "859558f5a393cb949dbd48f269343b5263dcdb9c556eca074f2e98e6d94c2c29a677afaf80"
- "6edf79b15a3fcd46e7067b7669f83188ee",
- "0989122410d522af64ceb07da2c865219046b4c3d9d99b01278c07ff63eaf1039cb787ae9e"
- "2dd46436cc0415f280c562bebb83a23e639e476a02ec8cff7ea06cd12c86dcc3adefbf1a9e"
- "9a9b6646c7599ec631b0da9a60debeb9b3e19324977f3b4f36892c8a38671c8e1cc8e50fcd"
- "50f9e51deaf98272f9266fc702e4e57c30",
- "dc66e39f9bbfd9865318531ffe9207f934fa615a5b285708a5e9c46b7775150e818d7f24d2"
- "a123df3672fff2094e3fd3df6fbe259e3989dd5edfcccbe7d45e26a775a5c4329a084f057c"
- "42c13f3248e3fd6f0c76678f890f513c32292dd306eaa84a59abe34b16cb5e38d0e885525d"
- "10336ca443e1682aa04a7af832b0eee4e7",
- "600974e7d8c5508e2c1aab0783ad0d7c4494ab2b4da265c2fe496421c4df238b0be25f2565"
- "9157c8a225fb03953607f7df996acfd402f147e37aee2f1693e3bf1c35eab3ae360a2bd91d"
- "04622ea47f83d863d2dfecb618e8b8bdc39e17d15d672eee03bb4ce2cc5cf6b217e5faf3f3"
- "36fdd87d972d3a8b8a593ba85955cc9d71",
- "dfa6cb9b39adda6c74cc8b2a8b53a12c499ab9dee01b4123642b4f11af336a91a5c9ce0520"
- "eb2395a6190ecbf6169c4cba81941de8e76c9c908eb843b98ce95e0da29c5d4388040264e0"
- "5e07030a577cc5d176387154eabae2af52a83e85c61c7c61da930c9b19e45d7e34c8516dc3"
- "c238fddd6e450a77455d534c48a152010b",
- "51d2547cbff92431174aa7fc7302139519d98071c755ff1c92e4694b58587ea560f72f32fc"
- "6dd4dee7d22bb7387381d0256e2862d0644cdf2c277c5d740fa089830eb52bf79d1e75b859"
- "6ecf0ea58a0b9df61e0c9754bfcd62efab6ea1bd216bf181c5593da79f10135a9bc6e164f1"
- "854bc8859734341aad237ba29a81a3fc8b",
- "558c2ac13026402bad4a0a83ebc9468e50f7ffab06d6f981e5db1d082098065bcff6f21a7a"
- "74558b1e8612914b8b5a0aa28ed5b574c36ac4ea5868432a62bb8ef0695d27c1e3ceaf75c7"
- "b251c65ddb268696f07c16d2767973d85beb443f211e6445e7fe5d46f0dce70d58a4cd9fe7"
- "0688c035688ea8c6baec65a5fc7e2c93e8",
- "4d55c99ef6bd54621662c3d110c3cb627c03d6311393b264ab97b90a4b15214a5593ba2510"
- "a53d63fb34be251facb697c973e11b665cb7920f1684b0031b4dd370cb927ca7168b0bf8ad"
- "285e05e9e31e34bc24024739fdc10b78586f29eff94412034e3b606ed850ec2c1900e8e681"
- "51fc4aee5adebb066eb6da4eaa5681378e",
- "f8248ad47d97c18c984f1f5c10950dc1404713c56b6ea397e01e6dd925e903b4fadfe2c9e8"
- "77169e71ce3c7fe5ce70ee4255d9cdc26f6943bf48687874de64f6cf30a012512e787b8805"
- "9bbf561162bdcc23a3742c835ac144cc14167b1bd6727e940540a9c99f3cbb41fb1dcb00d7"
- "6dda04995847c657f4c19d303eb09eb48a",
- "3b6ee2425940b3d240d35b97b6dcd61ed3423d8e71a0ada35d47b322d17b35ea0472f35edd"
- "1d252f87b8b65ef4b716669fc9ac28b00d34a9d66ad118c9d94e7f46d0b4f6c2b2d339fd6b"
- "cd351241a387cc82609057048c12c4ec3d85c661975c45b300cb96930d89370a327c98b67d"
- "efaa89497aa8ef994c77f1130f752f94a4",
- "c5204b81ec0a4df5b7e9fda3dc245f98082ae7f4efe81998dcaa286bd4507ca840a53d21b0"
- "1e904f55e38f78c3757d5a5a4a44b1d5d4e480be3afb5b394a5d2840af42b1b4083d40afbf"
- "e22d702f370d32dbfd392e128ea4724d66a3701da41ae2f03bb4d91bb946c7969404cb544f"
- "71eb7a49eb4c4ec55799bda1eb545143a7",
- "72e81fe221fb402148d8b7ab03549f1180bcc03d41ca59d7653801f0ba853add1f6d29edd7"
- "f9abc621b2d548f8dbf8979bd16608d2d8fc3260b4ebc0dd42482481d548c7075711b57596"
- "49c41f439fad69954956c9326841ea6492956829f9e0dc789f73633b40f6ac77bcae6dfc79"
- "30cfe89e526d1684365c5b0be2437fdb01",
- "21188c3edd5de088dacc1076b9e1bcecd79de1003c2414c3866173054dc82dde85169baa77"
- "993adb20c269f60a5226111828578bcc7c29e6e8d2dae81806152c8ba0c6ada1986a1983eb"
- "eec1473a73a04795b6319d48662d40881c1723a706f516fe75300f92408aa1dc6ae4288d20"
- "46f23c1aa2e54b7fb6448a0da922bd7f34",
- };
+ char *Msg[] = {
+ "5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf416983fe16"
+ "5b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5473e253605fb1ddfd280"
+ "65b53cb5858a8ad28175bf9bd386a5e471ea7a65c17cc934a9d791e91491eb3754d0379979"
+ "0fe2d308d16146d5c9b0d0debd97d79ce8",
+ "c35e2f092553c55772926bdbe87c9796827d17024dbb9233a545366e2e5987dd344deb72df"
+ "987144b8c6c43bc41b654b94cc856e16b96d7a821c8ec039b503e3d86728c494a967d83011"
+ "a0e090b5d54cd47f4e366c0912bc808fbb2ea96efac88fb3ebec9342738e225f7c7c2b011c"
+ "e375b56621a20642b4d36e060db4524af1",
+ "3c054e333a94259c36af09ab5b4ff9beb3492f8d5b4282d16801daccb29f70fe61a0b37ffe"
+ "f5c04cd1b70e85b1f549a1c4dc672985e50f43ea037efa9964f096b5f62f7ffdf8d6bfb2cc"
+ "859558f5a393cb949dbd48f269343b5263dcdb9c556eca074f2e98e6d94c2c29a677afaf80"
+ "6edf79b15a3fcd46e7067b7669f83188ee",
+ "0989122410d522af64ceb07da2c865219046b4c3d9d99b01278c07ff63eaf1039cb787ae9e"
+ "2dd46436cc0415f280c562bebb83a23e639e476a02ec8cff7ea06cd12c86dcc3adefbf1a9e"
+ "9a9b6646c7599ec631b0da9a60debeb9b3e19324977f3b4f36892c8a38671c8e1cc8e50fcd"
+ "50f9e51deaf98272f9266fc702e4e57c30",
+ "dc66e39f9bbfd9865318531ffe9207f934fa615a5b285708a5e9c46b7775150e818d7f24d2"
+ "a123df3672fff2094e3fd3df6fbe259e3989dd5edfcccbe7d45e26a775a5c4329a084f057c"
+ "42c13f3248e3fd6f0c76678f890f513c32292dd306eaa84a59abe34b16cb5e38d0e885525d"
+ "10336ca443e1682aa04a7af832b0eee4e7",
+ "600974e7d8c5508e2c1aab0783ad0d7c4494ab2b4da265c2fe496421c4df238b0be25f2565"
+ "9157c8a225fb03953607f7df996acfd402f147e37aee2f1693e3bf1c35eab3ae360a2bd91d"
+ "04622ea47f83d863d2dfecb618e8b8bdc39e17d15d672eee03bb4ce2cc5cf6b217e5faf3f3"
+ "36fdd87d972d3a8b8a593ba85955cc9d71",
+ "dfa6cb9b39adda6c74cc8b2a8b53a12c499ab9dee01b4123642b4f11af336a91a5c9ce0520"
+ "eb2395a6190ecbf6169c4cba81941de8e76c9c908eb843b98ce95e0da29c5d4388040264e0"
+ "5e07030a577cc5d176387154eabae2af52a83e85c61c7c61da930c9b19e45d7e34c8516dc3"
+ "c238fddd6e450a77455d534c48a152010b",
+ "51d2547cbff92431174aa7fc7302139519d98071c755ff1c92e4694b58587ea560f72f32fc"
+ "6dd4dee7d22bb7387381d0256e2862d0644cdf2c277c5d740fa089830eb52bf79d1e75b859"
+ "6ecf0ea58a0b9df61e0c9754bfcd62efab6ea1bd216bf181c5593da79f10135a9bc6e164f1"
+ "854bc8859734341aad237ba29a81a3fc8b",
+ "558c2ac13026402bad4a0a83ebc9468e50f7ffab06d6f981e5db1d082098065bcff6f21a7a"
+ "74558b1e8612914b8b5a0aa28ed5b574c36ac4ea5868432a62bb8ef0695d27c1e3ceaf75c7"
+ "b251c65ddb268696f07c16d2767973d85beb443f211e6445e7fe5d46f0dce70d58a4cd9fe7"
+ "0688c035688ea8c6baec65a5fc7e2c93e8",
+ "4d55c99ef6bd54621662c3d110c3cb627c03d6311393b264ab97b90a4b15214a5593ba2510"
+ "a53d63fb34be251facb697c973e11b665cb7920f1684b0031b4dd370cb927ca7168b0bf8ad"
+ "285e05e9e31e34bc24024739fdc10b78586f29eff94412034e3b606ed850ec2c1900e8e681"
+ "51fc4aee5adebb066eb6da4eaa5681378e",
+ "f8248ad47d97c18c984f1f5c10950dc1404713c56b6ea397e01e6dd925e903b4fadfe2c9e8"
+ "77169e71ce3c7fe5ce70ee4255d9cdc26f6943bf48687874de64f6cf30a012512e787b8805"
+ "9bbf561162bdcc23a3742c835ac144cc14167b1bd6727e940540a9c99f3cbb41fb1dcb00d7"
+ "6dda04995847c657f4c19d303eb09eb48a",
+ "3b6ee2425940b3d240d35b97b6dcd61ed3423d8e71a0ada35d47b322d17b35ea0472f35edd"
+ "1d252f87b8b65ef4b716669fc9ac28b00d34a9d66ad118c9d94e7f46d0b4f6c2b2d339fd6b"
+ "cd351241a387cc82609057048c12c4ec3d85c661975c45b300cb96930d89370a327c98b67d"
+ "efaa89497aa8ef994c77f1130f752f94a4",
+ "c5204b81ec0a4df5b7e9fda3dc245f98082ae7f4efe81998dcaa286bd4507ca840a53d21b0"
+ "1e904f55e38f78c3757d5a5a4a44b1d5d4e480be3afb5b394a5d2840af42b1b4083d40afbf"
+ "e22d702f370d32dbfd392e128ea4724d66a3701da41ae2f03bb4d91bb946c7969404cb544f"
+ "71eb7a49eb4c4ec55799bda1eb545143a7",
+ "72e81fe221fb402148d8b7ab03549f1180bcc03d41ca59d7653801f0ba853add1f6d29edd7"
+ "f9abc621b2d548f8dbf8979bd16608d2d8fc3260b4ebc0dd42482481d548c7075711b57596"
+ "49c41f439fad69954956c9326841ea6492956829f9e0dc789f73633b40f6ac77bcae6dfc79"
+ "30cfe89e526d1684365c5b0be2437fdb01",
+ "21188c3edd5de088dacc1076b9e1bcecd79de1003c2414c3866173054dc82dde85169baa77"
+ "993adb20c269f60a5226111828578bcc7c29e6e8d2dae81806152c8ba0c6ada1986a1983eb"
+ "eec1473a73a04795b6319d48662d40881c1723a706f516fe75300f92408aa1dc6ae4288d20"
+ "46f23c1aa2e54b7fb6448a0da922bd7f34",
+ };
- char *Qx[] = {
- "1ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83",
- "e266ddfdc12668db30d4ca3e8f7749432c416044f2d2b8c10bf3d4012aeffa8a",
- "74ccd8a62fba0e667c50929a53f78c21b8ff0c3c737b0b40b1750b2302b0bde8",
- "322f80371bf6e044bc49391d97c1714ab87f990b949bc178cb7c43b7c22d89e1",
- "1bcec4570e1ec2436596b8ded58f60c3b1ebc6a403bc5543040ba82963057244",
- "a32e50be3dae2c8ba3f5e4bdae14cf7645420d425ead94036c22dd6c4fc59e00",
- "8bcfe2a721ca6d753968f564ec4315be4857e28bef1908f61a366b1f03c97479",
- "a88bc8430279c8c0400a77d751f26c0abc93e5de4ad9a4166357952fe041e767",
- "1bc487570f040dc94196c9befe8ab2b6de77208b1f38bdaae28f9645c4d2bc3a",
- "b8188bd68701fc396dab53125d4d28ea33a91daf6d21485f4770f6ea8c565dde",
- "51f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce",
- "8fb287f0202ad57ae841aea35f29b2e1d53e196d0ddd9aec24813d64c0922fb7",
- "68229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76",
- "0a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bb",
- "105d22d9c626520faca13e7ced382dcbe93498315f00cc0ac39c4821d0d73737",
- };
+ char *Qx[] = {
+ "1ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83",
+ "e266ddfdc12668db30d4ca3e8f7749432c416044f2d2b8c10bf3d4012aeffa8a",
+ "74ccd8a62fba0e667c50929a53f78c21b8ff0c3c737b0b40b1750b2302b0bde8",
+ "322f80371bf6e044bc49391d97c1714ab87f990b949bc178cb7c43b7c22d89e1",
+ "1bcec4570e1ec2436596b8ded58f60c3b1ebc6a403bc5543040ba82963057244",
+ "a32e50be3dae2c8ba3f5e4bdae14cf7645420d425ead94036c22dd6c4fc59e00",
+ "8bcfe2a721ca6d753968f564ec4315be4857e28bef1908f61a366b1f03c97479",
+ "a88bc8430279c8c0400a77d751f26c0abc93e5de4ad9a4166357952fe041e767",
+ "1bc487570f040dc94196c9befe8ab2b6de77208b1f38bdaae28f9645c4d2bc3a",
+ "b8188bd68701fc396dab53125d4d28ea33a91daf6d21485f4770f6ea8c565dde",
+ "51f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce",
+ "8fb287f0202ad57ae841aea35f29b2e1d53e196d0ddd9aec24813d64c0922fb7",
+ "68229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76",
+ "0a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bb",
+ "105d22d9c626520faca13e7ced382dcbe93498315f00cc0ac39c4821d0d73737",
+ };
- char *Qy[] = {
- "ce4014c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9",
- "bfa86404a2e9ffe67d47c587ef7a97a7f456b863b4d02cfc6928973ab5b1cb39",
- "29074e21f3a0ef88b9efdf10d06aa4c295cc1671f758ca0e4cd108803d0f2614",
- "3c15d54a5cc6b9f09de8457e873eb3deb1fceb54b0b295da6050294fae7fd999",
- "8af62a4c683f096b28558320737bf83b9959a46ad2521004ef74cf85e67494e1",
- "d623bf641160c289d6742c6257ae6ba574446dd1d0e74db3aaa80900b78d4ae9",
- "0f67576a30b8e20d4232d8530b52fb4c89cbc589ede291e499ddd15fe870ab96",
- "2d365a1eef25ead579cc9a069b6abc1b16b81c35f18785ce26a10ba6d1381185",
- "ec81602abd8345e71867c8210313737865b8aa186851e1b48eaca140320f5d8f",
- "423f058810f277f8fe076f6db56e9285a1bf2c2a1dae145095edd9c04970bc4a",
- "4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1",
- "1f6daff1aa2dd2d6d3741623eecb5e7b612997a1039aab2e5cf2de969cfea573",
- "303e8ee3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c",
- "f26dd7d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae",
- "6c47f3cbbfa97dfcebe16270b8c7d5d3a5900b888c42520d751e8faf3b401ef4",
- };
+ char *Qy[] = {
+ "ce4014c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9",
+ "bfa86404a2e9ffe67d47c587ef7a97a7f456b863b4d02cfc6928973ab5b1cb39",
+ "29074e21f3a0ef88b9efdf10d06aa4c295cc1671f758ca0e4cd108803d0f2614",
+ "3c15d54a5cc6b9f09de8457e873eb3deb1fceb54b0b295da6050294fae7fd999",
+ "8af62a4c683f096b28558320737bf83b9959a46ad2521004ef74cf85e67494e1",
+ "d623bf641160c289d6742c6257ae6ba574446dd1d0e74db3aaa80900b78d4ae9",
+ "0f67576a30b8e20d4232d8530b52fb4c89cbc589ede291e499ddd15fe870ab96",
+ "2d365a1eef25ead579cc9a069b6abc1b16b81c35f18785ce26a10ba6d1381185",
+ "ec81602abd8345e71867c8210313737865b8aa186851e1b48eaca140320f5d8f",
+ "423f058810f277f8fe076f6db56e9285a1bf2c2a1dae145095edd9c04970bc4a",
+ "4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1",
+ "1f6daff1aa2dd2d6d3741623eecb5e7b612997a1039aab2e5cf2de969cfea573",
+ "303e8ee3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c",
+ "f26dd7d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae",
+ "6c47f3cbbfa97dfcebe16270b8c7d5d3a5900b888c42520d751e8faf3b401ef4",
+ };
- char *R[] = {
- "f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac",
- "976d3a4e9d23326dc0baa9fa560b7c4e53f42864f508483a6473b6a11079b2db",
- "35fb60f5ca0f3ca08542fb3cc641c8263a2cab7a90ee6a5e1583fac2bb6f6bd1",
- "d7c562370af617b581c84a2468cc8bd50bb1cbf322de41b7887ce07c0e5884ca",
- "18caaf7b663507a8bcd992b836dec9dc5703c080af5e51dfa3a9a7c387182604",
- "8524c5024e2d9a73bde8c72d9129f57873bbad0ed05215a372a84fdbc78f2e68",
- "c5a186d72df452015480f7f338970bfe825087f05c0088d95305f87aacc9b254",
- "9d0c6afb6df3bced455b459cc21387e14929392664bb8741a3693a1795ca6902",
- "2f9e2b4e9f747c657f705bffd124ee178bbc5391c86d056717b140c153570fd9",
- "1cc628533d0004b2b20e7f4baad0b8bb5e0673db159bbccf92491aef61fc9620",
- "9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c42",
- "490efd106be11fc365c7467eb89b8d39e15d65175356775deab211163c2504cb",
- "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb",
- "b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64b",
- "542c40a18140a6266d6f0286e24e9a7bad7650e72ef0e2131e629c076d962663",
- };
+ char *R[] = {
+ "f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac",
+ "976d3a4e9d23326dc0baa9fa560b7c4e53f42864f508483a6473b6a11079b2db",
+ "35fb60f5ca0f3ca08542fb3cc641c8263a2cab7a90ee6a5e1583fac2bb6f6bd1",
+ "d7c562370af617b581c84a2468cc8bd50bb1cbf322de41b7887ce07c0e5884ca",
+ "18caaf7b663507a8bcd992b836dec9dc5703c080af5e51dfa3a9a7c387182604",
+ "8524c5024e2d9a73bde8c72d9129f57873bbad0ed05215a372a84fdbc78f2e68",
+ "c5a186d72df452015480f7f338970bfe825087f05c0088d95305f87aacc9b254",
+ "9d0c6afb6df3bced455b459cc21387e14929392664bb8741a3693a1795ca6902",
+ "2f9e2b4e9f747c657f705bffd124ee178bbc5391c86d056717b140c153570fd9",
+ "1cc628533d0004b2b20e7f4baad0b8bb5e0673db159bbccf92491aef61fc9620",
+ "9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c42",
+ "490efd106be11fc365c7467eb89b8d39e15d65175356775deab211163c2504cb",
+ "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb",
+ "b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64b",
+ "542c40a18140a6266d6f0286e24e9a7bad7650e72ef0e2131e629c076d962663",
+ };
- char *S[] = {
- "8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903",
- "1b766e9ceb71ba6c01dcd46e0af462cd4cfa652ae5017d4555b8eeefe36e1932",
- "ee59d81bc9db1055cc0ed97b159d8784af04e98511d0a9a407b99bb292572e96",
- "b46d9f2d8c4bf83546ff178f1d78937c008d64e8ecc5cbb825cb21d94d670d89",
- "77c68928ac3b88d985fb43fb615fb7ff45c18ba5c81af796c613dfa98352d29c",
- "d18c2caf3b1072f87064ec5e8953f51301cada03469c640244760328eb5a05cb",
- "84a58f9e9d9e735344b316b1aa1ab5185665b85147dc82d92e969d7bee31ca30",
- "d7f9ddd191f1f412869429209ee3814c75c72fa46a9cccf804a2f5cc0b7e739f",
- "f5413bfd85949da8d83de83ab0d19b2986613e224d1901d76919de23ccd03199",
- "880e0bbf82a8cf818ed46ba03cf0fc6c898e36fca36cc7fdb1d2db7503634430",
- "2bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c",
- "644300fc0da4d40fb8c6ead510d14f0bd4e1321a469e9c0a581464c7186b7aa7",
- "9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333",
- "d7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851",
- "4f7f65305e24a6bbb5cff714ba8f5a2cee5bdc89ba8d75dcbf21966ce38eb66f",
- };
+ char *S[] = {
+ "8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903",
+ "1b766e9ceb71ba6c01dcd46e0af462cd4cfa652ae5017d4555b8eeefe36e1932",
+ "ee59d81bc9db1055cc0ed97b159d8784af04e98511d0a9a407b99bb292572e96",
+ "b46d9f2d8c4bf83546ff178f1d78937c008d64e8ecc5cbb825cb21d94d670d89",
+ "77c68928ac3b88d985fb43fb615fb7ff45c18ba5c81af796c613dfa98352d29c",
+ "d18c2caf3b1072f87064ec5e8953f51301cada03469c640244760328eb5a05cb",
+ "84a58f9e9d9e735344b316b1aa1ab5185665b85147dc82d92e969d7bee31ca30",
+ "d7f9ddd191f1f412869429209ee3814c75c72fa46a9cccf804a2f5cc0b7e739f",
+ "f5413bfd85949da8d83de83ab0d19b2986613e224d1901d76919de23ccd03199",
+ "880e0bbf82a8cf818ed46ba03cf0fc6c898e36fca36cc7fdb1d2db7503634430",
+ "2bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c",
+ "644300fc0da4d40fb8c6ead510d14f0bd4e1321a469e9c0a581464c7186b7aa7",
+ "9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333",
+ "d7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851",
+ "4f7f65305e24a6bbb5cff714ba8f5a2cee5bdc89ba8d75dcbf21966ce38eb66f",
+ };
- struct tc_sha256_state_struct sha256_ctx;
+ struct tc_sha256_state_struct sha256_ctx;
- printf("Test #1: ECDSAsign ");
- printf("NIST-p256, SHA2-256\n");
+ TC_PRINT("Test #1: ECDSAsign ");
+ TC_PRINT("NIST-p256, SHA2-256\n");
- sign_vectors(
- &sha256_ctx,
- d,
- k,
- Msg,
- Qx,
- Qy,
- R,
- S,
- 15,
- verbose);
+ return sign_vectors(&sha256_ctx, d, k, Msg, Qx, Qy, R, S, 15, verbose);
}
+int vrfy_vectors(TCSha256State_t hash, char **msg_vec, char **qx_vec, char **qy_vec,
+ char **r_vec, char **s_vec, char **res_vec, int tests, bool verbose)
+{
-void vrfy_vectors(TCSha256State_t hash,
- char **msg_vec,
- char **qx_vec,
- char **qy_vec,
- char **r_vec,
- char **s_vec,
- char **res_vec,
- int tests,
- bool verbose) {
+ const struct uECC_Curve_t * curve = uECC_secp256r1();
+ unsigned int pub[2 * NUM_ECC_WORDS];
+ uint8_t pub_bytes[2 * NUM_ECC_BYTES];
+ unsigned int sig[2 * NUM_ECC_WORDS];
+ uint8_t sig_bytes[2 * NUM_ECC_BYTES];
+ uint8_t digest_bytes[TC_SHA256_DIGEST_SIZE];
+ unsigned int digest[TC_SHA256_DIGEST_SIZE / 4];
+ unsigned int result = TC_PASS;
- EccPoint pub;
- uint32_t r[NUM_ECC_DIGITS];
- uint32_t s[NUM_ECC_DIGITS];
- uint8_t digest[TC_SHA256_DIGEST_SIZE];
- uint32_t dig32[NUM_ECC_DIGITS];
+ int rc;
+ int exp_rc;
+ char tmp;
- int rc;
- int exp_rc;
- char tmp;
+ uint8_t msg[BUF_SIZE];
+ size_t msglen;
- uint8_t msg[BUF_SIZE];
- size_t msglen;
+ for (int i = 0; i < tests; i++) {
- for (int i=0; i<tests; i++) {
+ string2scalar(pub, NUM_ECC_WORDS, qx_vec[i]);
+ string2scalar(pub + NUM_ECC_WORDS, NUM_ECC_WORDS, qy_vec[i]);
+ string2scalar(sig, NUM_ECC_WORDS, r_vec[i]);
+ string2scalar(sig + NUM_ECC_WORDS, NUM_ECC_WORDS, s_vec[i]);
- string2scalar(pub.x, NUM_ECC_DIGITS, qx_vec[i]);
- string2scalar(pub.y, NUM_ECC_DIGITS, qy_vec[i]);
- string2scalar(r, NUM_ECC_DIGITS, r_vec[i]);
- string2scalar(s, NUM_ECC_DIGITS, s_vec[i]);
+ if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
+ TC_ERROR("Error: failed to parse CAVP response.\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
- if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
- printf("Error: failed to parse CAVP response.\n");
- exit(-1);
- }
+ /* validate ECDSA: hash message, verify r+s */
+ msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
- // validate ECDSA: hash message, verify r+s
- msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
+ if (msglen == false) {
+ TC_ERROR("failed to import message!\n");
+ result = TC_FAIL;
+ goto exitTest1;
+ }
- if (msglen == false) {
- printf("failed to import message!\n");
- exit(-1);
- }
+ tc_sha256_init(hash);
+ tc_sha256_update(hash, msg, msglen);
+ tc_sha256_final(digest_bytes, hash);
- tc_sha256_init(hash);
- tc_sha256_update(hash, msg, msglen);
- tc_sha256_final(digest, hash);
+ /* if digest larger than ECC scalar, drop the end
+ * if digest smaller than ECC scalar, zero-pad front */
+ int hash_dwords = TC_SHA256_DIGEST_SIZE / 4;
+ if (NUM_ECC_WORDS < hash_dwords) {
+ hash_dwords = NUM_ECC_WORDS;
+ }
- // if digest larger than ECC scalar, drop the end
- // if digest smaller than ECC scalar, zero-pad front
- int hash_dwords = TC_SHA256_DIGEST_SIZE/4;
- if (NUM_ECC_DIGITS < hash_dwords)
- hash_dwords=NUM_ECC_DIGITS;
+ memset(digest, 0, NUM_ECC_BYTES - 4 * hash_dwords);
+ uECC_vli_bytesToNative(digest + (NUM_ECC_WORDS-hash_dwords), digest_bytes,
+ TC_SHA256_DIGEST_SIZE);
- memset(dig32, 0, NUM_ECC_BYTES-4*hash_dwords);
- ecc_bytes2native(dig32+(NUM_ECC_DIGITS-hash_dwords), digest);
+ uECC_vli_nativeToBytes(pub_bytes, NUM_ECC_BYTES, pub);
+ uECC_vli_nativeToBytes(pub_bytes + NUM_ECC_BYTES, NUM_ECC_BYTES,
+ pub + NUM_ECC_WORDS);
- // adapt return codes to match CAVP error..
- if (0 != ecc_valid_public_key(&pub)) {
- rc = 4; // error 4 - Q changed
- } else {
- rc = ecdsa_verify(&pub, dig32, r, s);
- rc = !rc; // CAVP expects 0 for success, others for fail
- if (exp_rc != 0 && rc != 0)
- rc = exp_rc; // mimic CAVP code on errors..
- }
+ /* adapt return codes to match CAVP error: */
+ if (0 != uECC_valid_public_key(pub_bytes, curve)) {
+ /* error 4 - Q changed */
+ rc = 4;
+ } else {
+ uECC_vli_nativeToBytes(sig_bytes, NUM_ECC_BYTES, sig);
+ uECC_vli_nativeToBytes(sig_bytes + NUM_ECC_BYTES, NUM_ECC_BYTES,
+ sig + NUM_ECC_WORDS);
- check_code(i, res_vec[i], exp_rc, rc, verbose);
- }
+ rc = uECC_verify(pub_bytes, digest_bytes, sizeof(digest_bytes), sig_bytes,
+ uECC_secp256r1());
+ /* CAVP expects 0 for success, others for fail */
+ rc = !rc;
+ if (exp_rc != 0 && rc != 0) {
+ /* mimic CAVP code on errors. */
+ rc = exp_rc;
+ }
+ }
+
+ result = check_code(i, res_vec[i], exp_rc, rc, verbose);
+ if(result == TC_FAIL) {
+ goto exitTest1;
+ }
+ }
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
}
-void cavp_verify(bool verbose) {
+int cavp_verify(bool verbose)
+{
- /*
- * [P-256,SHA-256]
- */
- char *Msg[] = {
- "e4796db5f785f207aa30d311693b3702821dff1168fd2e04c0836825aefd850d9aa60326d8"
- "8cde1a23c7745351392ca2288d632c264f197d05cd424a30336c19fd09bb229654f0222fcb"
- "881a4b35c290a093ac159ce13409111ff0358411133c24f5b8e2090d6db6558afc36f06ca1"
- "f6ef779785adba68db27a409859fc4c4a0",
- "069a6e6b93dfee6df6ef6997cd80dd2182c36653cef10c655d524585655462d683877f95ec"
- "c6d6c81623d8fac4e900ed0019964094e7de91f1481989ae1873004565789cbf5dc56c62ae"
- "dc63f62f3b894c9c6f7788c8ecaadc9bd0e81ad91b2b3569ea12260e93924fdddd3972af52"
- "73198f5efda0746219475017557616170e",
- "df04a346cf4d0e331a6db78cca2d456d31b0a000aa51441defdb97bbeb20b94d8d746429a3"
- "93ba88840d661615e07def615a342abedfa4ce912e562af714959896858af817317a840dcf"
- "f85a057bb91a3c2bf90105500362754a6dd321cdd86128cfc5f04667b57aa78c112411e42d"
- "a304f1012d48cd6a7052d7de44ebcc01de",
- "e1130af6a38ccb412a9c8d13e15dbfc9e69a16385af3c3f1e5da954fd5e7c45fd75e2b8c36"
- "699228e92840c0562fbf3772f07e17f1add56588dd45f7450e1217ad239922dd9c32695dc7"
- "1ff2424ca0dec1321aa47064a044b7fe3c2b97d03ce470a592304c5ef21eed9f93da56bb23"
- "2d1eeb0035f9bf0dfafdcc4606272b20a3",
- "73c5f6a67456ae48209b5f85d1e7de7758bf235300c6ae2bdceb1dcb27a7730fb68c950b7f"
- "cada0ecc4661d3578230f225a875e69aaa17f1e71c6be5c831f22663bac63d0c7a9635edb0"
- "043ff8c6f26470f02a7bc56556f1437f06dfa27b487a6c4290d8bad38d4879b334e341ba09"
- "2dde4e4ae694a9c09302e2dbf443581c08",
- "666036d9b4a2426ed6585a4e0fd931a8761451d29ab04bd7dc6d0c5b9e38e6c2b263ff6cb8"
- "37bd04399de3d757c6c7005f6d7a987063cf6d7e8cb38a4bf0d74a282572bd01d0f41e3fd0"
- "66e3021575f0fa04f27b700d5b7ddddf50965993c3f9c7118ed78888da7cb221849b326059"
- "2b8e632d7c51e935a0ceae15207bedd548",
- "7e80436bce57339ce8da1b5660149a20240b146d108deef3ec5da4ae256f8f894edcbbc57b"
- "34ce37089c0daa17f0c46cd82b5a1599314fd79d2fd2f446bd5a25b8e32fcf05b76d644573"
- "a6df4ad1dfea707b479d97237a346f1ec632ea5660efb57e8717a8628d7f82af50a4e84b11"
- "f21bdff6839196a880ae20b2a0918d58cd",
- "1669bfb657fdc62c3ddd63269787fc1c969f1850fb04c933dda063ef74a56ce13e3a649700"
- "820f0061efabf849a85d474326c8a541d99830eea8131eaea584f22d88c353965dabcdc4bf"
- "6b55949fd529507dfb803ab6b480cd73ca0ba00ca19c438849e2cea262a1c57d8f81cd257f"
- "b58e19dec7904da97d8386e87b84948169",
- "3fe60dd9ad6caccf5a6f583b3ae65953563446c4510b70da115ffaa0ba04c076115c7043ab"
- "8733403cd69c7d14c212c655c07b43a7c71b9a4cffe22c2684788ec6870dc2013f269172c8"
- "22256f9e7cc674791bf2d8486c0f5684283e1649576efc982ede17c7b74b214754d70402fb"
- "4bb45ad086cf2cf76b3d63f7fce39ac970",
- "983a71b9994d95e876d84d28946a041f8f0a3f544cfcc055496580f1dfd4e312a2ad418fe6"
- "9dbc61db230cc0c0ed97e360abab7d6ff4b81ee970a7e97466acfd9644f828ffec538abc38"
- "3d0e92326d1c88c55e1f46a668a039beaa1be631a89129938c00a81a3ae46d4aecbf9707f7"
- "64dbaccea3ef7665e4c4307fa0b0a3075c",
- "4a8c071ac4fd0d52faa407b0fe5dab759f7394a5832127f2a3498f34aac287339e043b4ffa"
- "79528faf199dc917f7b066ad65505dab0e11e6948515052ce20cfdb892ffb8aa9bf3f1aa5b"
- "e30a5bbe85823bddf70b39fd7ebd4a93a2f75472c1d4f606247a9821f1a8c45a6cb80545de"
- "2e0c6c0174e2392088c754e9c8443eb5af",
- "0a3a12c3084c865daf1d302c78215d39bfe0b8bf28272b3c0b74beb4b7409db0718239de70"
- "0785581514321c6440a4bbaea4c76fa47401e151e68cb6c29017f0bce4631290af5ea5e2bf"
- "3ed742ae110b04ade83a5dbd7358f29a85938e23d87ac8233072b79c94670ff0959f9c7f45"
- "17862ff829452096c78f5f2e9a7e4e9216",
- "785d07a3c54f63dca11f5d1a5f496ee2c2f9288e55007e666c78b007d95cc28581dce51f49"
- "0b30fa73dc9e2d45d075d7e3a95fb8a9e1465ad191904124160b7c60fa720ef4ef1c5d2998"
- "f40570ae2a870ef3e894c2bc617d8a1dc85c3c55774928c38789b4e661349d3f84d2441a3b"
- "856a76949b9f1f80bc161648a1cad5588e",
- "76f987ec5448dd72219bd30bf6b66b0775c80b394851a43ff1f537f140a6e7229ef8cd72ad"
- "58b1d2d20298539d6347dd5598812bc65323aceaf05228f738b5ad3e8d9fe4100fd767c2f0"
- "98c77cb99c2992843ba3eed91d32444f3b6db6cd212dd4e5609548f4bb62812a920f6e2bf1"
- "581be1ebeebdd06ec4e971862cc42055ca",
- "60cd64b2cd2be6c33859b94875120361a24085f3765cb8b2bf11e026fa9d8855dbe435acf7"
- "882e84f3c7857f96e2baab4d9afe4588e4a82e17a78827bfdb5ddbd1c211fbc2e6d884cddd"
- "7cb9d90d5bf4a7311b83f352508033812c776a0e00c003c7e0d628e50736c7512df0acfa9f"
- "2320bd102229f46495ae6d0857cc452a84",
- };
+ /*
+ * [P-256,SHA-256]
+ */
+ char *Msg[] = {
+ "e4796db5f785f207aa30d311693b3702821dff1168fd2e04c0836825aefd850d9aa60326d8"
+ "8cde1a23c7745351392ca2288d632c264f197d05cd424a30336c19fd09bb229654f0222fcb"
+ "881a4b35c290a093ac159ce13409111ff0358411133c24f5b8e2090d6db6558afc36f06ca1"
+ "f6ef779785adba68db27a409859fc4c4a0",
+ "069a6e6b93dfee6df6ef6997cd80dd2182c36653cef10c655d524585655462d683877f95ec"
+ "c6d6c81623d8fac4e900ed0019964094e7de91f1481989ae1873004565789cbf5dc56c62ae"
+ "dc63f62f3b894c9c6f7788c8ecaadc9bd0e81ad91b2b3569ea12260e93924fdddd3972af52"
+ "73198f5efda0746219475017557616170e",
+ "df04a346cf4d0e331a6db78cca2d456d31b0a000aa51441defdb97bbeb20b94d8d746429a3"
+ "93ba88840d661615e07def615a342abedfa4ce912e562af714959896858af817317a840dcf"
+ "f85a057bb91a3c2bf90105500362754a6dd321cdd86128cfc5f04667b57aa78c112411e42d"
+ "a304f1012d48cd6a7052d7de44ebcc01de",
+ "e1130af6a38ccb412a9c8d13e15dbfc9e69a16385af3c3f1e5da954fd5e7c45fd75e2b8c36"
+ "699228e92840c0562fbf3772f07e17f1add56588dd45f7450e1217ad239922dd9c32695dc7"
+ "1ff2424ca0dec1321aa47064a044b7fe3c2b97d03ce470a592304c5ef21eed9f93da56bb23"
+ "2d1eeb0035f9bf0dfafdcc4606272b20a3",
+ "73c5f6a67456ae48209b5f85d1e7de7758bf235300c6ae2bdceb1dcb27a7730fb68c950b7f"
+ "cada0ecc4661d3578230f225a875e69aaa17f1e71c6be5c831f22663bac63d0c7a9635edb0"
+ "043ff8c6f26470f02a7bc56556f1437f06dfa27b487a6c4290d8bad38d4879b334e341ba09"
+ "2dde4e4ae694a9c09302e2dbf443581c08",
+ "666036d9b4a2426ed6585a4e0fd931a8761451d29ab04bd7dc6d0c5b9e38e6c2b263ff6cb8"
+ "37bd04399de3d757c6c7005f6d7a987063cf6d7e8cb38a4bf0d74a282572bd01d0f41e3fd0"
+ "66e3021575f0fa04f27b700d5b7ddddf50965993c3f9c7118ed78888da7cb221849b326059"
+ "2b8e632d7c51e935a0ceae15207bedd548",
+ "7e80436bce57339ce8da1b5660149a20240b146d108deef3ec5da4ae256f8f894edcbbc57b"
+ "34ce37089c0daa17f0c46cd82b5a1599314fd79d2fd2f446bd5a25b8e32fcf05b76d644573"
+ "a6df4ad1dfea707b479d97237a346f1ec632ea5660efb57e8717a8628d7f82af50a4e84b11"
+ "f21bdff6839196a880ae20b2a0918d58cd",
+ "1669bfb657fdc62c3ddd63269787fc1c969f1850fb04c933dda063ef74a56ce13e3a649700"
+ "820f0061efabf849a85d474326c8a541d99830eea8131eaea584f22d88c353965dabcdc4bf"
+ "6b55949fd529507dfb803ab6b480cd73ca0ba00ca19c438849e2cea262a1c57d8f81cd257f"
+ "b58e19dec7904da97d8386e87b84948169",
+ "3fe60dd9ad6caccf5a6f583b3ae65953563446c4510b70da115ffaa0ba04c076115c7043ab"
+ "8733403cd69c7d14c212c655c07b43a7c71b9a4cffe22c2684788ec6870dc2013f269172c8"
+ "22256f9e7cc674791bf2d8486c0f5684283e1649576efc982ede17c7b74b214754d70402fb"
+ "4bb45ad086cf2cf76b3d63f7fce39ac970",
+ "983a71b9994d95e876d84d28946a041f8f0a3f544cfcc055496580f1dfd4e312a2ad418fe6"
+ "9dbc61db230cc0c0ed97e360abab7d6ff4b81ee970a7e97466acfd9644f828ffec538abc38"
+ "3d0e92326d1c88c55e1f46a668a039beaa1be631a89129938c00a81a3ae46d4aecbf9707f7"
+ "64dbaccea3ef7665e4c4307fa0b0a3075c",
+ "4a8c071ac4fd0d52faa407b0fe5dab759f7394a5832127f2a3498f34aac287339e043b4ffa"
+ "79528faf199dc917f7b066ad65505dab0e11e6948515052ce20cfdb892ffb8aa9bf3f1aa5b"
+ "e30a5bbe85823bddf70b39fd7ebd4a93a2f75472c1d4f606247a9821f1a8c45a6cb80545de"
+ "2e0c6c0174e2392088c754e9c8443eb5af",
+ "0a3a12c3084c865daf1d302c78215d39bfe0b8bf28272b3c0b74beb4b7409db0718239de70"
+ "0785581514321c6440a4bbaea4c76fa47401e151e68cb6c29017f0bce4631290af5ea5e2bf"
+ "3ed742ae110b04ade83a5dbd7358f29a85938e23d87ac8233072b79c94670ff0959f9c7f45"
+ "17862ff829452096c78f5f2e9a7e4e9216",
+ "785d07a3c54f63dca11f5d1a5f496ee2c2f9288e55007e666c78b007d95cc28581dce51f49"
+ "0b30fa73dc9e2d45d075d7e3a95fb8a9e1465ad191904124160b7c60fa720ef4ef1c5d2998"
+ "f40570ae2a870ef3e894c2bc617d8a1dc85c3c55774928c38789b4e661349d3f84d2441a3b"
+ "856a76949b9f1f80bc161648a1cad5588e",
+ "76f987ec5448dd72219bd30bf6b66b0775c80b394851a43ff1f537f140a6e7229ef8cd72ad"
+ "58b1d2d20298539d6347dd5598812bc65323aceaf05228f738b5ad3e8d9fe4100fd767c2f0"
+ "98c77cb99c2992843ba3eed91d32444f3b6db6cd212dd4e5609548f4bb62812a920f6e2bf1"
+ "581be1ebeebdd06ec4e971862cc42055ca",
+ "60cd64b2cd2be6c33859b94875120361a24085f3765cb8b2bf11e026fa9d8855dbe435acf7"
+ "882e84f3c7857f96e2baab4d9afe4588e4a82e17a78827bfdb5ddbd1c211fbc2e6d884cddd"
+ "7cb9d90d5bf4a7311b83f352508033812c776a0e00c003c7e0d628e50736c7512df0acfa9f"
+ "2320bd102229f46495ae6d0857cc452a84",
+ };
- char *Qx[] = {
- "87f8f2b218f49845f6f10eec3877136269f5c1a54736dbdf69f89940cad41555",
- "5cf02a00d205bdfee2016f7421807fc38ae69e6b7ccd064ee689fc1a94a9f7d2",
- "2ddfd145767883ffbb0ac003ab4a44346d08fa2570b3120dcce94562422244cb",
- "e424dc61d4bb3cb7ef4344a7f8957a0c5134e16f7a67c074f82e6e12f49abf3c",
- "e0fc6a6f50e1c57475673ee54e3a57f9a49f3328e743bf52f335e3eeaa3d2864",
- "a849bef575cac3c6920fbce675c3b787136209f855de19ffe2e8d29b31a5ad86",
- "3dfb6f40f2471b29b77fdccba72d37c21bba019efa40c1c8f91ec405d7dcc5df",
- "69b7667056e1e11d6caf6e45643f8b21e7a4bebda463c7fdbc13bc98efbd0214",
- "bf02cbcf6d8cc26e91766d8af0b164fc5968535e84c158eb3bc4e2d79c3cc682",
- "224a4d65b958f6d6afb2904863efd2a734b31798884801fcab5a590f4d6da9de",
- "43691c7795a57ead8c5c68536fe934538d46f12889680a9cb6d055a066228369",
- "9157dbfcf8cf385f5bb1568ad5c6e2a8652ba6dfc63bc1753edf5268cb7eb596",
- "072b10c081a4c1713a294f248aef850e297991aca47fa96a7470abe3b8acfdda",
- "09308ea5bfad6e5adf408634b3d5ce9240d35442f7fe116452aaec0d25be8c24",
- "2d98ea01f754d34bbc3003df5050200abf445ec728556d7ed7d5c54c55552b6d",
- };
+ char *Qx[] = {
+ "87f8f2b218f49845f6f10eec3877136269f5c1a54736dbdf69f89940cad41555",
+ "5cf02a00d205bdfee2016f7421807fc38ae69e6b7ccd064ee689fc1a94a9f7d2",
+ "2ddfd145767883ffbb0ac003ab4a44346d08fa2570b3120dcce94562422244cb",
+ "e424dc61d4bb3cb7ef4344a7f8957a0c5134e16f7a67c074f82e6e12f49abf3c",
+ "e0fc6a6f50e1c57475673ee54e3a57f9a49f3328e743bf52f335e3eeaa3d2864",
+ "a849bef575cac3c6920fbce675c3b787136209f855de19ffe2e8d29b31a5ad86",
+ "3dfb6f40f2471b29b77fdccba72d37c21bba019efa40c1c8f91ec405d7dcc5df",
+ "69b7667056e1e11d6caf6e45643f8b21e7a4bebda463c7fdbc13bc98efbd0214",
+ "bf02cbcf6d8cc26e91766d8af0b164fc5968535e84c158eb3bc4e2d79c3cc682",
+ "224a4d65b958f6d6afb2904863efd2a734b31798884801fcab5a590f4d6da9de",
+ "43691c7795a57ead8c5c68536fe934538d46f12889680a9cb6d055a066228369",
+ "9157dbfcf8cf385f5bb1568ad5c6e2a8652ba6dfc63bc1753edf5268cb7eb596",
+ "072b10c081a4c1713a294f248aef850e297991aca47fa96a7470abe3b8acfdda",
+ "09308ea5bfad6e5adf408634b3d5ce9240d35442f7fe116452aaec0d25be8c24",
+ "2d98ea01f754d34bbc3003df5050200abf445ec728556d7ed7d5c54c55552b6d",
+ };
- char *Qy[] = {
- "e15f369036f49842fac7a86c8a2b0557609776814448b8f5e84aa9f4395205e9",
- "ec530ce3cc5c9d1af463f264d685afe2b4db4b5828d7e61b748930f3ce622a85",
- "5f70c7d11ac2b7a435ccfbbae02c3df1ea6b532cc0e9db74f93fffca7c6f9a64",
- "970eed7aa2bc48651545949de1dddaf0127e5965ac85d1243d6f60e7dfaee927",
- "7f59d689c91e463607d9194d99faf316e25432870816dde63f5d4b373f12f22a",
- "bf5fe4f7858f9b805bd8dcc05ad5e7fb889de2f822f3d8b41694e6c55c16b471",
- "f22f953f1e395a52ead7f3ae3fc47451b438117b1e04d613bc8555b7d6e6d1bb",
- "d3f9b12eb46c7c6fda0da3fc85bc1fd831557f9abc902a3be3cb3e8be7d1aa2f",
- "069ba6cb06b49d60812066afa16ecf7b51352f2c03bd93ec220822b1f3dfba03",
- "178d51fddada62806f097aa615d33b8f2404e6b1479f5fd4859d595734d6d2b9",
- "f8790110b3c3b281aa1eae037d4f1234aff587d903d93ba3af225c27ddc9ccac",
- "972570f4313d47fc96f7c02d5594d77d46f91e949808825b3d31f029e8296405",
- "9581145cca04a0fb94cedce752c8f0370861916d2a94e7c647c5373ce6a4c8f5",
- "f40c93e023ef494b1c3079b2d10ef67f3170740495ce2cc57f8ee4b0618b8ee5",
- "9b52672742d637a32add056dfd6d8792f2a33c2e69dafabea09b960bc61e230a",
- };
+ char *Qy[] = {
+ "e15f369036f49842fac7a86c8a2b0557609776814448b8f5e84aa9f4395205e9",
+ "ec530ce3cc5c9d1af463f264d685afe2b4db4b5828d7e61b748930f3ce622a85",
+ "5f70c7d11ac2b7a435ccfbbae02c3df1ea6b532cc0e9db74f93fffca7c6f9a64",
+ "970eed7aa2bc48651545949de1dddaf0127e5965ac85d1243d6f60e7dfaee927",
+ "7f59d689c91e463607d9194d99faf316e25432870816dde63f5d4b373f12f22a",
+ "bf5fe4f7858f9b805bd8dcc05ad5e7fb889de2f822f3d8b41694e6c55c16b471",
+ "f22f953f1e395a52ead7f3ae3fc47451b438117b1e04d613bc8555b7d6e6d1bb",
+ "d3f9b12eb46c7c6fda0da3fc85bc1fd831557f9abc902a3be3cb3e8be7d1aa2f",
+ "069ba6cb06b49d60812066afa16ecf7b51352f2c03bd93ec220822b1f3dfba03",
+ "178d51fddada62806f097aa615d33b8f2404e6b1479f5fd4859d595734d6d2b9",
+ "f8790110b3c3b281aa1eae037d4f1234aff587d903d93ba3af225c27ddc9ccac",
+ "972570f4313d47fc96f7c02d5594d77d46f91e949808825b3d31f029e8296405",
+ "9581145cca04a0fb94cedce752c8f0370861916d2a94e7c647c5373ce6a4c8f5",
+ "f40c93e023ef494b1c3079b2d10ef67f3170740495ce2cc57f8ee4b0618b8ee5",
+ "9b52672742d637a32add056dfd6d8792f2a33c2e69dafabea09b960bc61e230a",
+ };
- char *R[] = {
- "d19ff48b324915576416097d2544f7cbdf8768b1454ad20e0baac50e211f23b0",
- "dc23d130c6117fb5751201455e99f36f59aba1a6a21cf2d0e7481a97451d6693",
- "9913111cff6f20c5bf453a99cd2c2019a4e749a49724a08774d14e4c113edda8",
- "bf96b99aa49c705c910be33142017c642ff540c76349b9dab72f981fd9347f4f",
- "1d75830cd36f4c9aa181b2c4221e87f176b7f05b7c87824e82e396c88315c407",
- "25acc3aa9d9e84c7abf08f73fa4195acc506491d6fc37cb9074528a7db87b9d6",
- "548886278e5ec26bed811dbb72db1e154b6f17be70deb1b210107decb1ec2a5a",
- "288f7a1cd391842cce21f00e6f15471c04dc182fe4b14d92dc18910879799790",
- "f5acb06c59c2b4927fb852faa07faf4b1852bbb5d06840935e849c4d293d1bad",
- "87b93ee2fecfda54deb8dff8e426f3c72c8864991f8ec2b3205bb3b416de93d2",
- "8acd62e8c262fa50dd9840480969f4ef70f218ebf8ef9584f199031132c6b1ce",
- "dfaea6f297fa320b707866125c2a7d5d515b51a503bee817de9faa343cc48eeb",
- "09f5483eccec80f9d104815a1be9cc1a8e5b12b6eb482a65c6907b7480cf4f19",
- "5cc8aa7c35743ec0c23dde88dabd5e4fcd0192d2116f6926fef788cddb754e73",
- "06108e525f845d0155bf60193222b3219c98e3d49424c2fb2a0987f825c17959",
- };
+ char *R[] = {
+ "d19ff48b324915576416097d2544f7cbdf8768b1454ad20e0baac50e211f23b0",
+ "dc23d130c6117fb5751201455e99f36f59aba1a6a21cf2d0e7481a97451d6693",
+ "9913111cff6f20c5bf453a99cd2c2019a4e749a49724a08774d14e4c113edda8",
+ "bf96b99aa49c705c910be33142017c642ff540c76349b9dab72f981fd9347f4f",
+ "1d75830cd36f4c9aa181b2c4221e87f176b7f05b7c87824e82e396c88315c407",
+ "25acc3aa9d9e84c7abf08f73fa4195acc506491d6fc37cb9074528a7db87b9d6",
+ "548886278e5ec26bed811dbb72db1e154b6f17be70deb1b210107decb1ec2a5a",
+ "288f7a1cd391842cce21f00e6f15471c04dc182fe4b14d92dc18910879799790",
+ "f5acb06c59c2b4927fb852faa07faf4b1852bbb5d06840935e849c4d293d1bad",
+ "87b93ee2fecfda54deb8dff8e426f3c72c8864991f8ec2b3205bb3b416de93d2",
+ "8acd62e8c262fa50dd9840480969f4ef70f218ebf8ef9584f199031132c6b1ce",
+ "dfaea6f297fa320b707866125c2a7d5d515b51a503bee817de9faa343cc48eeb",
+ "09f5483eccec80f9d104815a1be9cc1a8e5b12b6eb482a65c6907b7480cf4f19",
+ "5cc8aa7c35743ec0c23dde88dabd5e4fcd0192d2116f6926fef788cddb754e73",
+ "06108e525f845d0155bf60193222b3219c98e3d49424c2fb2a0987f825c17959",
+ };
- char *Result[] = {
- "F (3 - S changed)", "F (2 - R changed)", "F (4 - Q changed)",
- "P (0 )", "P (0 )", "F (2 - R changed)",
- "F (4 - Q changed)", "F (1 - Message changed)", "F (3 - S changed)",
- "F (2 - R changed)", "F (3 - S changed)", "F (1 - Message changed)",
- "F (4 - Q changed)", "F (1 - Message changed)", "P (0 )",
- };
+ char *Result[] = {
+ "F (3 - S changed)", "F (2 - R changed)", "F (4 - Q changed)",
+ "P (0 )", "P (0 )", "F (2 - R changed)",
+ "F (4 - Q changed)", "F (1 - Message changed)", "F (3 - S changed)",
+ "F (2 - R changed)", "F (3 - S changed)", "F (1 - Message changed)",
+ "F (4 - Q changed)", "F (1 - Message changed)", "P (0 )",
+ };
- char *S[] = {
- "a3e81e59311cdfff2d4784949f7a2cb50ba6c3a91fa54710568e61aca3e847c6",
- "d6ce7708c18dbf35d4f8aa7240922dc6823f2e7058cbc1484fcad1599db5018c",
- "9467cd4cd21ecb56b0cab0a9a453b43386845459127a952421f5c6382866c5cc",
- "17c55095819089c2e03b9cd415abdf12444e323075d98f31920b9e0f57ec871c",
- "cb2acb01dac96efc53a32d4a0d85d0c2e48955214783ecf50a4f0414a319c05a",
- "9b21d5b5259ed3f2ef07dfec6cc90d3a37855d1ce122a85ba6a333f307d31537",
- "e93bfebd2f14f3d827ca32b464be6e69187f5edbd52def4f96599c37d58eee75",
- "247b3c4e89a3bcadfea73c7bfd361def43715fa382b8c3edf4ae15d6e55e9979",
- "049dab79c89cc02f1484c437f523e080a75f134917fda752f2d5ca397addfe5d",
- "4044a24df85be0cc76f21a4430b75b8e77b932a87f51e4eccbc45c263ebf8f66",
- "cfca7ed3d4347fb2a29e526b43c348ae1ce6c60d44f3191b6d8ea3a2d9c92154",
- "8f780ad713f9c3e5a4f7fa4c519833dfefc6a7432389b1e4af463961f09764f2",
- "a4f90e560c5e4eb8696cb276e5165b6a9d486345dedfb094a76e8442d026378d",
- "9c9c045ebaa1b828c32f82ace0d18daebf5e156eb7cbfdc1eff4399a8a900ae7",
- "62b5cdd591e5b507e560167ba8f6f7cda74673eb315680cb89ccbc4eec477dce",
- };
+ char *S[] = {
+ "a3e81e59311cdfff2d4784949f7a2cb50ba6c3a91fa54710568e61aca3e847c6",
+ "d6ce7708c18dbf35d4f8aa7240922dc6823f2e7058cbc1484fcad1599db5018c",
+ "9467cd4cd21ecb56b0cab0a9a453b43386845459127a952421f5c6382866c5cc",
+ "17c55095819089c2e03b9cd415abdf12444e323075d98f31920b9e0f57ec871c",
+ "cb2acb01dac96efc53a32d4a0d85d0c2e48955214783ecf50a4f0414a319c05a",
+ "9b21d5b5259ed3f2ef07dfec6cc90d3a37855d1ce122a85ba6a333f307d31537",
+ "e93bfebd2f14f3d827ca32b464be6e69187f5edbd52def4f96599c37d58eee75",
+ "247b3c4e89a3bcadfea73c7bfd361def43715fa382b8c3edf4ae15d6e55e9979",
+ "049dab79c89cc02f1484c437f523e080a75f134917fda752f2d5ca397addfe5d",
+ "4044a24df85be0cc76f21a4430b75b8e77b932a87f51e4eccbc45c263ebf8f66",
+ "cfca7ed3d4347fb2a29e526b43c348ae1ce6c60d44f3191b6d8ea3a2d9c92154",
+ "8f780ad713f9c3e5a4f7fa4c519833dfefc6a7432389b1e4af463961f09764f2",
+ "a4f90e560c5e4eb8696cb276e5165b6a9d486345dedfb094a76e8442d026378d",
+ "9c9c045ebaa1b828c32f82ace0d18daebf5e156eb7cbfdc1eff4399a8a900ae7",
+ "62b5cdd591e5b507e560167ba8f6f7cda74673eb315680cb89ccbc4eec477dce",
+ };
- struct tc_sha256_state_struct sha256_ctx;
+ struct tc_sha256_state_struct sha256_ctx;
- printf("Test #2: ECDSAvrfy ");
- printf("NIST-p256, SHA2-256\n");
+ printf("Test #2: ECDSAvrfy ");
+ printf("NIST-p256, SHA2-256\n");
- vrfy_vectors(
- &sha256_ctx,
- Msg,
- Qx,
- Qy,
- R,
- S,
- Result,
- 15,
- verbose);
+ return vrfy_vectors(&sha256_ctx, Msg, Qx, Qy, R, S, Result, 15, verbose);
}
-int randfd;
+int montecarlo_signverify(int num_tests, bool verbose)
+{
+ printf("Test #3: Monte Carlo (%d Randomized EC-DSA signatures) ", num_tests);
+ printf("NIST-p256, SHA2-256\n ");
+ int i;
+ uint8_t private[NUM_ECC_BYTES];
+ uint8_t public[2*NUM_ECC_BYTES];
+ uint8_t hash[NUM_ECC_BYTES];
+ unsigned int hash_words[NUM_ECC_WORDS];
+ uint8_t sig[2*NUM_ECC_BYTES];
-void montecarlo_signverify(uint32_t num, bool verbose) {
+ const struct uECC_Curve_t * curve = uECC_secp256r1();
- printf("Test #3: Monte Carlo (Randomized EC-DSA signatures) ");
- printf("NIST-p256, SHA2-256\n");
+ for (i = 0; i < num_tests; ++i) {
+ if (verbose) {
+ TC_PRINT(".");
+ fflush(stdout);
+ }
- EccPoint l_public;
- uint32_t l_private[NUM_ECC_DIGITS];
+ uECC_generate_random_int(hash_words, curve->n, BITS_TO_WORDS(curve->num_n_bits));
+ uECC_vli_nativeToBytes(hash, NUM_ECC_BYTES, hash_words);
- uint32_t l_hash[NUM_ECC_DIGITS];
- uint32_t l_random[2 * NUM_ECC_DIGITS];
+ if (!uECC_make_key(public, private, curve)) {
+ TC_ERROR("uECC_make_key() failed\n");
+ return TC_FAIL;
+ }
- uint32_t r[NUM_ECC_DIGITS];
- uint32_t s[NUM_ECC_DIGITS];
+ if (!uECC_sign(private, hash, sizeof(hash), sig, curve)) {
+ TC_ERROR("uECC_sign() failed\n");
+ return TC_FAIL;
+ }
- randfd = open("/dev/urandom", O_RDONLY);
- if(randfd == -1) {
- printf("No access to urandom\n");
- exit(-1);
- }
-
- for(uint32_t i=0; i<num; ++i) {
-
- getRandomBytes((char *)l_random, sizeof(l_random));
- ecc_make_key(&l_public, l_private, l_random);
-
- getRandomBytes((char *)l_hash, sizeof(l_hash));
- getRandomBytes((char *)l_random, sizeof(l_random));
-
- if(!ecdsa_sign(r, s, l_private, l_random, l_hash)) {
- printf("ecdsa_sign() failed\n");
- exit(-1);
- }
-
- if(ecc_valid_public_key(&l_public) != 0) {
- printf("Not a valid public key!\n");
- exit(-1);
- }
-
- if(!ecdsa_verify(&l_public, l_hash, r, s)) {
- printf("ecdsa_verify() failed\n");
- exit(-1);
- }
-
- if (verbose) {
- fflush(stdout);
- printf(".");
- }
- }
- printf("\n");
+ if (!uECC_verify(public, hash, sizeof(hash), sig, curve)) {
+ TC_ERROR("uECC_verify() failed\n");
+ return TC_FAIL;
+ }
+ if (verbose) {
+ fflush(stdout);
+ printf(".");
+ }
+ }
+ TC_PRINT("\n");
+ return TC_PASS;
}
-int main() {
+int main()
+{
+ unsigned int result = TC_PASS;
- bool verbose = true;
+ TC_START("Performing ECC-DSA tests:");
+ /* Setup of the Cryptographically Secure PRNG. */
+ uECC_set_rng(&default_CSPRNG);
- cavp_sign(verbose);
- cavp_verify(verbose);
- montecarlo_signverify(10, verbose);
+ bool verbose = true;
- printf("\nAll ECC-DSA tests succeeded.\n");
+ TC_PRINT("Performing cavp_sign test:\n");
+ result = cavp_sign(verbose);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("cavp_sign test failed.\n");
+ goto exitTest;
+ }
+ TC_PRINT("Performing cavp_verify test:\n");
+ result = cavp_verify(verbose);
+ if (result == TC_FAIL) {
+ TC_ERROR("cavp_verify test failed.\n");
+ goto exitTest;
+ }
+ TC_PRINT("Performing montecarlo_signverify test:\n");
+ result = montecarlo_signverify(10, verbose);
+ if (result == TC_FAIL) {
+ TC_ERROR("montecarlo_signverify test failed.\n");
+ goto exitTest;
+ }
- return 0;
+ TC_PRINT("\nAll ECC-DSA tests succeeded.\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
}
diff --git a/ext/tinycrypt/tests/test_ecc_utils.c b/ext/tinycrypt/tests/test_ecc_utils.c
index a635ebe..5c81eba 100644
--- a/ext/tinycrypt/tests/test_ecc_utils.c
+++ b/ext/tinycrypt/tests/test_ecc_utils.c
@@ -1,7 +1,30 @@
/* test_ecc_utils.c - TinyCrypt common functions for ECC tests */
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -32,8 +55,7 @@
* test_ecc_utils.c -- Implementation of some common functions for ECC tests.
*
*/
-#include <tinycrypt/ecc.h>
-#include <tinycrypt/ecc_dh.h>
+
#include <test_ecc_utils.h>
#include <tinycrypt/constants.h>
@@ -41,190 +63,209 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <unistd.h>
-extern int randfd;
+int hex2int (char hex)
+{
+ uint8_t dec;
-void getRandomBytes(void *p_dest, unsigned p_size) {
- if(read(randfd, p_dest, p_size) != (int)p_size) {
- printf("Failed to get random bytes.\n");
- }
-}
+ if ('0' <= hex && hex <= '9') dec = hex - '0';
+ else if ('a' <= hex && hex <= 'f') dec = hex - 'a' + 10;
+ else if ('A' <= hex && hex <= 'F') dec = hex - 'A' + 10;
+ else return -1;
-int hex2int (char hex) {
- uint8_t dec;
-
- if ('0' <= hex && hex <= '9') dec = hex - '0';
- else if ('a' <= hex && hex <= 'f') dec = hex - 'a' + 10;
- else if ('A' <= hex && hex <= 'F') dec = hex - 'A' + 10;
- else return -1;
-
- return dec;
+ return dec;
}
/*
* Convert hex string to byte string
* Return number of bytes written to buf, or 0 on error
*/
-int hex2bin(
- uint8_t *buf,
- const size_t buflen,
- const char *hex,
- const size_t hexlen) {
+int hex2bin(uint8_t *buf, const size_t buflen, const char *hex,
+ const size_t hexlen)
+{
- int dec;
+ int dec;
- if (buflen < hexlen/2 + hexlen%2)
- return false;
+ if (buflen < hexlen / 2 + hexlen % 2)
+ {
+ return false;
+ }
- // if hexlen is uneven, insert leading zero nibble
- if (hexlen%2) {
- dec = hex2int(hex[0]);
- if (dec == -1)
- return false;
- buf[0] = dec;
- buf++;
- hex++;
- }
+ /* if hexlen is uneven, insert leading zero nibble */
+ if (hexlen % 2)
+ {
+ dec = hex2int(hex[0]);
+ if (dec == -1)
+ return false;
+ buf[0] = dec;
+ buf++;
+ hex++;
+ }
- // regular hex conversion
- for (size_t i = 0; i<hexlen/2; i++) {
- dec = hex2int(hex[2*i]);
- if (dec == -1)
- return false;
- buf[i] = dec << 4;
+ /* regular hex conversion */
+ for (size_t i = 0; i < hexlen / 2; i++)
+ {
+ dec = hex2int(hex[2 * i]);
+ if (dec == -1)
+ {
+ return false;
+ }
+ buf[i] = dec << 4;
- dec = hex2int(hex[2*i+1]);
- if (dec == -1)
- return false;
- buf[i] += dec;
- }
- return hexlen/2 + hexlen%2;
+ dec = hex2int(hex[ 2 * i + 1]);
+ if (dec == -1)
+ {
+ return false;
+ }
+ buf[i] += dec;
+ }
+ return hexlen / 2 + hexlen % 2;
}
/*
* Convert hex string to zero-padded nanoECC scalar
*/
-void string2scalar(uint32_t * scalar, uint32_t num_word32, char *str) {
+void string2scalar(unsigned int *scalar, unsigned int num_word32, char *str)
+{
- uint32_t num_bytes = 4*num_word32;
- uint8_t tmp[num_bytes];
- size_t hexlen = strlen(str);
+ unsigned int num_bytes = 4 * num_word32;
+ uint8_t tmp[num_bytes];
+ size_t hexlen = strlen(str);
- int padding;
+ int padding;
- if (0 > (padding = 2*num_bytes - strlen(str))) {
- printf(
- "Error: 2*num_bytes(%u) < strlen(hex) (%zu)\n",
- 2*num_bytes,
- strlen(str));
- exit(-1);
- }
+ if (0 > (padding = 2 * num_bytes - strlen(str)))
+ {
+ printf("Error: 2 * num_bytes(%d) < strlen(hex) (%zu)\n",
+ 2 * num_bytes, strlen(str));
+ exit(-1);
+ }
- memset(tmp, 0, padding/2);
+ memset(tmp, 0, padding / 2);
- if (false == hex2bin(tmp+padding/2, num_bytes, str, hexlen))
- exit(-1);
- ecc_bytes2native(scalar, tmp);
+ if (false == hex2bin(tmp + padding / 2, num_bytes, str, hexlen))
+ {
+ exit(-1);
+ }
+ uECC_vli_bytesToNative(scalar, tmp, num_bytes);
}
-void vli_print(uint32_t *p_vli, unsigned int p_size) {
- while(p_size) {
- printf("%08X ", (unsigned)p_vli[p_size - 1]);
- --p_size;
- }
+void vli_print_bytes(uint8_t *vli, unsigned int size)
+{
+ for(unsigned i = 0; i < size; ++i)
+ {
+ printf("%02X ", (unsigned)vli[i]);
+ }
}
-void print_ecc_scalar(
- const char *label,
- const uint32_t * p_vli,
- uint32_t num_word32) {
- uint32_t i;
+void print_ecc_scalar(const char *label, const unsigned int * p_vli,
+ unsigned int num_word32)
+{
+ unsigned int i;
- if (label)
- printf("%s = { ", label);
+ if (label) {
+ printf("%s = { ", label);
+ }
- for(i=0; i<num_word32-1; ++i)
- printf("0x%08lX, ", (unsigned long)p_vli[i]);
- printf("0x%08lX", (unsigned long)p_vli[i]);
+ for(i = 0; i < num_word32 - 1; ++i) {
+ printf("0x%08lX, ", (unsigned long)p_vli[i]);
+ }
+ printf("0x%08lX", (unsigned long)p_vli[i]);
- if (label)
- printf(" };\n");
+ if (label) {
+ printf(" };\n");
+ }
}
-void check_code(const int num,
- const char *name,
- const int expected,
- const int computed,
- const int verbose) {
-
- if (expected != computed) {
- printf("\n Vector #%02d check %s - FAILURE:\n", num, name);
- printf("\n Expected: %d, computed: %d\n\n", expected, computed);
- exit(-1);
- }
-
- if (verbose)
- printf(" Vector #%02d check %s - success (%d=%d)\n",
- num,
- name,
- expected,
- computed);
-
-}
-
-void check_ecc_result(const int num, const char *name,
- const uint32_t *expected,
- const uint32_t *computed,
- const uint32_t num_word32,
- const bool verbose) {
-
- uint32_t num_bytes = 4*num_word32;
+int check_ecc_result(const int num, const char *name,
+ const unsigned int *expected,
+ const unsigned int *computed,
+ const unsigned int num_word32, const bool verbose)
+{
+ uint32_t num_bytes = 4 * num_word32;
if (memcmp(computed, expected, num_bytes)) {
- printf("\n Vector #%02d check %s - FAILURE:\n\n", num, name);
+ TC_PRINT("\n Vector #%02d check %s - FAILURE:\n\n", num, name);
print_ecc_scalar("Expected", expected, num_word32);
print_ecc_scalar("Computed", computed, num_word32);
- printf("\n");
- exit(-1);
+ TC_PRINT("\n");
+ return TC_FAIL;
}
- if (verbose)
- printf(" Vector #%02d check %s - success\n", num, name);
+ if (verbose) {
+ TC_PRINT(" Vector #%02d check %s - success\n", num, name);
+ }
+ return TC_PASS;
+}
+
+int check_code(const int num, const char *name, const int expected,
+ const int computed, const int verbose)
+{
+
+ if (expected != computed) {
+ TC_ERROR("\n Vector #%02d check %s - FAILURE:\n", num, name);
+ TC_ERROR("\n Expected: %d, computed: %d\n\n", expected, computed);
+ return TC_FAIL;
+ }
+
+ if (verbose) {
+ TC_PRINT(" Vector #%02d check %s - success (%d=%d)\n", num, name,
+ expected, computed);
+ }
+
+ return TC_PASS;
}
/* Test ecc_make_keys, and also as keygen part of other tests */
-EccPoint keygen_vectors(char **d_vec,
- char **qx_vec,
- char **qy_vec,
- int tests,
- bool verbose) {
+int keygen_vectors(char **d_vec, char **qx_vec, char **qy_vec, int tests,
+ bool verbose)
+{
- EccPoint pub;
- uint32_t seed[NUM_ECC_DIGITS * 2];
- uint32_t prv[NUM_ECC_DIGITS];
+ unsigned int pub[2 * NUM_ECC_WORDS];
+ unsigned int d[NUM_ECC_WORDS];
+ unsigned int prv[NUM_ECC_WORDS];
+ unsigned int result = TC_PASS;
- /* expected outputs (converted input vectors) */
- EccPoint exp_pub;
- uint32_t exp_prv[NUM_ECC_DIGITS];
+ /* expected outputs (converted input vectors) */
+ unsigned int exp_pub[2 * NUM_ECC_WORDS];
+ unsigned int exp_prv[NUM_ECC_WORDS];
- for (int i=0; i<tests; i++) {
+ for (int i = 0; i < tests; i++) {
+ string2scalar(exp_prv, NUM_ECC_WORDS, d_vec[i]);
+ string2scalar(exp_pub, NUM_ECC_WORDS, qx_vec[i]);
+ string2scalar(exp_pub + NUM_ECC_WORDS, NUM_ECC_WORDS, qy_vec[i]);
- string2scalar(exp_prv, NUM_ECC_DIGITS, d_vec[i]);
- string2scalar(exp_pub.x, NUM_ECC_DIGITS, qx_vec[i]);
- string2scalar(exp_pub.y, NUM_ECC_DIGITS, qy_vec[i]);
+ /*
+ * Feed prvkey vector as padded random seed into ecc_make_key.
+ * Internal mod-reduction will be zero-op and generate correct prv/pub
+ */
+ memset(d, 0, NUM_ECC_WORDS);
+ string2scalar(d, NUM_ECC_WORDS, d_vec[i]);
- /*
- * Feed prvkey vector as padded random seed into ecc_make_key.
- * Internal mod-reduction will be zero-op and generate correct prv/pub
- */
- memset(seed, 0, NUM_ECC_BYTES * 2);
- string2scalar(seed, NUM_ECC_DIGITS, d_vec[i]);
- ecc_make_key(&pub, prv, seed);
+ uint8_t pub_bytes[2*NUM_ECC_BYTES];
+ uint8_t prv_bytes[NUM_ECC_BYTES];
- // validate correctness of vector conversion and make_key()
- check_ecc_result(i, "prv ", exp_prv, prv, NUM_ECC_DIGITS, verbose);
- check_ecc_result(i, "pub.x", exp_pub.x, pub.x, NUM_ECC_DIGITS, verbose);
- check_ecc_result(i, "pub.y", exp_pub.y, pub.y, NUM_ECC_DIGITS, verbose);
+ uECC_make_key_with_d(pub_bytes, prv_bytes, d, uECC_secp256r1());
- }
- return pub;
+ uECC_vli_bytesToNative(prv, prv_bytes, NUM_ECC_BYTES);
+ uECC_vli_bytesToNative(pub, pub_bytes, NUM_ECC_BYTES);
+ uECC_vli_bytesToNative(pub + NUM_ECC_WORDS, pub_bytes + NUM_ECC_BYTES, NUM_ECC_BYTES);
+
+ /* validate correctness of vector conversion and make_key() */
+ result = check_ecc_result(i, "prv ", exp_prv, prv, NUM_ECC_WORDS, verbose);
+ if (result == TC_FAIL) {
+ return result;
+ }
+ result = check_ecc_result(i, "pub.x", exp_pub, pub, NUM_ECC_WORDS, verbose);
+ if (result == TC_FAIL) {
+ return result;
+ }
+ result = check_ecc_result(i, "pub.y", exp_pub + NUM_ECC_WORDS, pub + NUM_ECC_WORDS, NUM_ECC_WORDS, verbose);
+ if (result == TC_FAIL) {
+ return result;
+ }
+ }
+ return result;
}
diff --git a/ext/tinycrypt/tests/test_hmac.c b/ext/tinycrypt/tests/test_hmac.c
index 38ccf9f..a41275e 100644
--- a/ext/tinycrypt/tests/test_hmac.c
+++ b/ext/tinycrypt/tests/test_hmac.c
@@ -1,7 +1,7 @@
/* test_hmac.c - TinyCrypt implementation of some HMAC tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -48,12 +48,12 @@
#include <string.h>
#include <stdint.h>
-uint32_t do_hmac_test(TCHmacState_t h, uint32_t testnum, const uint8_t *data,
- size_t datalen, const uint8_t *expected,
- size_t expectedlen)
+unsigned int do_hmac_test(TCHmacState_t h, unsigned int testnum, const uint8_t *data,
+ size_t datalen, const uint8_t *expected,
+ size_t expectedlen)
{
uint8_t digest[32];
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
(void)tc_hmac_init(h);
(void)tc_hmac_update(h, data, datalen);
@@ -66,243 +66,238 @@
/*
* NIST test vectors for encryption.
*/
-uint32_t test_1(void)
+unsigned int test_1(void)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[20] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
};
const uint8_t data[8] = {
- 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
+ 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
};
const uint8_t expected[32] = {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce,
- 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
+ 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce,
+ 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+ 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 1, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 1, data, sizeof(data),expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_2(void)
+unsigned int test_2(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[4] = {
0x4a, 0x65, 0x66, 0x65
};
const uint8_t data[28] = {
- 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, 0x79, 0x61, 0x20, 0x77,
- 0x61, 0x6e, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
- 0x69, 0x6e, 0x67, 0x3f
+ 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, 0x79, 0x61, 0x20, 0x77,
+ 0x61, 0x6e, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
+ 0x69, 0x6e, 0x67, 0x3f
};
const uint8_t expected[32] = {
- 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26,
- 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
- 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
+ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26,
+ 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 2, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 2, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_3(void)
+unsigned int test_3(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[20] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
};
const uint8_t data[50] = {
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd
};
const uint8_t expected[32] = {
- 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb,
- 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
- 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
+ 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb,
+ 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
+ 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 3, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 3, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_4(void)
+unsigned int test_4(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
+
const uint8_t key[25] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
- 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19
};
const uint8_t data[50] = {
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd
};
const uint8_t expected[32] = {
- 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98,
- 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
- 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
+ 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98,
+ 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+ 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 4, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 4, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_5(void)
+unsigned int test_5(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[20] = {
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
};
const uint8_t data[20] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x57, 0x69, 0x74, 0x68, 0x20, 0x54, 0x72,
- 0x75, 0x6e, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x57, 0x69, 0x74, 0x68, 0x20, 0x54, 0x72,
+ 0x75, 0x6e, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e
};
const uint8_t expected[32] = {
- 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, 0x6e, 0x0c, 0x79, 0x6c,
- 0x29, 0x55, 0x55, 0x2b, 0xfa, 0x6f, 0x7c, 0x0a, 0x6a, 0x8a, 0xef, 0x8b,
- 0x93, 0xf8, 0x60, 0xaa, 0xb0, 0xcd, 0x20, 0xc5
+ 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, 0x6e, 0x0c, 0x79, 0x6c,
+ 0x29, 0x55, 0x55, 0x2b, 0xfa, 0x6f, 0x7c, 0x0a, 0x6a, 0x8a, 0xef, 0x8b,
+ 0x93, 0xf8, 0x60, 0xaa, 0xb0, 0xcd, 0x20, 0xc5
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 5, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 5, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_6(void)
+unsigned int test_6(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[131] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
};
const uint8_t data[54] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x4c,
- 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, 0x65, 0x20, 0x4b, 0x65,
- 0x79, 0x20, 0x2d, 0x20, 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
- 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x4c,
+ 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, 0x65, 0x20, 0x4b, 0x65,
+ 0x79, 0x20, 0x2d, 0x20, 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
+ 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
};
const uint8_t expected[32] = {
- 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa,
- 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
- 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
+ 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa,
+ 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
+ 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 6, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 6, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
-uint32_t test_7(void)
+unsigned int test_7(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("HMAC %s:\n", __func__);
const uint8_t key[131] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
};
const uint8_t data[152] = {
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65,
- 0x73, 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
- 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
- 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, 0x6c, 0x61, 0x72, 0x67,
- 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
- 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, 0x61, 0x74, 0x61, 0x2e,
- 0x20, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
- 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, 0x20, 0x68, 0x61, 0x73,
- 0x68, 0x65, 0x64, 0x20, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
- 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, 0x64, 0x20, 0x62, 0x79,
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
- 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65,
+ 0x73, 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
+ 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
+ 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, 0x6c, 0x61, 0x72, 0x67,
+ 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
+ 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, 0x61, 0x74, 0x61, 0x2e,
+ 0x20, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
+ 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, 0x20, 0x68, 0x61, 0x73,
+ 0x68, 0x65, 0x64, 0x20, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
+ 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, 0x64, 0x20, 0x62, 0x79,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
+ 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
};
const uint8_t expected[32] = {
- 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc,
- 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
- 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
+ 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc,
+ 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
+ 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
};
struct tc_hmac_state_struct h;
(void)memset(&h, 0x00, sizeof(h));
(void)tc_hmac_set_key(&h, key, sizeof(key));
- result = do_hmac_test(&h, 7, data, sizeof(data),
- expected, sizeof(expected));
+ result = do_hmac_test(&h, 7, data, sizeof(data), expected,
+ sizeof(expected));
TC_END_RESULT(result);
return result;
}
@@ -312,42 +307,49 @@
*/
int main(void)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_START("Performing HMAC tests (RFC4231 test vectors):");
result = test_1();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #1 failed.\n");
goto exitTest;
}
result = test_2();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #2 failed.\n");
goto exitTest;
}
result = test_3();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #3 failed.\n");
goto exitTest;
}
result = test_4();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #4 failed.\n");
goto exitTest;
}
result = test_5();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #5 failed.\n");
goto exitTest;
}
result = test_6();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC #6 test failed.\n");
goto exitTest;
}
result = test_7();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("HMAC test #7 failed.\n");
goto exitTest;
}
diff --git a/ext/tinycrypt/tests/test_hmac_prng.c b/ext/tinycrypt/tests/test_hmac_prng.c
index 9071305..b45e984 100644
--- a/ext/tinycrypt/tests/test_hmac_prng.c
+++ b/ext/tinycrypt/tests/test_hmac_prng.c
@@ -1,7 +1,7 @@
/* test_hmac_prng.c - TinyCrypt implementation of some HMAC-PRNG tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -48,24 +48,44 @@
#include <stdlib.h>
#include <string.h>
+#define TC_DEBUG_MODE 0
+
+#ifdef TC_DEBUG_MODE
+void show(const char *label, const uint8_t *s, size_t len)
+{
+ unsigned int i;
+ printf ("%s = ", label);
+ for (i = 0; i < (unsigned int) len; ++i) {
+ printf ("%02x", s[i]);
+ }
+ printf ("\n");
+}
+
+void printBinaryFile(const uint8_t *s, unsigned int slen)
+{
+ FILE *write_ptr;
+ write_ptr = fopen("pseudo-random-data.bin","wb");
+ fwrite(s, slen, 1, write_ptr);
+}
+#endif
+
/*
* Main task to test AES
*/
-
int main(void)
{
uint8_t seed[128];
struct tc_hmac_prng_struct h;
- uint32_t size = (1 << 15);
+ unsigned int size = (1 << 19);
uint8_t random[size];
- uint32_t i;
- uint32_t result = TC_PASS;
+ unsigned int i;
+ unsigned int result = TC_PASS;
TC_START("Performing HMAC-PRNG tests:");
TC_PRINT("HMAC-PRNG test#1 (init, reseed, generate):\n");
/* Fake seed (replace by a a truly random seed): */
- for (i = 0; i < (uint32_t) sizeof(seed); ++i) {
+ for (i = 0; i < (unsigned int) sizeof(seed); ++i) {
seed[i] = i;
}
@@ -102,6 +122,11 @@
}
TC_END_RESULT(result);
+#ifdef TC_DEBUG_MODE
+ printBinaryFile(random, size);
+ show ("Pseudo-random data", random, size);
+#endif
+
TC_PRINT("All HMAC tests succeeded!\n");
exitTest:
diff --git a/ext/tinycrypt/tests/test_sha256.c b/ext/tinycrypt/tests/test_sha256.c
index 5da973f..b309ed1 100644
--- a/ext/tinycrypt/tests/test_sha256.c
+++ b/ext/tinycrypt/tests/test_sha256.c
@@ -1,7 +1,7 @@
/* test_sha256.c - TinyCrypt implementation of some SHA-256 tests */
/*
- * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -50,15 +50,15 @@
/*
* NIST SHA256 test vector 1.
*/
-uint32_t test_1(void)
+unsigned int test_1(void)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #1:\n");
const uint8_t expected[32] = {
- 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
- 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
- 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
+ 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
};
const char *m = "abc";
uint8_t digest[32];
@@ -76,15 +76,14 @@
/*
* NIST SHA256 test vector 2.
*/
-uint32_t test_2(void)
+unsigned int test_2(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #2:\n");
const uint8_t expected[32] = {
- 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93,
- 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
- 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
+ 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93,
+ 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+ 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
};
const char *m = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
uint8_t digest[32];
@@ -100,15 +99,14 @@
return result;
}
-uint32_t test_3(void)
+unsigned int test_3(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #3:\n");
const uint8_t expected[32] = {
- 0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b,
- 0x31, 0x3d, 0x05, 0x70, 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa,
- 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b
+ 0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b,
+ 0x31, 0x3d, 0x05, 0x70, 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa,
+ 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b
};
const uint8_t m[1] = { 0xbd };
uint8_t digest[32];
@@ -124,15 +122,14 @@
return result;
}
-uint32_t test_4(void)
+unsigned int test_4(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #4:\n");
const uint8_t expected[32] = {
- 0x7a, 0xbc, 0x22, 0xc0, 0xae, 0x5a, 0xf2, 0x6c, 0xe9, 0x3d, 0xbb, 0x94,
- 0x43, 0x3a, 0x0e, 0x0b, 0x2e, 0x11, 0x9d, 0x01, 0x4f, 0x8e, 0x7f, 0x65,
- 0xbd, 0x56, 0xc6, 0x1c, 0xcc, 0xcd, 0x95, 0x04
+ 0x7a, 0xbc, 0x22, 0xc0, 0xae, 0x5a, 0xf2, 0x6c, 0xe9, 0x3d, 0xbb, 0x94,
+ 0x43, 0x3a, 0x0e, 0x0b, 0x2e, 0x11, 0x9d, 0x01, 0x4f, 0x8e, 0x7f, 0x65,
+ 0xbd, 0x56, 0xc6, 0x1c, 0xcc, 0xcd, 0x95, 0x04
};
const uint8_t m[4] = { 0xc9, 0x8c, 0x8e, 0x55 };
uint8_t digest[32];
@@ -148,15 +145,15 @@
return result;
}
-uint32_t test_5(void)
+unsigned int test_5(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #5:\n");
+
const uint8_t expected[32] = {
- 0x02, 0x77, 0x94, 0x66, 0xcd, 0xec, 0x16, 0x38, 0x11, 0xd0, 0x78, 0x81,
- 0x5c, 0x63, 0x3f, 0x21, 0x90, 0x14, 0x13, 0x08, 0x14, 0x49, 0x00, 0x2f,
- 0x24, 0xaa, 0x3e, 0x80, 0xf0, 0xb8, 0x8e, 0xf7
+ 0x02, 0x77, 0x94, 0x66, 0xcd, 0xec, 0x16, 0x38, 0x11, 0xd0, 0x78, 0x81,
+ 0x5c, 0x63, 0x3f, 0x21, 0x90, 0x14, 0x13, 0x08, 0x14, 0x49, 0x00, 0x2f,
+ 0x24, 0xaa, 0x3e, 0x80, 0xf0, 0xb8, 0x8e, 0xf7
};
uint8_t m[55];
uint8_t digest[32];
@@ -174,15 +171,14 @@
return result;
}
-uint32_t test_6(void)
+unsigned int test_6(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #6:\n");
const uint8_t expected[32] = {
- 0xd4, 0x81, 0x7a, 0xa5, 0x49, 0x76, 0x28, 0xe7, 0xc7, 0x7e, 0x6b, 0x60,
- 0x61, 0x07, 0x04, 0x2b, 0xbb, 0xa3, 0x13, 0x08, 0x88, 0xc5, 0xf4, 0x7a,
- 0x37, 0x5e, 0x61, 0x79, 0xbe, 0x78, 0x9f, 0xbb
+ 0xd4, 0x81, 0x7a, 0xa5, 0x49, 0x76, 0x28, 0xe7, 0xc7, 0x7e, 0x6b, 0x60,
+ 0x61, 0x07, 0x04, 0x2b, 0xbb, 0xa3, 0x13, 0x08, 0x88, 0xc5, 0xf4, 0x7a,
+ 0x37, 0x5e, 0x61, 0x79, 0xbe, 0x78, 0x9f, 0xbb
};
uint8_t m[56];
uint8_t digest[32];
@@ -200,15 +196,14 @@
return result;
}
-uint32_t test_7(void)
+unsigned int test_7(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #7:\n");
const uint8_t expected[32] = {
- 0x65, 0xa1, 0x6c, 0xb7, 0x86, 0x13, 0x35, 0xd5, 0xac, 0xe3, 0xc6, 0x07,
- 0x18, 0xb5, 0x05, 0x2e, 0x44, 0x66, 0x07, 0x26, 0xda, 0x4c, 0xd1, 0x3b,
- 0xb7, 0x45, 0x38, 0x1b, 0x23, 0x5a, 0x17, 0x85
+ 0x65, 0xa1, 0x6c, 0xb7, 0x86, 0x13, 0x35, 0xd5, 0xac, 0xe3, 0xc6, 0x07,
+ 0x18, 0xb5, 0x05, 0x2e, 0x44, 0x66, 0x07, 0x26, 0xda, 0x4c, 0xd1, 0x3b,
+ 0xb7, 0x45, 0x38, 0x1b, 0x23, 0x5a, 0x17, 0x85
};
uint8_t m[57];
uint8_t digest[32];
@@ -226,15 +221,15 @@
return result;
}
-uint32_t test_8(void)
+unsigned int test_8(void)
{
- uint32_t result = TC_PASS;
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #8:\n");
const uint8_t expected[32] = {
- 0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30, 0x27, 0x98, 0xef, 0x6e,
- 0xd3, 0x09, 0x97, 0x9b, 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8,
- 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b
+ 0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30, 0x27, 0x98, 0xef, 0x6e,
+ 0xd3, 0x09, 0x97, 0x9b, 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8,
+ 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b
};
uint8_t m[64];
uint8_t digest[32];
@@ -252,15 +247,14 @@
return result;
}
-uint32_t test_9(void)
+unsigned int test_9(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #9:\n");
const uint8_t expected[32] = {
- 0x54, 0x1b, 0x3e, 0x9d, 0xaa, 0x09, 0xb2, 0x0b, 0xf8, 0x5f, 0xa2, 0x73,
- 0xe5, 0xcb, 0xd3, 0xe8, 0x01, 0x85, 0xaa, 0x4e, 0xc2, 0x98, 0xe7, 0x65,
- 0xdb, 0x87, 0x74, 0x2b, 0x70, 0x13, 0x8a, 0x53
+ 0x54, 0x1b, 0x3e, 0x9d, 0xaa, 0x09, 0xb2, 0x0b, 0xf8, 0x5f, 0xa2, 0x73,
+ 0xe5, 0xcb, 0xd3, 0xe8, 0x01, 0x85, 0xaa, 0x4e, 0xc2, 0x98, 0xe7, 0x65,
+ 0xdb, 0x87, 0x74, 0x2b, 0x70, 0x13, 0x8a, 0x53
};
uint8_t m[1000];
uint8_t digest[32];
@@ -278,15 +272,14 @@
return result;
}
-uint32_t test_10(void)
+unsigned int test_10(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #10:\n");
const uint8_t expected[32] = {
- 0xc2, 0xe6, 0x86, 0x82, 0x34, 0x89, 0xce, 0xd2, 0x01, 0x7f, 0x60, 0x59,
- 0xb8, 0xb2, 0x39, 0x31, 0x8b, 0x63, 0x64, 0xf6, 0xdc, 0xd8, 0x35, 0xd0,
- 0xa5, 0x19, 0x10, 0x5a, 0x1e, 0xad, 0xd6, 0xe4
+ 0xc2, 0xe6, 0x86, 0x82, 0x34, 0x89, 0xce, 0xd2, 0x01, 0x7f, 0x60, 0x59,
+ 0xb8, 0xb2, 0x39, 0x31, 0x8b, 0x63, 0x64, 0xf6, 0xdc, 0xd8, 0x35, 0xd0,
+ 0xa5, 0x19, 0x10, 0x5a, 0x1e, 0xad, 0xd6, 0xe4
};
uint8_t m[1000];
uint8_t digest[32];
@@ -304,15 +297,14 @@
return result;
}
-uint32_t test_11(void)
+unsigned int test_11(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #11:\n");
const uint8_t expected[32] = {
- 0xf4, 0xd6, 0x2d, 0xde, 0xc0, 0xf3, 0xdd, 0x90, 0xea, 0x13, 0x80, 0xfa,
- 0x16, 0xa5, 0xff, 0x8d, 0xc4, 0xc5, 0x4b, 0x21, 0x74, 0x06, 0x50, 0xf2,
- 0x4a, 0xfc, 0x41, 0x20, 0x90, 0x35, 0x52, 0xb0
+ 0xf4, 0xd6, 0x2d, 0xde, 0xc0, 0xf3, 0xdd, 0x90, 0xea, 0x13, 0x80, 0xfa,
+ 0x16, 0xa5, 0xff, 0x8d, 0xc4, 0xc5, 0x4b, 0x21, 0x74, 0x06, 0x50, 0xf2,
+ 0x4a, 0xfc, 0x41, 0x20, 0x90, 0x35, 0x52, 0xb0
};
uint8_t m[1005];
uint8_t digest[32];
@@ -330,20 +322,20 @@
return result;
}
-uint32_t test_12(void)
+unsigned int test_12(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #12:\n");
+
const uint8_t expected[32] = {
- 0xd2, 0x97, 0x51, 0xf2, 0x64, 0x9b, 0x32, 0xff, 0x57, 0x2b, 0x5e, 0x0a,
- 0x9f, 0x54, 0x1e, 0xa6, 0x60, 0xa5, 0x0f, 0x94, 0xff, 0x0b, 0xee, 0xdf,
- 0xb0, 0xb6, 0x92, 0xb9, 0x24, 0xcc, 0x80, 0x25
+ 0xd2, 0x97, 0x51, 0xf2, 0x64, 0x9b, 0x32, 0xff, 0x57, 0x2b, 0x5e, 0x0a,
+ 0x9f, 0x54, 0x1e, 0xa6, 0x60, 0xa5, 0x0f, 0x94, 0xff, 0x0b, 0xee, 0xdf,
+ 0xb0, 0xb6, 0x92, 0xb9, 0x24, 0xcc, 0x80, 0x25
};
uint8_t m[1000];
uint8_t digest[32];
struct tc_sha256_state_struct s;
- uint32_t i;
+ unsigned int i;
(void)memset(m, 0x00, sizeof(m));
@@ -359,20 +351,19 @@
return result;
}
-uint32_t test_13(void)
+unsigned int test_13(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #13:\n");
const uint8_t expected[32] = {
- 0x15, 0xa1, 0x86, 0x8c, 0x12, 0xcc, 0x53, 0x95, 0x1e, 0x18, 0x23, 0x44,
- 0x27, 0x74, 0x47, 0xcd, 0x09, 0x79, 0x53, 0x6b, 0xad, 0xcc, 0x51, 0x2a,
- 0xd2, 0x4c, 0x67, 0xe9, 0xb2, 0xd4, 0xf3, 0xdd
+ 0x15, 0xa1, 0x86, 0x8c, 0x12, 0xcc, 0x53, 0x95, 0x1e, 0x18, 0x23, 0x44,
+ 0x27, 0x74, 0x47, 0xcd, 0x09, 0x79, 0x53, 0x6b, 0xad, 0xcc, 0x51, 0x2a,
+ 0xd2, 0x4c, 0x67, 0xe9, 0xb2, 0xd4, 0xf3, 0xdd
};
uint8_t m[32768];
uint8_t digest[32];
struct tc_sha256_state_struct s;
- uint32_t i;
+ unsigned int i;
(void)memset(m, 0x5a, sizeof(m));
@@ -388,20 +379,19 @@
return result;
}
-uint32_t test_14(void)
+unsigned int test_14(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_PRINT("SHA256 test #14:\n");
const uint8_t expected[32] = {
- 0x46, 0x1c, 0x19, 0xa9, 0x3b, 0xd4, 0x34, 0x4f, 0x92, 0x15, 0xf5, 0xec,
- 0x64, 0x35, 0x70, 0x90, 0x34, 0x2b, 0xc6, 0x6b, 0x15, 0xa1, 0x48, 0x31,
- 0x7d, 0x27, 0x6e, 0x31, 0xcb, 0xc2, 0x0b, 0x53
+ 0x46, 0x1c, 0x19, 0xa9, 0x3b, 0xd4, 0x34, 0x4f, 0x92, 0x15, 0xf5, 0xec,
+ 0x64, 0x35, 0x70, 0x90, 0x34, 0x2b, 0xc6, 0x6b, 0x15, 0xa1, 0x48, 0x31,
+ 0x7d, 0x27, 0x6e, 0x31, 0xcb, 0xc2, 0x0b, 0x53
};
uint8_t m[32768];
uint8_t digest[32];
struct tc_sha256_state_struct s;
- uint32_t i;
+ unsigned int i;
(void)memset(m, 0x00, sizeof(m));
@@ -423,77 +413,91 @@
int main(void)
{
- uint32_t result = TC_PASS;
-
+ unsigned int result = TC_PASS;
TC_START("Performing SHA256 tests (NIST tests vectors):");
result = test_1();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #1 failed.\n");
goto exitTest;
}
result = test_2();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #2 failed.\n");
goto exitTest;
}
result = test_3();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #3 failed.\n");
goto exitTest;
}
result = test_4();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #4 failed.\n");
goto exitTest;
}
result = test_5();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #5 failed.\n");
goto exitTest;
}
result = test_6();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #6 failed.\n");
goto exitTest;
}
result = test_7();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #7 failed.\n");
goto exitTest;
}
result = test_8();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #8 failed.\n");
goto exitTest;
}
result = test_9();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #9 failed.\n");
goto exitTest;
}
result = test_10();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #10 failed.\n");
goto exitTest;
}
result = test_11();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #11 failed.\n");
goto exitTest;
}
result = test_12();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #12 failed.\n");
goto exitTest;
}
+ /* memory and computation intensive test cases: */
result = test_13();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #13 failed.\n");
goto exitTest;
}
result = test_14();
- if (result == TC_FAIL) { /* terminate test */
+ if (result == TC_FAIL) {
+ /* terminate test */
TC_ERROR("SHA256 test #14 failed.\n");
goto exitTest;
}
@@ -504,3 +508,4 @@
TC_END_RESULT(result);
TC_END_REPORT(result);
}
+