From e4f5ccbbdac5b66f83937a7d56a24b1a97cd8e49 Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Tue, 6 Dec 2022 15:07:34 +0900 Subject: [PATCH 1/8] Add benchmarks and memory tracking feature to Signature Examples. Add becnmark and memory tranking to the following program: signature/rsa_vfy_only/verify signature/rsa_buffer/verify signature/ecc-sign-verify/ecc_sign_verify --- embedded/signature/README.md | 87 ++++++ embedded/signature/ecc-sign-verify/Makefile | 66 +++++ embedded/signature/ecc-sign-verify/README.md | 133 ++++++++++ .../ecc-sign-verify/ecc_sign_verify.c | 250 ++++++++++++++++++ .../signature/ecc-sign-verify/user_settings.h | 70 +++++ embedded/signature/rsa_buffer/Makefile | 66 +++++ embedded/signature/rsa_buffer/README.md | 92 +++++++ embedded/signature/rsa_buffer/rsa_priv_2048.h | 151 +++++++++++ embedded/signature/rsa_buffer/rsa_pub_2048.h | 68 +++++ embedded/signature/rsa_buffer/sign.c | 178 +++++++++++++ embedded/signature/rsa_buffer/sign_vfy.sh | 10 + embedded/signature/rsa_buffer/signature.h | 40 +++ embedded/signature/rsa_buffer/user_settings.h | 74 ++++++ embedded/signature/rsa_buffer/verify.c | 166 ++++++++++++ embedded/signature/rsa_vfy_only/Makefile | 65 +++++ embedded/signature/rsa_vfy_only/README.md | 89 +++++++ .../signature/rsa_vfy_only/user_settings.h | 74 ++++++ embedded/signature/rsa_vfy_only/verify.c | 246 +++++++++++++++++ 18 files changed, 1925 insertions(+) create mode 100644 embedded/signature/README.md create mode 100644 embedded/signature/ecc-sign-verify/Makefile create mode 100644 embedded/signature/ecc-sign-verify/README.md create mode 100644 embedded/signature/ecc-sign-verify/ecc_sign_verify.c create mode 100644 embedded/signature/ecc-sign-verify/user_settings.h create mode 100644 embedded/signature/rsa_buffer/Makefile create mode 100644 embedded/signature/rsa_buffer/README.md create mode 100644 embedded/signature/rsa_buffer/rsa_priv_2048.h create mode 100644 embedded/signature/rsa_buffer/rsa_pub_2048.h create mode 100644 embedded/signature/rsa_buffer/sign.c create mode 100755 embedded/signature/rsa_buffer/sign_vfy.sh create mode 100644 embedded/signature/rsa_buffer/signature.h create mode 100644 embedded/signature/rsa_buffer/user_settings.h create mode 100644 embedded/signature/rsa_buffer/verify.c create mode 100644 embedded/signature/rsa_vfy_only/Makefile create mode 100644 embedded/signature/rsa_vfy_only/README.md create mode 100644 embedded/signature/rsa_vfy_only/user_settings.h create mode 100644 embedded/signature/rsa_vfy_only/verify.c diff --git a/embedded/signature/README.md b/embedded/signature/README.md new file mode 100644 index 000000000..028049556 --- /dev/null +++ b/embedded/signature/README.md @@ -0,0 +1,87 @@ +# Signature Examples for Embedded Systems +​ +This directory includes the following examples under the sub-directories.Each has a Makefile and source files to build and execute the example and a README to show how to build and Example output. +​ +|Scheme|Directory|Description| +|---|---|---| +|RSA|rsa_vfy_only |verify signature| +||rsa_buffer|sign/verify signature | +|ECDSA|signature/ecc-sign-verify/ecc_sign_verify.c|sign msg and verify signature| + +You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. + +``` +$ make math= arch= +``` +​ +## Functions + +|Function name|Description| +|---|---| +|Default|Simple Execution| +|mem|Memory Track on heap and stack usage| +|bench|Performance benchmark| + + +## Math library +|math|Description| +|---|---| +|Default|Generic architecture by pure C language source code| +|sp| SP for specified archtecture| +|tfm|TFM for generic architecture| +## MCU Architectures +NOTE: No architecture specification is required when using TFM. +|arch|Description| +|---|---| +|Default|Generic architecture by pure C language source code| +|arm64|SP for ARM64 | +|x64|SP for x86 64bit| + + +The Makefile is self-contained without libwolfssl. Put your wolfSSL source filesin parallel with wolfssl-examples directory. It is defined by WOLFROOT in Makefile.It compiles only needed files for the target. OBJ and OBJ_xxx macro in Makefiledefine object files for the common and specific target. +​ +Example programs are hard coded for a hash algorithm or signature scheme.Sha256 is for the hash by default. PKCS #1 v1.5 or ECDSA for the signature scheme.You can refer to the following API tables for modifying the examples for other algorithms or schemes. +​ +## Table 1: Hash algorithms for PKCS#1 Signature +|Algorithm|Src File|Macro SW
Enable|
Disable|Note| +|---|---|---|---|---| +|MD2|md2.c|WOLFSSL_MD2||Only for v1.5 Backward compatibility| +|MD5|md5.c||NO_MD5|Only for v1.5 Backward compatibility| +|SHA1|sha.c||NO_SHA|||SHA256|sha256.c||NO_SHA256| +||SHA384|sha512.c|WOLFSSL_SHA384||Disabled by default| +|SHA512|sha512.c|WOLFSSL_SHA512||Disabled by default| + + +## Table 2: Hash Algorithm APIs +|Algorithm|
Init|API
Update|
Final| +|---|---|---|---| +|MD2|wc_InitMd2|wc_Md2Update|wc_Md2Final| +|MD5|wc_InitMd5|wc_Md5Update|wc_Md5Final| +|SHA1|wc_InitSha|wc_ShaUpdate|wc_ShaFinal| +|SHA256|wc_InitSha256|wc_Sha256Update|wc_Sha256Final| +|SHA384|wc_initSha384|wc_Sha384Update|wc_Sha384Final| +|SHA512|wc_InitSha512|wc_Sha512Update|wc_Sha512Final| + +​ +## Table 3: RSA Signature APIs +​ +|Padding|API|Description| +|---|---|---| +|PKCS #1 v1.5|wc_RsaSSL_Verify|Decrypt input signature to verify| +||wc_RsaSSL_VerifyInline|The output uses the same byte array as the input| +|PSS|wc_RsaPSS_Verify|Decrypt input signature to verify with PSS| +| |wc_RsaPSS_VerifyCheck|Verify the message signed| +| |wc_RsaPSS_VerifyCheck_ex|with Salt length argument| +| |wc_RsaPSS_VerifyInline|The output uses the same byte array as the input| +| |wc_RsaPSS_VerifyCheckInline|Verify the message signed| +| |wc_RsaPSS_VerifyCheckPadding|Checks the PSS data to ensure that the signature matches| +| |wc_RsaPSS_VerifyCheckPadding_ex|with Salt length argument| + + +## Table 4: ECC Signature APIs +​ +|Algorithm|API|Hash| +|---|---|---| +|ECDSA|wc_ecc_sign_hash|SHA512| +|Ed25519|wc_ed25519_sign_hash|SHA512| +|Ed488|wc_ed488_sign_hash|SHAKE256| diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile new file mode 100644 index 000000000..bf37344da --- /dev/null +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -0,0 +1,66 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + +.PHONY: all clean mem size + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all : ecc_sign_verify bench +mem:CFLAGS+= -DDEBUG_MEMORY +mem: ecc_sign_verify + +ecc_sign_verify: $(OBJ) + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) + +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench ecc_sign_verify.c $(OBJ) + +clean: + rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc-sign-verify/README.md new file mode 100644 index 000000000..6afc7ae22 --- /dev/null +++ b/embedded/signature/ecc-sign-verify/README.md @@ -0,0 +1,133 @@ +# Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using ECC + +First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. +## Building + +### Build example + +``` +make +``` + +## Usage + +``` +./ecc_sign_verify +Key size is 112, byteField = 14, maxSigSz = 44 +Successfully verified signature w/ ecc key size 112! +Key size is 128, byteField = 16, maxSigSz = 48 +Successfully verified signature w/ ecc key size 128! +Key size is 160, byteField = 20, maxSigSz = 56 +Successfully verified signature w/ ecc key size 160! +Key size is 192, byteField = 24, maxSigSz = 64 +Successfully verified signature w/ ecc key size 192! +Key size is 224, byteField = 28, maxSigSz = 72 +Successfully verified signature w/ ecc key size 224! +Key size is 239, byteField = 36, maxSigSz = 88 +Successfully verified signature w/ ecc key size 239! +Key size is 256, byteField = 32, maxSigSz = 80 +Successfully verified signature w/ ecc key size 256! +Key size is 320, byteField = 40, maxSigSz = 96 +Successfully verified signature w/ ecc key size 320! +Key size is 384, byteField = 48, maxSigSz = 112 +Successfully verified signature w/ ecc key size 384! +Key size is 512, byteField = 64, maxSigSz = 144 +Successfully verified signature w/ ecc key size 512! +Key size is 521, byteField = 66, maxSigSz = 148 +Successfully verified signature w/ ecc key size 521! +``` + +NOTE: Also an option to dump out the signatures. For more verbose output + uncomment define in example "SHOW_SIGS_IN_EXAMPLE" + + + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. + +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running ECC Sign Verify Benchmarks... +ECC Key Size 112 1275.78 Cycles/sec +ECC Key Size 128 1351.68 Cycles/sec +ECC Key Size 160 1368.65 Cycles/sec +ECC Key Size 192 1382.20 Cycles/sec +ECC Key Size 224 1385.06 Cycles/sec +ECC Key Size 239 1401.38 Cycles/sec +ECC Key Size 256 12830.67 Cycles/sec +ECC Key Size 320 626.52 Cycles/sec +ECC Key Size 384 634.85 Cycles/sec +ECC Key Size 512 279.71 Cycles/sec +ECC Key Size 521 279.15 Cycles/sec +``` + +# Tracking memory +To see a stack and heap memory usage. + +``` +make mem +``` +## Example Output +``` +./ecc_sign_verify +Key size is 112, byteField = 14 +Successfully verified signature w/ ecc key size 112! +Key size is 128, byteField = 16 +Successfully verified signature w/ ecc key size 128! +Key size is 160, byteField = 20 +Successfully verified signature w/ ecc key size 160! +Key size is 192, byteField = 24 +Successfully verified signature w/ ecc key size 192! +Key size is 224, byteField = 28 +Successfully verified signature w/ ecc key size 224! +Key size is 239, byteField = 30 +Successfully verified signature w/ ecc key size 239! +Key size is 256, byteField = 32 +Successfully verified signature w/ ecc key size 256! +Key size is 320, byteField = 40 +Successfully verified signature w/ ecc key size 320! +Key size is 384, byteField = 48 +Successfully verified signature w/ ecc key size 384! +Key size is 512, byteField = 64 +Successfully verified signature w/ ecc key size 512! +Key size is 521, byteField = 66 +Successfully verified signature w/ ecc key size 521! + +total Allocs = 522 +total Deallocs = 522 +total Bytes = 225047 +peak Bytes = 5161 +current Bytes = 0 +stack used = 16752 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c new file mode 100644 index 000000000..79773bf1d --- /dev/null +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -0,0 +1,250 @@ +/* ecc_sign_verify.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + + + +/* uncomment to show signatures */ +/* #define SHOW_SIGS_IN_EXAMPLE */ + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 +#define BENCH_TIME_SEC 1 +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + +#ifdef SHOW_SIGS_IN_EXAMPLE + static void hexdump(const void *buffer, word32 len, byte cols); +#endif + +// int ret; +double start_time, total_time; + + +int ecc_sign_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + int count; // for the benchmark + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; +#ifndef BENCHMARK + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); +#endif + sig = (byte*) XMALLOC(maxSigSz * sizeof(byte), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (sig == NULL) { + printf("Failed to allocate sig buff\n"); + return -1001; + } + + wolfCrypt_Init(); + + + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + + ret = wc_ecc_make_key(&rng, byteField, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); + +#ifdef BENCHMARK + count = 0; + start_time = current_time(1); + + while( BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ +#endif + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + ret = wc_ecc_make_key(&rng, byteField, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); + // printf("%s\n",hash); + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &maxSigSz, &rng, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_sign_hash()"); + + #ifdef SHOW_SIGS_IN_EXAMPLE + hexdump(sig, maxSigSz, 16); + #endif + + + ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, + &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + maxSigSz = ECC_MAX_SIG_SIZE; +#ifdef BENCHMARK + count++; + } + + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); + +#else + +printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#endif + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#ifdef SHOW_SIGS_IN_EXAMPLE +static void hexdump(const void *buffer, word32 len, byte cols) +{ + word32 i; + + for (i = 0; i < len + ((len % cols) ? (cols - len % cols) : 0); i++) { + /* print hex data */ + if (i < len) + printf("%02X ", ((byte*)buffer)[i] & 0xFF); + + if (i % cols == (cols - 1)) + printf("\n"); + } +} +#endif + + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_ECC) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_ECC \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); + printf("Running ECC Sign Verify Benchmarks...\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_sign_verify); +#else + return ecc_sign_verify(); +#endif +} diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h new file mode 100644 index 000000000..b063470a6 --- /dev/null +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -0,0 +1,70 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + // #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile new file mode 100644 index 000000000..e838a42c5 --- /dev/null +++ b/embedded/signature/rsa_buffer/Makefile @@ -0,0 +1,66 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean mem size + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all: verify sign bench + +mem:CFLAGS+= -DDEBUG_MEMORY +mem: verify sign + +verify: $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) +sign: $(OBJ) + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) +clean: + rm -f verify sign bench $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) diff --git a/embedded/signature/rsa_buffer/README.md b/embedded/signature/rsa_buffer/README.md new file mode 100644 index 000000000..7f1900042 --- /dev/null +++ b/embedded/signature/rsa_buffer/README.md @@ -0,0 +1,92 @@ +# RSA Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +``` +./sign +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 236782 times, 78927.31 Cycles/sec +Finished Benchmark +``` + + +built with the option `math=tfm` +``` +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76860 times, 25619.98 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 13528 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_buffer/rsa_priv_2048.h b/embedded/signature/rsa_buffer/rsa_priv_2048.h new file mode 100644 index 000000000..8c4242271 --- /dev/null +++ b/embedded/signature/rsa_buffer/rsa_priv_2048.h @@ -0,0 +1,151 @@ +/* rsa_priv_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit private key. + * It is the private counterpart to "rsa_pub_2048.h" + */ + +/* RSA private key to sign with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char private_key_2048[] = { + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + diff --git a/embedded/signature/rsa_buffer/rsa_pub_2048.h b/embedded/signature/rsa_buffer/rsa_pub_2048.h new file mode 100644 index 000000000..0d5a3b672 --- /dev/null +++ b/embedded/signature/rsa_buffer/rsa_pub_2048.h @@ -0,0 +1,68 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit public key. + * It is the public counterpart to "rsa_priv_2048.h" + */ + +/* RSA public key to verify with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char public_key_2048[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, + 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, + 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, + 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, + 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, + 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, + 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, + 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, + 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, + 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, + 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, + 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, + 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, + 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, + 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, + 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, + 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, + 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, + 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, + 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, + 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, + 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, + 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, + 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + diff --git a/embedded/signature/rsa_buffer/sign.c b/embedded/signature/rsa_buffer/sign.c new file mode 100644 index 000000000..847f6db78 --- /dev/null +++ b/embedded/signature/rsa_buffer/sign.c @@ -0,0 +1,178 @@ +/* sign.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file shows how to sign a message with an RSA private key. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * The output of this program can be used with "verify.c". + */ + +// #include +#include "user_settings.h" +#include + +#include +#include +#include +#include + +#include "rsa_priv_2048.h" + + +/* Signature size is the length of the modulus of the RSA key */ +#define SIG_SZ (2048 / 8) +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Print out the buffer in C code. + * + * name [in] Name of the variable. + * data [in] Data to print out. + * len [in] Length of the data. + */ +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + +/* Main entry point. + * Signs the message passed in as the first command line argument. + * + * argc [in] Count of command line arguments. + * argv [in] Command line argument vector. + * Returns 0 on success and 1 otherwise. + */ +int main(int argc, char* argv[]) +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; +#ifdef WC_RSA_BLINDING + WC_RNG rng; + WC_RNG* pRng = NULL; +#endif + word32 idx; + unsigned char* msg; + word32 msgLen; + unsigned char signature[SIG_SZ]; + word32 sigLen; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen; + + /* Get the message to sign from the command line */ + if (argc != 2) { + fprintf(stderr, "Message to sign required\n"); + ret = -1; + } + else { + msg = (unsigned char*)argv[1]; + msgLen = strlen(argv[1]); + } + + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, msgLen); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize RSA key and random (if required) */ + if (ret == 0) { + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) + pRsaKey = &rsaKey; + } +#ifdef WC_RSA_BLINDING + if (ret == 0) + ret = wc_InitRng(&rng); +#endif + /* Load DER encoded RSA private key from buffer */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + pRng = &rng; +#endif + idx = 0; + ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, + sizeof(private_key_2048)); + } + + /* Sign encoded digest */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, pRng); +#else + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, NULL); +#endif + if (ret >= 0) { + sigLen = ret; + ret = 0; + } + } + + if (ret == 0) { + /* Display message as a buffer */ + print_buffer("msg", msg, msgLen); + printf("\n"); + /* Display binary signature as a buffer */ + print_buffer("rsa_sig_2048", signature, sigLen); + } + + /* Free data structures */ +#ifdef WC_RSA_BLINDING + if (pRng != NULL) + wc_FreeRng(pRng); +#endif + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + + return ret == 0 ? 0 : 1; +} + diff --git a/embedded/signature/rsa_buffer/sign_vfy.sh b/embedded/signature/rsa_buffer/sign_vfy.sh new file mode 100755 index 000000000..0ad83d54c --- /dev/null +++ b/embedded/signature/rsa_buffer/sign_vfy.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +make clean + +make sign +./sign "This is the message" > signature.h +make verify +./verify + + diff --git a/embedded/signature/rsa_buffer/signature.h b/embedded/signature/rsa_buffer/signature.h new file mode 100644 index 000000000..e0b34c8c9 --- /dev/null +++ b/embedded/signature/rsa_buffer/signature.h @@ -0,0 +1,40 @@ +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h new file mode 100644 index 000000000..b9fc3348a --- /dev/null +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -0,0 +1,74 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + + + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c new file mode 100644 index 000000000..5c1129526 --- /dev/null +++ b/embedded/signature/rsa_buffer/verify.c @@ -0,0 +1,166 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of verifying an RSA signature. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * "signature.h", used by this program, can be generated using "sign.c". + */ + +#include +#include "user_settings.h" +#include +#include +#include +#include +#include + +#include "rsa_pub_2048.h" +#include "signature.h" +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + word32 idx; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen = 0; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + + double start, total_time; + #define BENCH_TIME_SEC 3 + int count; + +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + idx = 0; + ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, + sizeof(public_key_2048)); + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0);// 1 0 + while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified\n"); +#endif + +finish: + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK*/ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + + return verify(); +#endif +} diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile new file mode 100644 index 000000000..30fe0524e --- /dev/null +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -0,0 +1,65 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean mem size + + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all: verify bench + +mem:CFLAGS+= -DDEBUG_MEMORY +mem: verify + +verify: $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) +clean: + rm -f verify bench $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) diff --git a/embedded/signature/rsa_vfy_only/README.md b/embedded/signature/rsa_vfy_only/README.md new file mode 100644 index 000000000..6b8a303c9 --- /dev/null +++ b/embedded/signature/rsa_vfy_only/README.md @@ -0,0 +1,89 @@ +# RSA Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 237053 times, 79017.45 Cycles/sec +Finished Benchmark +``` + + +built with the option `math=tfm` +``` +./bench +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76438 times, 25479.23 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 11384 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_vfy_only/user_settings.h b/embedded/signature/rsa_vfy_only/user_settings.h new file mode 100644 index 000000000..b65f9b16b --- /dev/null +++ b/embedded/signature/rsa_vfy_only/user_settings.h @@ -0,0 +1,74 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + + + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif /*SP_FLAG*/ + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c new file mode 100644 index 000000000..736e04409 --- /dev/null +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -0,0 +1,246 @@ +/* verify.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include + +/* RSA public key to verify with. */ +static const unsigned char public_key_2048_n[] = { + 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, + 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, + 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, + 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, + 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, + 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, + 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, + 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, + 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, + 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, + 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, + 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, + 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, +}; + +static const unsigned long public_key_2048_e = 0x010001; + +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; + +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + + +/* ASN.1 encoding of digest algorithm before hash */ +#define ENC_ALG_SZ 19 + +/* verify entry point. + * + * Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + unsigned char encSig[ENC_ALG_SZ + WC_SHA256_DIGEST_SIZE] = { + 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, 0x00, + }; + + double start, total_time; + #define BENCH_TIME_SEC 3 + int count; + +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, encSig + ENC_ALG_SZ); + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + ret = mp_read_unsigned_bin(&rsaKey.n, public_key_2048_n, + sizeof(public_key_2048_n)); + } + if (ret == 0) + ret = mp_set_int(&rsaKey.e, public_key_2048_e); +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0);// 1 0 + while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + if (ret != 0 ) printf("Invalid signature in benchmark\n"); +#endif + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + + + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && decSigLen != sizeof(encSig)) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, decSigLen) != 0) + ret = -1; + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified\n"); +#endif + + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret == 0 ? 0 : 1; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK*/ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + return verify(); +#endif +} From da617f209c9f13fe96164494820e6ec94021816b Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Wed, 14 Dec 2022 07:33:43 +0900 Subject: [PATCH 2/8] Moved files in the embedded directory to the embedded/tls directory --- embedded/{ => tls}/Makefile | 0 embedded/{ => tls}/README.md | 0 embedded/{ => tls}/certs.h | 0 embedded/{ => tls}/sockets.h | 0 embedded/{ => tls}/threading.h | 0 embedded/{ => tls}/tls-client-server.c | 0 embedded/{ => tls}/tls-info.h | 0 embedded/{ => tls}/tls-server-size.c | 0 embedded/{ => tls}/tls-sock-client-ca.c | 0 embedded/{ => tls}/tls-sock-client.c | 0 embedded/{ => tls}/tls-sock-server-ca.c | 0 embedded/{ => tls}/tls-sock-server.c | 0 embedded/{ => tls}/tls-sock-threaded.c | 0 embedded/{ => tls}/tls-threaded.c | 0 14 files changed, 0 insertions(+), 0 deletions(-) rename embedded/{ => tls}/Makefile (100%) rename embedded/{ => tls}/README.md (100%) rename embedded/{ => tls}/certs.h (100%) rename embedded/{ => tls}/sockets.h (100%) rename embedded/{ => tls}/threading.h (100%) rename embedded/{ => tls}/tls-client-server.c (100%) rename embedded/{ => tls}/tls-info.h (100%) rename embedded/{ => tls}/tls-server-size.c (100%) rename embedded/{ => tls}/tls-sock-client-ca.c (100%) rename embedded/{ => tls}/tls-sock-client.c (100%) rename embedded/{ => tls}/tls-sock-server-ca.c (100%) rename embedded/{ => tls}/tls-sock-server.c (100%) rename embedded/{ => tls}/tls-sock-threaded.c (100%) rename embedded/{ => tls}/tls-threaded.c (100%) diff --git a/embedded/Makefile b/embedded/tls/Makefile similarity index 100% rename from embedded/Makefile rename to embedded/tls/Makefile diff --git a/embedded/README.md b/embedded/tls/README.md similarity index 100% rename from embedded/README.md rename to embedded/tls/README.md diff --git a/embedded/certs.h b/embedded/tls/certs.h similarity index 100% rename from embedded/certs.h rename to embedded/tls/certs.h diff --git a/embedded/sockets.h b/embedded/tls/sockets.h similarity index 100% rename from embedded/sockets.h rename to embedded/tls/sockets.h diff --git a/embedded/threading.h b/embedded/tls/threading.h similarity index 100% rename from embedded/threading.h rename to embedded/tls/threading.h diff --git a/embedded/tls-client-server.c b/embedded/tls/tls-client-server.c similarity index 100% rename from embedded/tls-client-server.c rename to embedded/tls/tls-client-server.c diff --git a/embedded/tls-info.h b/embedded/tls/tls-info.h similarity index 100% rename from embedded/tls-info.h rename to embedded/tls/tls-info.h diff --git a/embedded/tls-server-size.c b/embedded/tls/tls-server-size.c similarity index 100% rename from embedded/tls-server-size.c rename to embedded/tls/tls-server-size.c diff --git a/embedded/tls-sock-client-ca.c b/embedded/tls/tls-sock-client-ca.c similarity index 100% rename from embedded/tls-sock-client-ca.c rename to embedded/tls/tls-sock-client-ca.c diff --git a/embedded/tls-sock-client.c b/embedded/tls/tls-sock-client.c similarity index 100% rename from embedded/tls-sock-client.c rename to embedded/tls/tls-sock-client.c diff --git a/embedded/tls-sock-server-ca.c b/embedded/tls/tls-sock-server-ca.c similarity index 100% rename from embedded/tls-sock-server-ca.c rename to embedded/tls/tls-sock-server-ca.c diff --git a/embedded/tls-sock-server.c b/embedded/tls/tls-sock-server.c similarity index 100% rename from embedded/tls-sock-server.c rename to embedded/tls/tls-sock-server.c diff --git a/embedded/tls-sock-threaded.c b/embedded/tls/tls-sock-threaded.c similarity index 100% rename from embedded/tls-sock-threaded.c rename to embedded/tls/tls-sock-threaded.c diff --git a/embedded/tls-threaded.c b/embedded/tls/tls-threaded.c similarity index 100% rename from embedded/tls-threaded.c rename to embedded/tls/tls-threaded.c From 2666ae8185199e5d452ada53b2583069c3acd110 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 15 Dec 2022 18:54:30 +0900 Subject: [PATCH 3/8] fix SP_C64/C32 option (#2) --- embedded/signature/ecc-sign-verify/Makefile | 14 ++++++++++++-- .../signature/ecc-sign-verify/user_settings.h | 17 ++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index bf37344da..ce6afe9d7 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -19,6 +19,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -41,12 +45,18 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +OBJ += $(OBJ_SP_C64) endif all : ecc_sign_verify bench @@ -63,4 +73,4 @@ clean: rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) ecc_sign_verify diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h index b063470a6..d563e4af7 100644 --- a/embedded/signature/ecc-sign-verify/user_settings.h +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -37,10 +37,25 @@ #ifdef SP_FLAG #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_MATH #undef USE_FAST_MATH #endif +#if defined(SP_C32_FLAG) +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_MATH_ALL +#undef USE_FAST_MATH +#endif + +#if defined(SP_C64_FLAG) +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_MATH_ALL +#define SP_WORD_SIZE 64 +#undef USE_FAST_MATH +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_ECC #define WOLFSSL_SP_MATH_ALL From b5225aafd00ecb07e9685e68b2307344d6965836 Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Fri, 16 Dec 2022 16:28:07 +0900 Subject: [PATCH 4/8] Fixed for sp_c64.c to be available. --- embedded/signature/README.md | 6 ++-- embedded/signature/ecc-sign-verify/Makefile | 18 +++++------ embedded/signature/ecc-sign-verify/README.md | 12 +++---- .../ecc-sign-verify/ecc_sign_verify.c | 18 +++++------ .../signature/ecc-sign-verify/user_settings.h | 30 ++++++++---------- embedded/signature/rsa_buffer/Makefile | 31 ++++++++++++------- embedded/signature/rsa_buffer/README.md | 11 ++++--- embedded/signature/rsa_buffer/user_settings.h | 17 +++++----- embedded/signature/rsa_buffer/verify.c | 18 ++++++----- embedded/signature/rsa_vfy_only/Makefile | 31 ++++++++++++------- embedded/signature/rsa_vfy_only/README.md | 16 +++++----- .../signature/rsa_vfy_only/user_settings.h | 18 ++++++----- embedded/signature/rsa_vfy_only/verify.c | 16 ++++++---- 13 files changed, 135 insertions(+), 107 deletions(-) diff --git a/embedded/signature/README.md b/embedded/signature/README.md index 028049556..9a2646330 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -6,7 +6,7 @@ This directory includes the following examples under the sub-directories.Each ha |---|---|---| |RSA|rsa_vfy_only |verify signature| ||rsa_buffer|sign/verify signature | -|ECDSA|signature/ecc-sign-verify/ecc_sign_verify.c|sign msg and verify signature| +|ECDSA|signature/ecc-sign-verify/|sign msg and verify signature| You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. @@ -27,13 +27,15 @@ $ make math= arch= |math|Description| |---|---| |Default|Generic architecture by pure C language source code| -|sp| SP for specified archtecture| +|sp| SP for generic or specified archtecture| |tfm|TFM for generic architecture| ## MCU Architectures NOTE: No architecture specification is required when using TFM. |arch|Description| |---|---| |Default|Generic architecture by pure C language source code| +|c32| SP using 32-bit data type | +|c64| SP using 64-bit data type (default) | |arm64|SP for ARM64 | |x64|SP for x86 64bit| diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index ce6afe9d7..f01218112 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ=\ @@ -14,7 +14,6 @@ OBJ=\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ - OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ @@ -27,7 +26,6 @@ OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ - OBJ_SP_X86_64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/cpuid.o\ @@ -37,7 +35,7 @@ OBJ_SP_X86_64 := \ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean mem size bench ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG @@ -55,22 +53,22 @@ else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG +CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif -all : ecc_sign_verify bench -mem:CFLAGS+= -DDEBUG_MEMORY -mem: ecc_sign_verify +all : ecc_sign_verify bench mem ecc_sign_verify: $(OBJ) $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench ecc_sign_verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) clean: - rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f ecc_sign_verify ecc_sign_verify_bench ecc_sign_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : size $(OBJ) ecc_sign_verify diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc-sign-verify/README.md index 6afc7ae22..53382982b 100644 --- a/embedded/signature/ecc-sign-verify/README.md +++ b/embedded/signature/ecc-sign-verify/README.md @@ -67,9 +67,9 @@ make bench math=tfm NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./ecc_sign_verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -95,7 +95,7 @@ make mem ``` ## Example Output ``` -./ecc_sign_verify +./ecc_sign_verify_mem Key size is 112, byteField = 14 Successfully verified signature w/ ecc key size 112! Key size is 128, byteField = 16 @@ -121,10 +121,10 @@ Successfully verified signature w/ ecc key size 521! total Allocs = 522 total Deallocs = 522 -total Bytes = 225047 -peak Bytes = 5161 +total Bytes = 243047 +peak Bytes = 5557 current Bytes = 0 -stack used = 16752 +stack used = 14448 ``` diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c index 79773bf1d..e95087cdc 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -20,8 +20,7 @@ */ #include -#include - +#include #include #include #include @@ -71,6 +70,7 @@ int ecc_sign_verify(void) { int ret = 0; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif ret = do_sig_ver_test(ECC_KEY_SIZE_112); @@ -102,6 +102,7 @@ int ecc_sign_verify(void) printf("\n"); ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret; } @@ -149,8 +150,6 @@ int do_sig_ver_test(int eccKeySz) printf("Failed to allocate sig buff\n"); return -1001; } - - wolfCrypt_Init(); @@ -205,7 +204,6 @@ printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); wc_ecc_free(&key); sig_done: XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } @@ -229,12 +227,14 @@ static void hexdump(const void *buffer, word32 len, byte cols) int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_ECC) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_ECC \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h index d563e4af7..4264f7597 100644 --- a/embedded/signature/ecc-sign-verify/user_settings.h +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -28,32 +28,28 @@ #ifdef DEBUG_MEMORY - // #define WOLFSSL_TRACK_MEMORY + #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE - #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK #endif -#ifdef SP_FLAG + +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 #undef USE_FAST_MATH #endif -#if defined(SP_C32_FLAG) -#define WOLFSSL_HAVE_SP_ECC -#define WOLFSSL_SP_MATH -#define WOLFSSL_SP_MATH_ALL -#undef USE_FAST_MATH -#endif - -#if defined(SP_C64_FLAG) -#define WOLFSSL_HAVE_SP_ECC -#define WOLFSSL_SP_MATH -#define WOLFSSL_SP_MATH_ALL -#define SP_WORD_SIZE 64 -#undef USE_FAST_MATH +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH #endif #ifdef SP_ARM64_FLAG diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index e838a42c5..0dfe42678 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ = \ @@ -17,6 +17,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -33,7 +37,7 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean size mem bench ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG @@ -41,26 +45,31 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) endif -all: verify sign bench - -mem:CFLAGS+= -DDEBUG_MEMORY -mem: verify sign +all: verify sign bench mem verify: $(OBJ) $(CC) $(CFLAGS) -o verify verify.c $(OBJ) sign: $(OBJ) $(CC) $(CFLAGS) -o sign sign.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) clean: - rm -f verify sign bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f sign verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) sign verify diff --git a/embedded/signature/rsa_buffer/README.md b/embedded/signature/rsa_buffer/README.md index 7f1900042..c4523ccc9 100644 --- a/embedded/signature/rsa_buffer/README.md +++ b/embedded/signature/rsa_buffer/README.md @@ -43,9 +43,9 @@ make bench math=tfm ``` NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -56,8 +56,9 @@ Finished Benchmark ``` -built with the option `math=tfm` +- built with the option `math=tfm` ``` +./verify_bench --------------------------------------------------------------- Enabled TFM --------------------------------------------------------------- @@ -75,14 +76,14 @@ make mem ``` ## Example Output ``` -./verify +./verify_mem Verified total Allocs = 0 total Deallocs = 0 total Bytes = 0 peak Bytes = 0 current Bytes = 0 -stack used = 13528 +stack used = 12392 ``` diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h index b9fc3348a..cb94fedfa 100644 --- a/embedded/signature/rsa_buffer/user_settings.h +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -25,9 +25,6 @@ #define WOLFSSL_NO_ASN_STRICT - - - #ifdef DEBUG_MEMORY #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE @@ -36,16 +33,23 @@ #endif -#ifdef SP_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ +#ifdef SP_C32_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #undef USE_FAST_MATH #endif +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_ARM64 #define WOLFSSL_SP_ARM64_ASM @@ -54,7 +58,6 @@ #ifdef SP_X86_64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_X86_64 #define WOLFSSL_SP_X86_64_ASM diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index 5c1129526..c2b42c76d 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -25,8 +25,7 @@ * "signature.h", used by this program, can be generated using "sign.c". */ -#include -#include "user_settings.h" +#include #include #include #include @@ -62,6 +61,7 @@ int verify() int count; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif /* Calculate SHA-256 digest of message */ @@ -137,6 +137,7 @@ int verify() #ifdef DEBUG_MEMORY ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret; } @@ -144,23 +145,24 @@ int verify() int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK*/ +#endif /* BENCHMARK */ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); #else - return verify(); #endif } diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index 30fe0524e..1e14142f9 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ = \ @@ -17,6 +17,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -33,7 +37,7 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean size bench mem ifeq ($(math) $(arch),sp x64) @@ -42,24 +46,29 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) endif -all: verify bench - -mem:CFLAGS+= -DDEBUG_MEMORY -mem: verify +all: verify bench mem verify: $(OBJ) $(CC) $(CFLAGS) -o verify verify.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) clean: - rm -f verify bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) verify diff --git a/embedded/signature/rsa_vfy_only/README.md b/embedded/signature/rsa_vfy_only/README.md index 6b8a303c9..b86914649 100644 --- a/embedded/signature/rsa_vfy_only/README.md +++ b/embedded/signature/rsa_vfy_only/README.md @@ -2,14 +2,14 @@ Demonstrates using a hash digest to sign and verify a signature using RSA -First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. +First, set the path to wolfssl directory to the WOLFROOT in the Makefile. ## Building ### Build example ``` -make +make ``` ### Usage @@ -39,9 +39,9 @@ make bench math=tfm ``` NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -52,9 +52,9 @@ Finished Benchmark ``` -built with the option `math=tfm` +- built with the option `math=tfm` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled TFM --------------------------------------------------------------- @@ -72,14 +72,14 @@ make mem ``` ## Example Output ``` -./verify +./verify_mem Verified total Allocs = 0 total Deallocs = 0 total Bytes = 0 peak Bytes = 0 current Bytes = 0 -stack used = 11384 +stack used = 12344 ``` diff --git a/embedded/signature/rsa_vfy_only/user_settings.h b/embedded/signature/rsa_vfy_only/user_settings.h index b65f9b16b..ca802043f 100644 --- a/embedded/signature/rsa_vfy_only/user_settings.h +++ b/embedded/signature/rsa_vfy_only/user_settings.h @@ -25,9 +25,6 @@ #define WOLFSSL_NO_ASN_STRICT - - - #ifdef DEBUG_MEMORY #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE @@ -36,16 +33,24 @@ #endif -#ifdef SP_FLAG +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 #undef USE_FAST_MATH #endif /*SP_FLAG*/ +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_ARM64 #define WOLFSSL_SP_ARM64_ASM @@ -54,7 +59,6 @@ #ifdef SP_X86_64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_X86_64 #define WOLFSSL_SP_X86_64_ASM diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index 736e04409..77491cb4a 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -20,7 +20,7 @@ */ #include -#include +#include #include #include #include @@ -152,6 +152,7 @@ int verify() int count; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif /* Calculate SHA-256 digest of message */ @@ -218,6 +219,7 @@ int verify() #ifdef DEBUG_MEMORY ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret == 0 ? 0 : 1; } @@ -225,17 +227,19 @@ int verify() int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK*/ +#endif /* BENCHMARK */ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); From 17c96d1ea0c49724771f057b755ac493cbe4a3ae Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Thu, 19 Jan 2023 09:41:00 +0900 Subject: [PATCH 5/8] Modified Makefile and benchmark variables -modified Makefile to execute clean target before building. -modified Makefile to add CFLAGS for sp_x86_64. -fixed BENCH_TIME_SEC possible to be defined by compiler flags. -add -lpthread to be given to compiler. --- embedded/signature/ecc-sign-verify/Makefile | 13 +++++++------ .../ecc-sign-verify/ecc_sign_verify.c | 15 ++++++++------- embedded/signature/rsa_buffer/Makefile | 19 ++++++++++--------- embedded/signature/rsa_buffer/verify.c | 5 ++++- embedded/signature/rsa_vfy_only/Makefile | 13 +++++++------ embedded/signature/rsa_vfy_only/verify.c | 5 ++++- 6 files changed, 40 insertions(+), 30 deletions(-) diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index f01218112..9b9925e1d 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -39,6 +39,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -59,14 +60,14 @@ endif all : ecc_sign_verify bench mem -ecc_sign_verify: $(OBJ) - $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) +ecc_sign_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) -lpthread -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) -lpthread clean: rm -f ecc_sign_verify ecc_sign_verify_bench ecc_sign_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c index e95087cdc..989fd533b 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -47,7 +47,6 @@ #define ECC_KEY_SIZE_512 512 #define ECC_KEY_SIZE_521 521 #define BYTE_SZ 8 -#define BENCH_TIME_SEC 1 #define CHECK_RET(a, b, eLabel, msg) { \ if (a != b) { \ printf("failed %s\n", msg); \ @@ -62,10 +61,6 @@ int do_sig_ver_test(int eccKeySz); static void hexdump(const void *buffer, word32 len, byte cols); #endif -// int ret; -double start_time, total_time; - - int ecc_sign_verify(void) { int ret = 0; @@ -121,7 +116,13 @@ int do_sig_ver_test(int eccKeySz) byte* sig = NULL; // get rid of this magic number WC_RNG rng; int verified = 0; - int count; // for the benchmark + +/* Variables for Benchmark */ +double start_time, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 1 +#endif + int count; /* @@ -164,7 +165,7 @@ int do_sig_ver_test(int eccKeySz) count = 0; start_time = current_time(1); - while( BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ #endif ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index 0dfe42678..09825debc 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,5 +1,5 @@ WOLFROOT = ../../../../wolfssl - +# EX_CFLAGS CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) @@ -41,6 +41,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -61,14 +62,14 @@ endif all: verify sign bench mem -verify: $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -sign: $(OBJ) - $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) +verify: clean $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread +sign: clean $(OBJ) + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -lpthread +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) -lpthread clean: rm -f sign verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index c2b42c76d..b2e75655a 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -56,8 +56,11 @@ int verify() unsigned char decSig[sizeof(rsa_sig_2048)]; word32 decSigLen = 0; +/* Variables for benchmark */ double start, total_time; +#ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 +#endif int count; #ifdef DEBUG_MEMORY @@ -97,7 +100,7 @@ int verify() printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0);// 1 0 - while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ #endif /* Verify the signature by decrypting the value. */ if (ret == 0) { diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index 1e14142f9..ae67065ed 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -42,6 +42,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -62,12 +63,12 @@ endif all: verify bench mem -verify: $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) +verify: clean $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) -lpthread clean: rm -f verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index 77491cb4a..bbab06bf7 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -147,8 +147,11 @@ int verify() 0x00, 0x04, 0x20, 0x00, }; +/* Variables for a benchmark*/ double start, total_time; +#ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 +#endif int count; #ifdef DEBUG_MEMORY @@ -181,7 +184,7 @@ int verify() printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0);// 1 0 - while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ if (ret != 0 ) printf("Invalid signature in benchmark\n"); #endif /* Verify the signature by decrypting the value. */ From 9fe5434badbfd3cb11c1a5c3c905e9b311822a06 Mon Sep 17 00:00:00 2001 From: Shingo Morimoto <105830364+Gonsix@users.noreply.github.com> Date: Fri, 24 Feb 2023 09:14:16 +0900 Subject: [PATCH 6/8] Add Non-blocking mode (#3) * Add non-blocking mode for ECC Signature Example * Add non-blocking mode for RSA with TFM * Add ecc_vfy_only and ecc_vfy_only_nonblock - Add ecc_vfy_only to separate the function Verifying only from the ecc_sign_verify that signing and verifying the signatures. - Rename rsa_buffer to rsa_sign_verify - Add rsa_vfy_only_nonblock * Revise the README --------- Co-authored-by: Shingo Morimoto --- embedded/signature/README.md | 11 +- .../Makefile | 3 +- .../README.md | 6 +- .../ecc_sign_verify.c | 14 +- .../user_settings.h | 0 embedded/signature/ecc_vfy_only/Makefile | 77 +++++ embedded/signature/ecc_vfy_only/ecc_pubKey.h | 150 +++++++++ embedded/signature/ecc_vfy_only/ecc_verify.c | 258 ++++++++++++++++ embedded/signature/ecc_vfy_only/signature.h | 178 +++++++++++ .../signature/ecc_vfy_only/user_settings.h | 83 +++++ .../signature/ecc_vfy_only_nonblock/Makefile | 77 +++++ .../ecc_vfy_only_nonblock/ecc_pubKey.h | 150 +++++++++ .../ecc_verify_nonblock.c | 274 +++++++++++++++++ .../ecc_vfy_only_nonblock/signature.h | 178 +++++++++++ .../ecc_vfy_only_nonblock/user_settings.h | 91 ++++++ embedded/signature/rsa_buffer/Makefile | 6 +- embedded/signature/rsa_buffer/rsa_priv_2048.h | 2 +- embedded/signature/rsa_buffer/rsa_pub_2048.h | 2 +- embedded/signature/rsa_buffer/sign.c | 2 +- embedded/signature/rsa_buffer/user_settings.h | 2 + embedded/signature/rsa_buffer/verify.c | 16 +- embedded/signature/rsa_sign_verify/Makefile | 79 +++++ embedded/signature/rsa_sign_verify/README.md | 106 +++++++ .../signature/rsa_sign_verify/rsa_priv_2048.h | 151 +++++++++ .../signature/rsa_sign_verify/rsa_pub_2048.h | 68 +++++ .../rsa_sign_verify/rsa_sign_verify.c | 287 ++++++++++++++++++ .../rsa_sign_verify_nonblock.c | 286 +++++++++++++++++ embedded/signature/rsa_sign_verify/sign.c | 178 +++++++++++ .../signature/rsa_sign_verify/sign_vfy.sh | 10 + .../signature/rsa_sign_verify/signature.h | 40 +++ .../signature/rsa_sign_verify/user_settings.h | 93 ++++++ embedded/signature/rsa_sign_verify/verify.c | 179 +++++++++++ embedded/signature/rsa_vfy_only/Makefile | 3 +- embedded/signature/rsa_vfy_only/verify.c | 2 +- .../signature/rsa_vfy_only_nonblock/Makefile | 58 ++++ .../rsa_vfy_only_nonblock/user_settings.h | 87 ++++++ .../rsa_vfy_only_nonblock/verify_nonblock.c | 257 ++++++++++++++++ 37 files changed, 3437 insertions(+), 27 deletions(-) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/Makefile (93%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/README.md (97%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/ecc_sign_verify.c (96%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/user_settings.h (100%) create mode 100644 embedded/signature/ecc_vfy_only/Makefile create mode 100644 embedded/signature/ecc_vfy_only/ecc_pubKey.h create mode 100644 embedded/signature/ecc_vfy_only/ecc_verify.c create mode 100644 embedded/signature/ecc_vfy_only/signature.h create mode 100644 embedded/signature/ecc_vfy_only/user_settings.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/Makefile create mode 100644 embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c create mode 100644 embedded/signature/ecc_vfy_only_nonblock/signature.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/user_settings.h create mode 100644 embedded/signature/rsa_sign_verify/Makefile create mode 100644 embedded/signature/rsa_sign_verify/README.md create mode 100644 embedded/signature/rsa_sign_verify/rsa_priv_2048.h create mode 100644 embedded/signature/rsa_sign_verify/rsa_pub_2048.h create mode 100644 embedded/signature/rsa_sign_verify/rsa_sign_verify.c create mode 100644 embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c create mode 100644 embedded/signature/rsa_sign_verify/sign.c create mode 100755 embedded/signature/rsa_sign_verify/sign_vfy.sh create mode 100644 embedded/signature/rsa_sign_verify/signature.h create mode 100644 embedded/signature/rsa_sign_verify/user_settings.h create mode 100644 embedded/signature/rsa_sign_verify/verify.c create mode 100644 embedded/signature/rsa_vfy_only_nonblock/Makefile create mode 100644 embedded/signature/rsa_vfy_only_nonblock/user_settings.h create mode 100644 embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c diff --git a/embedded/signature/README.md b/embedded/signature/README.md index 9a2646330..1836f39d6 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -4,9 +4,14 @@ This directory includes the following examples under the sub-directories.Each ha ​ |Scheme|Directory|Description| |---|---|---| -|RSA|rsa_vfy_only |verify signature| -||rsa_buffer|sign/verify signature | -|ECDSA|signature/ecc-sign-verify/|sign msg and verify signature| +|RSA|rsa_sign_verify|sign/verify signature inline | +||rsa_buffer|sign/verify signature| +||rsa_vfy_only |verify signature| +||rsa_vfy_only_nonblock|verify signature with non-blocking| +|ECDSA|ecc_sign_verify/|sign msg and verify signature| +||ecc_vfy_only|verify Signature| +||ecc_vfy_only_nonblock|verify signature with non-blocking| + You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc_sign_verify/Makefile similarity index 93% rename from embedded/signature/ecc-sign-verify/Makefile rename to embedded/signature/ecc_sign_verify/Makefile index 9b9925e1d..695219ec6 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc_sign_verify/Makefile @@ -1,3 +1,4 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os @@ -61,7 +62,7 @@ endif all : ecc_sign_verify bench mem ecc_sign_verify: clean $(OBJ) - $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc_sign_verify/README.md similarity index 97% rename from embedded/signature/ecc-sign-verify/README.md rename to embedded/signature/ecc_sign_verify/README.md index 53382982b..9835ff7c5 100644 --- a/embedded/signature/ecc-sign-verify/README.md +++ b/embedded/signature/ecc_sign_verify/README.md @@ -119,9 +119,9 @@ Successfully verified signature w/ ecc key size 512! Key size is 521, byteField = 66 Successfully verified signature w/ ecc key size 521! -total Allocs = 522 -total Deallocs = 522 -total Bytes = 243047 +total Allocs = 422 +total Deallocs = 422 +total Bytes = 195047 peak Bytes = 5557 current Bytes = 0 stack used = 14448 diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c similarity index 96% rename from embedded/signature/ecc-sign-verify/ecc_sign_verify.c rename to embedded/signature/ecc_sign_verify/ecc_sign_verify.c index 989fd533b..561453c9b 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c @@ -1,6 +1,6 @@ /* ecc_sign_verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -117,6 +117,7 @@ int do_sig_ver_test(int eccKeySz) WC_RNG rng; int verified = 0; + /* Variables for Benchmark */ double start_time, total_time; #ifndef BENCH_TIME_SEC @@ -158,9 +159,6 @@ double start_time, total_time; ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); - ret = wc_ecc_make_key(&rng, byteField, &key); - CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); - #ifdef BENCHMARK count = 0; start_time = current_time(1); @@ -172,17 +170,17 @@ double start_time, total_time; ret = wc_ecc_make_key(&rng, byteField, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); - // printf("%s\n",hash); ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &maxSigSz, &rng, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_sign_hash()"); #ifdef SHOW_SIGS_IN_EXAMPLE hexdump(sig, maxSigSz, 16); #endif - - ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, - &key); + ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), + &verified, &key); + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc_sign_verify/user_settings.h similarity index 100% rename from embedded/signature/ecc-sign-verify/user_settings.h rename to embedded/signature/ecc_sign_verify/user_settings.h diff --git a/embedded/signature/ecc_vfy_only/Makefile b/embedded/signature/ecc_vfy_only/Makefile new file mode 100644 index 000000000..850946795 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/Makefile @@ -0,0 +1,77 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + +.PHONY: all clean mem size bench + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +all : ecc_verify bench mem + + +ecc_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_verify ecc_verify.c $(OBJ) + +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_verify_bench ecc_verify.c $(OBJ) + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_verify_mem ecc_verify.c $(OBJ) -lpthread +clean: + rm -f ecc_verify ecc_verify_bench ecc_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) ecc_verify diff --git a/embedded/signature/ecc_vfy_only/ecc_pubKey.h b/embedded/signature/ecc_vfy_only/ecc_pubKey.h new file mode 100644 index 000000000..0afe2c9e7 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/ecc_pubKey.h @@ -0,0 +1,150 @@ +unsigned char ecc_PublicKey_112[] = { + 0x04, 0x67, 0xa6, 0xdc, 0x12, 0x25, 0xdb, 0x81, + 0x5c, 0x67, 0x7c, 0xbf, 0x55, 0x3b, 0xd9, 0x51, + 0xb1, 0x61, 0xb4, 0x88, 0xb8, 0x6c, 0xa5, 0x4a, + 0xb0, 0xe8, 0x79, 0x15, 0x4a, 0xfc, 0x6f, 0x01, + 0x6b, 0xc0, 0xc5, 0xdd, 0xc2, 0xe3, 0x59, 0xda, + 0x18, 0x82, 0x46, 0xa4, 0x32, 0xb5, 0x6d, 0x3b, + 0xd1, 0x91, 0xcc, 0x19, 0xb7, 0xab, 0x8d, 0x99, + 0xad, +}; + +unsigned char ecc_PublicKey_128[] = { + 0x04, 0x0f, 0x31, 0xea, 0x92, 0x1d, 0x84, 0xcf, + 0xce, 0xe1, 0xe5, 0x0b, 0x13, 0xda, 0xd3, 0xb2, + 0xb0, 0x57, 0x0c, 0x02, 0xdb, 0x50, 0xaa, 0xaa, + 0x65, 0x47, 0x6c, 0x2a, 0x41, 0xd4, 0x01, 0x72, + 0xdb, 0xd3, 0xcf, 0x42, 0x81, 0x7c, 0x05, 0x67, + 0x6e, 0x2a, 0x0a, 0x03, 0x0f, 0x91, 0x2b, 0x3b, + 0xe3, 0x48, 0x87, 0xb3, 0xb3, 0x70, 0x58, 0x17, + 0xed, +}; + +unsigned char ecc_PublicKey_160[] = { + 0x04, 0xf8, 0x93, 0xf7, 0xf7, 0x1f, 0xc6, 0x56, + 0x8c, 0x40, 0x11, 0x14, 0x74, 0xf5, 0x98, 0xa8, + 0x12, 0xc3, 0xba, 0x06, 0x9e, 0x6d, 0xdc, 0x1b, + 0xd3, 0x94, 0x9c, 0xf0, 0xc1, 0x99, 0x4e, 0x83, + 0xe9, 0x42, 0x53, 0xcd, 0x8d, 0x26, 0x5a, 0x01, + 0x4f, 0x82, 0x06, 0x42, 0x83, 0x65, 0x3c, 0x9e, + 0xd5, 0x2d, 0x73, 0x52, 0xbc, 0x49, 0x1b, 0x99, + 0x5c, +}; + +unsigned char ecc_PublicKey_192[] = { + 0x04, 0xf7, 0xea, 0x10, 0xc6, 0x43, 0xba, 0xbb, + 0x21, 0x14, 0x93, 0x11, 0xfe, 0x1a, 0x68, 0x59, + 0x23, 0x71, 0x52, 0xde, 0x47, 0x08, 0x04, 0xd1, + 0x77, 0xe4, 0x6f, 0x1f, 0x48, 0x4e, 0x8b, 0x92, + 0x1a, 0xb9, 0xe9, 0x61, 0xf4, 0x3c, 0x1b, 0xcd, + 0xe7, 0xaf, 0xc8, 0x59, 0x64, 0x9f, 0x80, 0x7e, + 0x4e, 0x72, 0x98, 0x15, 0x18, 0x60, 0x01, 0x77, + 0x8d, +}; + +unsigned char ecc_PublicKey_224[] = { + 0x04, 0xf1, 0x25, 0xec, 0xac, 0x14, 0x47, 0x35, + 0xcf, 0x32, 0x1a, 0xd2, 0x31, 0x60, 0xf6, 0x6b, + 0xb6, 0x8c, 0x02, 0xd1, 0x46, 0xfa, 0xa6, 0xe3, + 0xd9, 0xfd, 0x96, 0xbe, 0x44, 0x79, 0xc8, 0xbb, + 0x0f, 0x41, 0xc6, 0x3d, 0x52, 0xd2, 0x8b, 0xc7, + 0xe1, 0xfb, 0x03, 0x01, 0x07, 0x11, 0xaa, 0xba, + 0xf9, 0x57, 0x90, 0x5f, 0xc2, 0xaf, 0x20, 0xe2, + 0xd7, +}; + +unsigned char ecc_PublicKey_239[] = { + 0x04, 0x01, 0xc2, 0x14, 0xbf, 0x8c, 0x36, 0x9c, + 0x9d, 0xca, 0xb1, 0x20, 0xc8, 0x36, 0x45, 0x37, + 0x79, 0x60, 0x97, 0xe9, 0x57, 0xc3, 0x1e, 0x86, + 0xd1, 0x15, 0xc1, 0x57, 0xf1, 0x78, 0x91, 0x4e, + 0x69, 0x8f, 0xee, 0xf3, 0xb2, 0xcd, 0xae, 0x00, + 0x4e, 0x67, 0x47, 0x61, 0xab, 0xdd, 0x04, 0x79, + 0x0b, 0xf9, 0xeb, 0x4b, 0x70, 0xa3, 0x22, 0xa0, + 0xce, 0xb3, 0xc2, 0xd3, 0xd2, +}; + +unsigned char ecc_PublicKey_256[] = { + 0x04, 0x80, 0xc7, 0xb7, 0x97, 0xe3, 0xc6, 0x63, + 0x34, 0xcc, 0x72, 0x19, 0xb0, 0x3f, 0x4b, 0xe0, + 0x68, 0x3e, 0xba, 0x8c, 0x0e, 0x60, 0xb0, 0xef, + 0xfb, 0x6a, 0xb5, 0x5d, 0xaa, 0xaa, 0x27, 0x3b, + 0x5d, 0x4c, 0x2d, 0x58, 0x0f, 0x96, 0x75, 0xe0, + 0xe7, 0x5a, 0xab, 0xa0, 0xe9, 0x6a, 0x6a, 0x5f, + 0xa7, 0xd7, 0x5d, 0xb1, 0x1a, 0x8b, 0x3b, 0x74, + 0xcd, 0x75, 0x51, 0xa6, 0x89, 0xd4, 0x3d, 0x00, + 0xeb, +}; + +unsigned char ecc_PublicKey_320[] = { + 0x04, 0x5b, 0xf1, 0x32, 0x17, 0xf3, 0x63, 0x82, + 0xfc, 0x1c, 0x93, 0xca, 0x30, 0x7d, 0x22, 0xf6, + 0x97, 0xc9, 0x2d, 0x54, 0x35, 0x11, 0x77, 0x9c, + 0x3f, 0x44, 0x37, 0x9f, 0x8b, 0x82, 0x8d, 0x50, + 0x68, 0x2d, 0x0d, 0x1a, 0x19, 0x6d, 0xfc, 0xac, + 0xde, 0xc1, 0x81, 0x13, 0x90, 0x31, 0xcc, 0x0f, + 0x00, 0xa2, 0xf6, 0x7b, 0xc3, 0x51, 0x05, 0x46, + 0x67, 0xd3, 0x91, 0xb7, 0xaa, 0xdd, 0xb9, 0x87, + 0x03, 0x4e, 0x21, 0xd0, 0xa0, 0xfa, 0x31, 0x93, + 0x04, 0xc8, 0xea, 0xc5, 0x71, 0x4b, 0x0f, 0x98, + 0x4d, 0x16, 0x69, 0xe9, 0xc7, 0xda, 0xff, 0xfa, + 0xe1, 0xf0, 0xa5, 0xdd, 0x36, 0xf2, 0x04, 0x62, + 0xa6, +}; + +unsigned char ecc_PublicKey_384[] = { + 0x04, 0x51, 0xb3, 0x72, 0xda, 0xd2, 0xd7, 0x81, + 0x53, 0xe3, 0x4e, 0xa1, 0x27, 0x9a, 0x91, 0x42, + 0x8a, 0x29, 0x62, 0x7c, 0x8f, 0x49, 0x47, 0x47, + 0x4c, 0x0e, 0x23, 0x09, 0xf5, 0x13, 0x56, 0x08, + 0x2d, 0x54, 0xc3, 0xac, 0x05, 0xc4, 0x1f, 0x16, + 0x27, 0xd0, 0x4c, 0x3b, 0xed, 0xa0, 0x74, 0x62, + 0xe3, 0x1b, 0xa3, 0xd5, 0xf2, 0xf2, 0x5d, 0x6a, + 0x87, 0xa2, 0xf4, 0x09, 0x9a, 0x87, 0xee, 0xab, + 0x20, 0xe7, 0x42, 0xd2, 0x6d, 0x1b, 0x1c, 0x75, + 0x69, 0x46, 0x2e, 0x8c, 0x00, 0xe5, 0xd7, 0xc5, + 0xc4, 0xfb, 0x46, 0xe7, 0xf8, 0xc1, 0x25, 0x7c, + 0x94, 0x30, 0xd0, 0xd5, 0xdb, 0x8d, 0xe3, 0x15, + 0xc8, +}; + +unsigned char ecc_PublicKey_512[] = { + 0x04, 0x01, 0x5c, 0x37, 0xe0, 0x37, 0x3b, 0xad, + 0x8a, 0xfe, 0x3c, 0x52, 0x5d, 0xe7, 0xab, 0x77, + 0x39, 0x67, 0x94, 0x6c, 0x2a, 0x3f, 0xee, 0x95, + 0x19, 0x8d, 0xcc, 0xdc, 0xad, 0x62, 0x50, 0x97, + 0x79, 0xeb, 0xde, 0x70, 0xed, 0x2d, 0x44, 0x8f, + 0xcf, 0x1d, 0x49, 0x46, 0x32, 0x96, 0xe3, 0xb6, + 0xc5, 0x61, 0x4c, 0xfd, 0xcb, 0x65, 0x1f, 0x04, + 0x97, 0x39, 0x54, 0x46, 0xde, 0x54, 0x2f, 0x0a, + 0x51, 0xd5, 0xe6, 0x01, 0x1e, 0x78, 0x20, 0x15, + 0x1c, 0xb3, 0x6f, 0x14, 0x8f, 0x2f, 0x95, 0x9c, + 0x40, 0xea, 0x12, 0x52, 0x5a, 0xce, 0x7c, 0x43, + 0x28, 0x22, 0x31, 0x00, 0xcb, 0xbf, 0x86, 0x56, + 0xdc, 0x72, 0xa4, 0x49, 0x75, 0x80, 0xa4, 0x17, + 0xde, 0xa6, 0xf8, 0x3b, 0x39, 0x88, 0xd0, 0x8b, + 0x4e, 0x44, 0x69, 0x39, 0x7a, 0xcc, 0xcc, 0xc7, + 0x15, 0x1e, 0x6c, 0x76, 0xf2, 0x8d, 0x1b, 0x6c, + 0x64, 0x0a, 0x4c, 0x29, 0x35, +}; + + +unsigned char ecc_PublicKey_521[] = { + 0x04, 0x00, 0xf9, 0x56, 0xfb, 0x6c, 0x5a, 0x3d, + 0xc4, 0xf3, 0xb8, 0x07, 0x19, 0x2f, 0x93, 0x07, + 0x3c, 0x30, 0x7b, 0xd9, 0x9c, 0x11, 0xe8, 0xda, + 0xbe, 0x1b, 0x1b, 0xa3, 0xf2, 0x81, 0xf9, 0xd0, + 0x47, 0x0d, 0x06, 0xa4, 0x47, 0xa0, 0x8b, 0xca, + 0x0f, 0x0a, 0x3a, 0xda, 0x68, 0x38, 0x67, 0x5d, + 0x11, 0x77, 0xf8, 0x2f, 0x28, 0x0f, 0x31, 0xe5, + 0x26, 0xf5, 0x88, 0x2a, 0x79, 0x5f, 0xce, 0x55, + 0xe9, 0x71, 0x4c, 0x00, 0x9e, 0xfc, 0x7d, 0x00, + 0x04, 0xb8, 0x89, 0x04, 0xfc, 0x06, 0x38, 0x3f, + 0x9f, 0x0a, 0x80, 0x7f, 0x6b, 0x4c, 0xd2, 0x61, + 0x69, 0x00, 0x7f, 0x9c, 0x7c, 0x9b, 0xab, 0xa6, + 0x9c, 0x71, 0xa9, 0x15, 0x63, 0x4a, 0x03, 0xe8, + 0x96, 0xbb, 0x79, 0x6a, 0x50, 0xa6, 0xd0, 0xdf, + 0x66, 0xf5, 0xc8, 0xfa, 0x22, 0x94, 0xe0, 0x72, + 0xa6, 0x15, 0x94, 0x1e, 0x3b, 0x47, 0x36, 0x8e, + 0xcb, 0x10, 0x15, 0x27, 0x5b, +}; diff --git a/embedded/signature/ecc_vfy_only/ecc_verify.c b/embedded/signature/ecc_vfy_only/ecc_verify.c new file mode 100644 index 000000000..53e072a72 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/ecc_verify.c @@ -0,0 +1,258 @@ +/* ecc_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "signature.h" + + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 + + +int idx_key(int keysize); + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + + +int ecc_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + word32 sig_size; + int key_size; + unsigned char *pKeybuff; + + +/* Variables for Benchmark */ +double start_time, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 1 +#endif + int count; + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; +#ifndef BENCHMARK + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); +#endif + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + +#ifdef BENCHMARK + count = 0; + start_time = current_time(1); + + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ +#endif + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + + /* Import signature and ecc_key */ + + sig = sig_keys[idx_key(eccKeySz)].sig; + sig_size = sig_keys[idx_key(eccKeySz)].sig_size; + pKeybuff = sig_keys[idx_key(eccKeySz)].pubkey; + key_size = sig_keys[idx_key(eccKeySz)].key_size; + + ret = wc_ecc_import_x963(pKeybuff, key_size, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); + + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + maxSigSz = ECC_MAX_SIG_SIZE; +#ifdef BENCHMARK + count++; + } + + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); + +#else + +printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#endif /* BENCHMARK */ + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + return ret; +} + + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); + printf("Running ECC Sign Verify Benchmarks...\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_verify); +#else + return ecc_verify(); +#endif +} + +int idx_key(int keysize){ + switch(keysize){ + case ECC_KEY_SIZE_112: + return 0; + case ECC_KEY_SIZE_128: + return 1; + case ECC_KEY_SIZE_160: + return 2; + case ECC_KEY_SIZE_192: + return 3; + case ECC_KEY_SIZE_224: + return 4; + case ECC_KEY_SIZE_239: + return 5; + case ECC_KEY_SIZE_256: + return 6; + case ECC_KEY_SIZE_320: + return 7; + case ECC_KEY_SIZE_384: + return 8; + case ECC_KEY_SIZE_512: + return 9; + case ECC_KEY_SIZE_521: + return 10; + default: + return -1; + } + +} + diff --git a/embedded/signature/ecc_vfy_only/signature.h b/embedded/signature/ecc_vfy_only/signature.h new file mode 100644 index 000000000..e311cebef --- /dev/null +++ b/embedded/signature/ecc_vfy_only/signature.h @@ -0,0 +1,178 @@ +#include "ecc_pubKey.h" + +byte ecc_signature_112[] = { + 0x30, 0x3e, 0x02, 0x1d, 0x00, 0xdc, 0xef, 0xcc, + 0x1a, 0xe9, 0x97, 0x44, 0xf4, 0x85, 0xad, 0xef, + 0x88, 0x6e, 0x77, 0x2b, 0x27, 0x7b, 0xd5, 0xcd, + 0xfb, 0x47, 0x43, 0x40, 0x1a, 0x53, 0x2f, 0xc4, + 0x0b, 0x02, 0x1d, 0x00, 0x8e, 0x34, 0xbb, 0xf4, + 0x59, 0xef, 0xa0, 0x6b, 0x8c, 0xda, 0x00, 0xca, + 0xcb, 0xb4, 0x75, 0xdb, 0x37, 0x7e, 0x8e, 0xe1, + 0x7a, 0xc2, 0xd5, 0x3c, 0xb5, 0xbc, 0x33, 0xcd, +}; + +byte ecc_signature_128[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x23, 0x41, 0xf0, 0xe2, + 0x0f, 0x72, 0xbb, 0xe0, 0x8b, 0x42, 0xf8, 0xba, + 0xba, 0x81, 0xcb, 0xb2, 0xf9, 0xc6, 0x45, 0x44, + 0xfa, 0x8d, 0x8a, 0x33, 0x8d, 0xea, 0x34, 0xf0, + 0x02, 0x1c, 0x5f, 0x5e, 0x67, 0xad, 0x32, 0xee, + 0x90, 0xf1, 0x40, 0x6d, 0x34, 0x8e, 0x66, 0xd2, + 0x94, 0x1e, 0x28, 0xb3, 0xaa, 0x32, 0x10, 0x46, + 0x1c, 0xf7, 0x58, 0x1b, 0xf7, 0x4b, +}; + +byte ecc_signature_160[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x18, 0x8e, 0xc8, 0x08, + 0xe3, 0x0e, 0xf5, 0x7c, 0xe4, 0x32, 0xc9, 0x5d, + 0xe8, 0xab, 0xb4, 0x3c, 0x99, 0x18, 0xa8, 0x7f, + 0xba, 0x10, 0x49, 0x52, 0x63, 0xc6, 0x52, 0x58, + 0x02, 0x1d, 0x00, 0xc1, 0x5f, 0xe0, 0x17, 0xbb, + 0x16, 0x19, 0x52, 0xed, 0xb1, 0xde, 0x30, 0x1b, + 0x49, 0x87, 0x37, 0x8a, 0x24, 0xf9, 0x11, 0x50, + 0x9f, 0xaf, 0xa5, 0x18, 0x3c, 0xa3, 0x26, +}; + +byte ecc_signature_192[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x09, 0x75, 0x75, 0x9d, + 0xdb, 0x69, 0x5d, 0xba, 0x02, 0x31, 0xb9, 0x44, + 0xc0, 0x22, 0xeb, 0x9c, 0xb3, 0xd0, 0x9a, 0xc3, + 0x59, 0x2b, 0xdf, 0x23, 0x23, 0x46, 0x32, 0x0b, + 0x02, 0x1c, 0x1f, 0x3f, 0x73, 0x55, 0xbc, 0x29, + 0xa7, 0xa9, 0xd8, 0x3a, 0x9c, 0x3b, 0x97, 0x14, + 0xa5, 0x12, 0x10, 0x4e, 0x6f, 0x1c, 0xa3, 0xa8, + 0xee, 0x6e, 0x47, 0x28, 0xf2, 0x36, +}; + +byte ecc_signature_224[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x52, 0x7b, 0x2e, 0xcb, + 0x6a, 0x99, 0x0f, 0x56, 0xdf, 0x9f, 0xdc, 0x14, + 0xe5, 0xe9, 0x5c, 0x95, 0x7f, 0xed, 0x91, 0x1b, + 0x48, 0xb1, 0x31, 0x41, 0xe0, 0xcb, 0x45, 0xc5, + 0x02, 0x1d, 0x00, 0x9c, 0x62, 0xab, 0x1c, 0xb4, + 0xc5, 0x01, 0xea, 0x31, 0x40, 0x6e, 0x45, 0x77, + 0x29, 0xd6, 0x50, 0xc3, 0x52, 0x3c, 0x8c, 0xe6, + 0x7a, 0x38, 0xae, 0x73, 0xd6, 0xf1, 0x95, +}; + +byte ecc_signature_239[] = { + 0x30, 0x40, 0x02, 0x1e, 0x06, 0x22, 0x6e, 0x25, + 0x61, 0x98, 0xaa, 0x01, 0xd8, 0xfa, 0x43, 0x2d, + 0x7e, 0x7e, 0x22, 0x36, 0x1e, 0x7d, 0x7b, 0xcd, + 0xe2, 0x9f, 0x8d, 0x00, 0xa9, 0xd8, 0xf4, 0xbb, + 0x96, 0x27, 0x02, 0x1e, 0x50, 0x18, 0xa2, 0x90, + 0x0b, 0x43, 0x31, 0xab, 0x0d, 0xc8, 0x52, 0x59, + 0x99, 0x7f, 0x31, 0xbc, 0xac, 0xc7, 0x2b, 0x15, + 0x83, 0x7c, 0x19, 0xd6, 0xed, 0x04, 0x16, 0xe0, + 0xb3, 0x29, +}; + +byte ecc_signature_256[] = { + 0x30, 0x44, 0x02, 0x20, 0x14, 0xc7, 0xa9, 0x91, + 0x47, 0xf5, 0x0d, 0x31, 0x5a, 0x05, 0x4d, 0x7b, + 0x49, 0x40, 0x2f, 0x0e, 0x03, 0xc8, 0x61, 0x99, + 0xa4, 0xdf, 0x83, 0x68, 0xcb, 0x9f, 0xa7, 0x7a, + 0xd9, 0xd4, 0x3c, 0x20, 0x02, 0x20, 0x05, 0xa1, + 0x0d, 0xd8, 0xfd, 0x0b, 0x83, 0x4f, 0xcb, 0x0b, + 0x47, 0x60, 0x60, 0x04, 0xa9, 0xe3, 0x57, 0x46, + 0x5b, 0x34, 0x30, 0xb3, 0xc9, 0x9a, 0x8d, 0xd0, + 0x8f, 0xda, 0x9f, 0xb0, 0xb6, 0x86, +}; + +byte ecc_signature_320[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xb5, 0xaf, 0x8d, + 0x19, 0x3e, 0x3c, 0x15, 0x6c, 0xdc, 0x0b, 0xb9, + 0x64, 0x77, 0x60, 0x60, 0xab, 0x55, 0x2a, 0x4f, + 0x99, 0x23, 0x7c, 0x79, 0x2f, 0xf7, 0x6c, 0x86, + 0xfd, 0x81, 0x49, 0x6e, 0x76, 0x02, 0xe7, 0xb4, + 0x55, 0x0e, 0xff, 0xe8, 0x59, 0xd7, 0x10, 0x4c, + 0x6a, 0xd4, 0x4a, 0x4b, 0xad, 0x02, 0x31, 0x00, + 0xc2, 0x41, 0x36, 0x0e, 0x70, 0xeb, 0x2d, 0x30, + 0x22, 0x6d, 0x1d, 0x05, 0xe3, 0x65, 0xcb, 0x3b, + 0x9d, 0x34, 0x4e, 0xe6, 0x9f, 0x3f, 0xf1, 0xc6, + 0x1c, 0x85, 0xbc, 0x23, 0x6b, 0x2c, 0xa5, 0x02, + 0xbe, 0x4f, 0xd0, 0x87, 0x58, 0x54, 0x9f, 0xaf, + 0x4f, 0x6d, 0x31, 0xed, 0xf1, 0x5b, 0x3d, 0xf5, +}; + +byte ecc_signature_384[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xc0, 0x45, + 0x1c, 0x8c, 0x9a, 0xb1, 0x8e, 0xd2, 0xb9, 0xce, + 0xb7, 0x00, 0x77, 0x38, 0xb9, 0x1d, 0x85, 0x77, + 0x7d, 0x3b, 0xff, 0x12, 0x0c, 0x27, 0x2c, 0xe7, + 0x6f, 0xf4, 0x45, 0xb5, 0x4c, 0x74, 0x06, 0x73, + 0x34, 0x95, 0xb8, 0x17, 0x88, 0xfe, 0x7d, 0x93, + 0x30, 0x9b, 0x70, 0x92, 0x24, 0x02, 0x31, 0x00, + 0xca, 0xfd, 0x25, 0x9e, 0xf2, 0xd7, 0x4e, 0xfc, + 0xc6, 0xfc, 0x38, 0x0a, 0xb7, 0x6a, 0xa5, 0x43, + 0x00, 0xa1, 0xc4, 0x94, 0xc9, 0xa3, 0x40, 0xf9, + 0x54, 0x54, 0x68, 0xbe, 0xc8, 0x0c, 0x0e, 0xbb, + 0x9c, 0x75, 0xa7, 0x25, 0xdb, 0x09, 0x30, 0x50, + 0xff, 0xd1, 0x7f, 0x57, 0x24, 0xbe, 0x2a, 0x19, +}; + +byte ecc_signature_512[] = { + 0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xe0, 0x47, + 0xb7, 0x44, 0x33, 0x90, 0xe0, 0x33, 0x1c, 0xd7, + 0x32, 0x67, 0x3d, 0x89, 0xa4, 0x69, 0xee, 0x1a, + 0x0c, 0x10, 0x10, 0xaa, 0x99, 0xf6, 0xb6, 0xde, + 0x59, 0x5c, 0xbb, 0xb1, 0x2a, 0xb0, 0xe9, 0x50, + 0x06, 0x3e, 0x00, 0x24, 0xc1, 0x44, 0x9c, 0x39, + 0xfe, 0x63, 0x7f, 0x42, 0x6e, 0xa4, 0xf7, 0xb8, + 0x70, 0x53, 0x59, 0xda, 0xeb, 0x61, 0xa1, 0x6e, + 0x63, 0xc7, 0x82, 0xa2, 0xbb, 0x0c, 0x5d, 0x02, + 0x42, 0x01, 0x25, 0x5a, 0xac, 0xcc, 0x39, 0x04, + 0x63, 0x37, 0xce, 0x3f, 0xf7, 0x58, 0x98, 0xb2, + 0x62, 0x24, 0x14, 0xd9, 0x0e, 0x8b, 0xfb, 0x6c, + 0xdb, 0x6b, 0x05, 0xa9, 0x25, 0x90, 0xdb, 0x16, + 0x55, 0x78, 0x96, 0x46, 0x47, 0x66, 0xb2, 0x3b, + 0xcf, 0x16, 0x74, 0x40, 0xc0, 0x3c, 0x7a, 0x77, + 0x50, 0xe8, 0xc6, 0xb7, 0x6d, 0x7f, 0x81, 0xf2, + 0xf6, 0xca, 0x5c, 0x29, 0x8b, 0xa5, 0x4d, 0xd0, + 0x23, 0x86, 0x70, +}; + +byte ecc_signature_521[] = { + 0x30, 0x81, 0x87, 0x02, 0x41, 0x26, 0x39, 0x68, + 0xd0, 0x3d, 0xd4, 0x82, 0xe0, 0x53, 0x23, 0x4c, + 0x3c, 0x0e, 0x2f, 0xd8, 0xdb, 0x8c, 0x38, 0x04, + 0x3d, 0x8c, 0x71, 0xcf, 0xd6, 0x9f, 0x46, 0x80, + 0x68, 0x36, 0xe8, 0x23, 0x94, 0xcf, 0xf0, 0x5a, + 0x93, 0xd1, 0xc4, 0xb6, 0x89, 0x4f, 0x8e, 0x7b, + 0xf8, 0x13, 0x69, 0x0c, 0xc2, 0x11, 0xbd, 0x30, + 0x7b, 0x11, 0x0d, 0x60, 0x80, 0xd6, 0xd7, 0x7a, + 0xc3, 0x9f, 0xb2, 0x25, 0x20, 0xa2, 0x02, 0x42, + 0x00, 0xe1, 0x16, 0x64, 0x20, 0x33, 0x98, 0xfd, + 0x6b, 0xd8, 0x91, 0x5a, 0x83, 0xb7, 0x79, 0x82, + 0x7d, 0x39, 0xd6, 0x83, 0x49, 0x13, 0x10, 0x26, + 0x2f, 0x6c, 0x1e, 0x38, 0x10, 0x13, 0xd8, 0xeb, + 0x6f, 0x82, 0xbb, 0x4a, 0xed, 0x6e, 0x53, 0xbb, + 0xc8, 0x7c, 0xba, 0xe9, 0xac, 0xa9, 0xbe, 0xfd, + 0xe7, 0x6b, 0x80, 0x76, 0x6c, 0x1a, 0x31, 0x63, + 0x47, 0x91, 0x01, 0x9e, 0x15, 0x29, 0x1b, 0xea, + 0x3a, 0x69, +}; + + +typedef struct { + byte *sig; + word32 sig_size; + unsigned char *pubkey; + int key_size; +} sig_key; + +sig_key sig_keys[11] = { + {ecc_signature_112, sizeof(ecc_signature_112), ecc_PublicKey_112, sizeof(ecc_PublicKey_112)}, + {ecc_signature_128, sizeof(ecc_signature_128), ecc_PublicKey_128, sizeof(ecc_PublicKey_128)}, + {ecc_signature_160, sizeof(ecc_signature_160), ecc_PublicKey_160, sizeof(ecc_PublicKey_160)}, + {ecc_signature_192, sizeof(ecc_signature_192), ecc_PublicKey_192, sizeof(ecc_PublicKey_192)}, + {ecc_signature_224, sizeof(ecc_signature_224), ecc_PublicKey_224, sizeof(ecc_PublicKey_224)}, + {ecc_signature_239, sizeof(ecc_signature_239), ecc_PublicKey_239, sizeof(ecc_PublicKey_239)}, + {ecc_signature_256, sizeof(ecc_signature_256), ecc_PublicKey_256, sizeof(ecc_PublicKey_256)}, + {ecc_signature_320, sizeof(ecc_signature_320), ecc_PublicKey_320, sizeof(ecc_PublicKey_320)}, + {ecc_signature_384, sizeof(ecc_signature_384), ecc_PublicKey_384, sizeof(ecc_PublicKey_384)}, + {ecc_signature_512, sizeof(ecc_signature_512), ecc_PublicKey_512, sizeof(ecc_PublicKey_512)}, + {ecc_signature_521, sizeof(ecc_signature_521), ecc_PublicKey_521, sizeof(ecc_PublicKey_521)}, +}; + + diff --git a/embedded/signature/ecc_vfy_only/user_settings.h b/embedded/signature/ecc_vfy_only/user_settings.h new file mode 100644 index 000000000..5c81ec9d5 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/user_settings.h @@ -0,0 +1,83 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK +#endif + + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif + + diff --git a/embedded/signature/ecc_vfy_only_nonblock/Makefile b/embedded/signature/ecc_vfy_only_nonblock/Makefile new file mode 100644 index 000000000..83529dde5 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/Makefile @@ -0,0 +1,77 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +.PHONY: all clean size mem + + +all : ecc_verify_nonblock mem + + + +ecc_verify_nonblock: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_verify_nonblock ecc_verify_nonblock.c $(OBJ) + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_verify_nonblock_mem ecc_verify_nonblock.c $(OBJ) -lpthread +clean: + rm -f ecc_verify_nonblock ecc_verify_nonblock_mem $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) ecc_verify_nonblock diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h new file mode 100644 index 000000000..0afe2c9e7 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h @@ -0,0 +1,150 @@ +unsigned char ecc_PublicKey_112[] = { + 0x04, 0x67, 0xa6, 0xdc, 0x12, 0x25, 0xdb, 0x81, + 0x5c, 0x67, 0x7c, 0xbf, 0x55, 0x3b, 0xd9, 0x51, + 0xb1, 0x61, 0xb4, 0x88, 0xb8, 0x6c, 0xa5, 0x4a, + 0xb0, 0xe8, 0x79, 0x15, 0x4a, 0xfc, 0x6f, 0x01, + 0x6b, 0xc0, 0xc5, 0xdd, 0xc2, 0xe3, 0x59, 0xda, + 0x18, 0x82, 0x46, 0xa4, 0x32, 0xb5, 0x6d, 0x3b, + 0xd1, 0x91, 0xcc, 0x19, 0xb7, 0xab, 0x8d, 0x99, + 0xad, +}; + +unsigned char ecc_PublicKey_128[] = { + 0x04, 0x0f, 0x31, 0xea, 0x92, 0x1d, 0x84, 0xcf, + 0xce, 0xe1, 0xe5, 0x0b, 0x13, 0xda, 0xd3, 0xb2, + 0xb0, 0x57, 0x0c, 0x02, 0xdb, 0x50, 0xaa, 0xaa, + 0x65, 0x47, 0x6c, 0x2a, 0x41, 0xd4, 0x01, 0x72, + 0xdb, 0xd3, 0xcf, 0x42, 0x81, 0x7c, 0x05, 0x67, + 0x6e, 0x2a, 0x0a, 0x03, 0x0f, 0x91, 0x2b, 0x3b, + 0xe3, 0x48, 0x87, 0xb3, 0xb3, 0x70, 0x58, 0x17, + 0xed, +}; + +unsigned char ecc_PublicKey_160[] = { + 0x04, 0xf8, 0x93, 0xf7, 0xf7, 0x1f, 0xc6, 0x56, + 0x8c, 0x40, 0x11, 0x14, 0x74, 0xf5, 0x98, 0xa8, + 0x12, 0xc3, 0xba, 0x06, 0x9e, 0x6d, 0xdc, 0x1b, + 0xd3, 0x94, 0x9c, 0xf0, 0xc1, 0x99, 0x4e, 0x83, + 0xe9, 0x42, 0x53, 0xcd, 0x8d, 0x26, 0x5a, 0x01, + 0x4f, 0x82, 0x06, 0x42, 0x83, 0x65, 0x3c, 0x9e, + 0xd5, 0x2d, 0x73, 0x52, 0xbc, 0x49, 0x1b, 0x99, + 0x5c, +}; + +unsigned char ecc_PublicKey_192[] = { + 0x04, 0xf7, 0xea, 0x10, 0xc6, 0x43, 0xba, 0xbb, + 0x21, 0x14, 0x93, 0x11, 0xfe, 0x1a, 0x68, 0x59, + 0x23, 0x71, 0x52, 0xde, 0x47, 0x08, 0x04, 0xd1, + 0x77, 0xe4, 0x6f, 0x1f, 0x48, 0x4e, 0x8b, 0x92, + 0x1a, 0xb9, 0xe9, 0x61, 0xf4, 0x3c, 0x1b, 0xcd, + 0xe7, 0xaf, 0xc8, 0x59, 0x64, 0x9f, 0x80, 0x7e, + 0x4e, 0x72, 0x98, 0x15, 0x18, 0x60, 0x01, 0x77, + 0x8d, +}; + +unsigned char ecc_PublicKey_224[] = { + 0x04, 0xf1, 0x25, 0xec, 0xac, 0x14, 0x47, 0x35, + 0xcf, 0x32, 0x1a, 0xd2, 0x31, 0x60, 0xf6, 0x6b, + 0xb6, 0x8c, 0x02, 0xd1, 0x46, 0xfa, 0xa6, 0xe3, + 0xd9, 0xfd, 0x96, 0xbe, 0x44, 0x79, 0xc8, 0xbb, + 0x0f, 0x41, 0xc6, 0x3d, 0x52, 0xd2, 0x8b, 0xc7, + 0xe1, 0xfb, 0x03, 0x01, 0x07, 0x11, 0xaa, 0xba, + 0xf9, 0x57, 0x90, 0x5f, 0xc2, 0xaf, 0x20, 0xe2, + 0xd7, +}; + +unsigned char ecc_PublicKey_239[] = { + 0x04, 0x01, 0xc2, 0x14, 0xbf, 0x8c, 0x36, 0x9c, + 0x9d, 0xca, 0xb1, 0x20, 0xc8, 0x36, 0x45, 0x37, + 0x79, 0x60, 0x97, 0xe9, 0x57, 0xc3, 0x1e, 0x86, + 0xd1, 0x15, 0xc1, 0x57, 0xf1, 0x78, 0x91, 0x4e, + 0x69, 0x8f, 0xee, 0xf3, 0xb2, 0xcd, 0xae, 0x00, + 0x4e, 0x67, 0x47, 0x61, 0xab, 0xdd, 0x04, 0x79, + 0x0b, 0xf9, 0xeb, 0x4b, 0x70, 0xa3, 0x22, 0xa0, + 0xce, 0xb3, 0xc2, 0xd3, 0xd2, +}; + +unsigned char ecc_PublicKey_256[] = { + 0x04, 0x80, 0xc7, 0xb7, 0x97, 0xe3, 0xc6, 0x63, + 0x34, 0xcc, 0x72, 0x19, 0xb0, 0x3f, 0x4b, 0xe0, + 0x68, 0x3e, 0xba, 0x8c, 0x0e, 0x60, 0xb0, 0xef, + 0xfb, 0x6a, 0xb5, 0x5d, 0xaa, 0xaa, 0x27, 0x3b, + 0x5d, 0x4c, 0x2d, 0x58, 0x0f, 0x96, 0x75, 0xe0, + 0xe7, 0x5a, 0xab, 0xa0, 0xe9, 0x6a, 0x6a, 0x5f, + 0xa7, 0xd7, 0x5d, 0xb1, 0x1a, 0x8b, 0x3b, 0x74, + 0xcd, 0x75, 0x51, 0xa6, 0x89, 0xd4, 0x3d, 0x00, + 0xeb, +}; + +unsigned char ecc_PublicKey_320[] = { + 0x04, 0x5b, 0xf1, 0x32, 0x17, 0xf3, 0x63, 0x82, + 0xfc, 0x1c, 0x93, 0xca, 0x30, 0x7d, 0x22, 0xf6, + 0x97, 0xc9, 0x2d, 0x54, 0x35, 0x11, 0x77, 0x9c, + 0x3f, 0x44, 0x37, 0x9f, 0x8b, 0x82, 0x8d, 0x50, + 0x68, 0x2d, 0x0d, 0x1a, 0x19, 0x6d, 0xfc, 0xac, + 0xde, 0xc1, 0x81, 0x13, 0x90, 0x31, 0xcc, 0x0f, + 0x00, 0xa2, 0xf6, 0x7b, 0xc3, 0x51, 0x05, 0x46, + 0x67, 0xd3, 0x91, 0xb7, 0xaa, 0xdd, 0xb9, 0x87, + 0x03, 0x4e, 0x21, 0xd0, 0xa0, 0xfa, 0x31, 0x93, + 0x04, 0xc8, 0xea, 0xc5, 0x71, 0x4b, 0x0f, 0x98, + 0x4d, 0x16, 0x69, 0xe9, 0xc7, 0xda, 0xff, 0xfa, + 0xe1, 0xf0, 0xa5, 0xdd, 0x36, 0xf2, 0x04, 0x62, + 0xa6, +}; + +unsigned char ecc_PublicKey_384[] = { + 0x04, 0x51, 0xb3, 0x72, 0xda, 0xd2, 0xd7, 0x81, + 0x53, 0xe3, 0x4e, 0xa1, 0x27, 0x9a, 0x91, 0x42, + 0x8a, 0x29, 0x62, 0x7c, 0x8f, 0x49, 0x47, 0x47, + 0x4c, 0x0e, 0x23, 0x09, 0xf5, 0x13, 0x56, 0x08, + 0x2d, 0x54, 0xc3, 0xac, 0x05, 0xc4, 0x1f, 0x16, + 0x27, 0xd0, 0x4c, 0x3b, 0xed, 0xa0, 0x74, 0x62, + 0xe3, 0x1b, 0xa3, 0xd5, 0xf2, 0xf2, 0x5d, 0x6a, + 0x87, 0xa2, 0xf4, 0x09, 0x9a, 0x87, 0xee, 0xab, + 0x20, 0xe7, 0x42, 0xd2, 0x6d, 0x1b, 0x1c, 0x75, + 0x69, 0x46, 0x2e, 0x8c, 0x00, 0xe5, 0xd7, 0xc5, + 0xc4, 0xfb, 0x46, 0xe7, 0xf8, 0xc1, 0x25, 0x7c, + 0x94, 0x30, 0xd0, 0xd5, 0xdb, 0x8d, 0xe3, 0x15, + 0xc8, +}; + +unsigned char ecc_PublicKey_512[] = { + 0x04, 0x01, 0x5c, 0x37, 0xe0, 0x37, 0x3b, 0xad, + 0x8a, 0xfe, 0x3c, 0x52, 0x5d, 0xe7, 0xab, 0x77, + 0x39, 0x67, 0x94, 0x6c, 0x2a, 0x3f, 0xee, 0x95, + 0x19, 0x8d, 0xcc, 0xdc, 0xad, 0x62, 0x50, 0x97, + 0x79, 0xeb, 0xde, 0x70, 0xed, 0x2d, 0x44, 0x8f, + 0xcf, 0x1d, 0x49, 0x46, 0x32, 0x96, 0xe3, 0xb6, + 0xc5, 0x61, 0x4c, 0xfd, 0xcb, 0x65, 0x1f, 0x04, + 0x97, 0x39, 0x54, 0x46, 0xde, 0x54, 0x2f, 0x0a, + 0x51, 0xd5, 0xe6, 0x01, 0x1e, 0x78, 0x20, 0x15, + 0x1c, 0xb3, 0x6f, 0x14, 0x8f, 0x2f, 0x95, 0x9c, + 0x40, 0xea, 0x12, 0x52, 0x5a, 0xce, 0x7c, 0x43, + 0x28, 0x22, 0x31, 0x00, 0xcb, 0xbf, 0x86, 0x56, + 0xdc, 0x72, 0xa4, 0x49, 0x75, 0x80, 0xa4, 0x17, + 0xde, 0xa6, 0xf8, 0x3b, 0x39, 0x88, 0xd0, 0x8b, + 0x4e, 0x44, 0x69, 0x39, 0x7a, 0xcc, 0xcc, 0xc7, + 0x15, 0x1e, 0x6c, 0x76, 0xf2, 0x8d, 0x1b, 0x6c, + 0x64, 0x0a, 0x4c, 0x29, 0x35, +}; + + +unsigned char ecc_PublicKey_521[] = { + 0x04, 0x00, 0xf9, 0x56, 0xfb, 0x6c, 0x5a, 0x3d, + 0xc4, 0xf3, 0xb8, 0x07, 0x19, 0x2f, 0x93, 0x07, + 0x3c, 0x30, 0x7b, 0xd9, 0x9c, 0x11, 0xe8, 0xda, + 0xbe, 0x1b, 0x1b, 0xa3, 0xf2, 0x81, 0xf9, 0xd0, + 0x47, 0x0d, 0x06, 0xa4, 0x47, 0xa0, 0x8b, 0xca, + 0x0f, 0x0a, 0x3a, 0xda, 0x68, 0x38, 0x67, 0x5d, + 0x11, 0x77, 0xf8, 0x2f, 0x28, 0x0f, 0x31, 0xe5, + 0x26, 0xf5, 0x88, 0x2a, 0x79, 0x5f, 0xce, 0x55, + 0xe9, 0x71, 0x4c, 0x00, 0x9e, 0xfc, 0x7d, 0x00, + 0x04, 0xb8, 0x89, 0x04, 0xfc, 0x06, 0x38, 0x3f, + 0x9f, 0x0a, 0x80, 0x7f, 0x6b, 0x4c, 0xd2, 0x61, + 0x69, 0x00, 0x7f, 0x9c, 0x7c, 0x9b, 0xab, 0xa6, + 0x9c, 0x71, 0xa9, 0x15, 0x63, 0x4a, 0x03, 0xe8, + 0x96, 0xbb, 0x79, 0x6a, 0x50, 0xa6, 0xd0, 0xdf, + 0x66, 0xf5, 0xc8, 0xfa, 0x22, 0x94, 0xe0, 0x72, + 0xa6, 0x15, 0x94, 0x1e, 0x3b, 0x47, 0x36, 0x8e, + 0xcb, 0x10, 0x15, 0x27, 0x5b, +}; diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c new file mode 100644 index 000000000..8434b8431 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c @@ -0,0 +1,274 @@ +/* ecc_verify_nonblock.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "signature.h" + + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 + + +int idx_key(int keysize); + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + + +int ecc_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + word32 sig_size; + int key_size; + unsigned char *pKeybuff; + +#ifdef NONBLOCK + ecc_nb_ctx_t nb_ctx; + double total_blk_time; + double pre_returned_t; /* previous recent returned time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ + double blocking_t; /* current blocking time */ + int blk_count; + +#endif + + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; + + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); + + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + + + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + + /* Import signature and ecc_key */ + sig = sig_keys[idx_key(eccKeySz)].sig; + sig_size = sig_keys[idx_key(eccKeySz)].sig_size; + pKeybuff = sig_keys[idx_key(eccKeySz)].pubkey; + key_size = sig_keys[idx_key(eccKeySz)].key_size; + + ret = wc_ecc_import_x963(pKeybuff, key_size, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); + + +#ifdef NONBLOCK + ret = wc_ecc_set_nonblock(&key, &nb_ctx); + CHECK_RET(ret, 0, rng_done, "wc_ecc_set_nonblock()"); + + blk_count = 0; + pre_returned_t = current_time(1); + + do { + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (ret == FP_WOULDBLOCK); + +#else + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); +#endif /* NONBLOCK */ + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + + + printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#ifdef NONBLOCK + if (eccKeySz >= ECC_KEY_SIZE_256){ + printf("Non-blocking:\n"); + printf(" Total time: %.2f micro sec, Bloking count: %d\n",\ + 1000*1000*total_blk_time, blk_count); + printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + + } +#endif /* NONBLOCK */ + + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + return ret; +} + + + + +int main(){ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_verify); +#else + return ecc_verify(); +#endif +} + +int idx_key(int keysize){ + switch(keysize){ + case ECC_KEY_SIZE_112: + return 0; + case ECC_KEY_SIZE_128: + return 1; + case ECC_KEY_SIZE_160: + return 2; + case ECC_KEY_SIZE_192: + return 3; + case ECC_KEY_SIZE_224: + return 4; + case ECC_KEY_SIZE_239: + return 5; + case ECC_KEY_SIZE_256: + return 6; + case ECC_KEY_SIZE_320: + return 7; + case ECC_KEY_SIZE_384: + return 8; + case ECC_KEY_SIZE_512: + return 9; + case ECC_KEY_SIZE_521: + return 10; + default: + return -1; + } + +} + diff --git a/embedded/signature/ecc_vfy_only_nonblock/signature.h b/embedded/signature/ecc_vfy_only_nonblock/signature.h new file mode 100644 index 000000000..e311cebef --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/signature.h @@ -0,0 +1,178 @@ +#include "ecc_pubKey.h" + +byte ecc_signature_112[] = { + 0x30, 0x3e, 0x02, 0x1d, 0x00, 0xdc, 0xef, 0xcc, + 0x1a, 0xe9, 0x97, 0x44, 0xf4, 0x85, 0xad, 0xef, + 0x88, 0x6e, 0x77, 0x2b, 0x27, 0x7b, 0xd5, 0xcd, + 0xfb, 0x47, 0x43, 0x40, 0x1a, 0x53, 0x2f, 0xc4, + 0x0b, 0x02, 0x1d, 0x00, 0x8e, 0x34, 0xbb, 0xf4, + 0x59, 0xef, 0xa0, 0x6b, 0x8c, 0xda, 0x00, 0xca, + 0xcb, 0xb4, 0x75, 0xdb, 0x37, 0x7e, 0x8e, 0xe1, + 0x7a, 0xc2, 0xd5, 0x3c, 0xb5, 0xbc, 0x33, 0xcd, +}; + +byte ecc_signature_128[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x23, 0x41, 0xf0, 0xe2, + 0x0f, 0x72, 0xbb, 0xe0, 0x8b, 0x42, 0xf8, 0xba, + 0xba, 0x81, 0xcb, 0xb2, 0xf9, 0xc6, 0x45, 0x44, + 0xfa, 0x8d, 0x8a, 0x33, 0x8d, 0xea, 0x34, 0xf0, + 0x02, 0x1c, 0x5f, 0x5e, 0x67, 0xad, 0x32, 0xee, + 0x90, 0xf1, 0x40, 0x6d, 0x34, 0x8e, 0x66, 0xd2, + 0x94, 0x1e, 0x28, 0xb3, 0xaa, 0x32, 0x10, 0x46, + 0x1c, 0xf7, 0x58, 0x1b, 0xf7, 0x4b, +}; + +byte ecc_signature_160[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x18, 0x8e, 0xc8, 0x08, + 0xe3, 0x0e, 0xf5, 0x7c, 0xe4, 0x32, 0xc9, 0x5d, + 0xe8, 0xab, 0xb4, 0x3c, 0x99, 0x18, 0xa8, 0x7f, + 0xba, 0x10, 0x49, 0x52, 0x63, 0xc6, 0x52, 0x58, + 0x02, 0x1d, 0x00, 0xc1, 0x5f, 0xe0, 0x17, 0xbb, + 0x16, 0x19, 0x52, 0xed, 0xb1, 0xde, 0x30, 0x1b, + 0x49, 0x87, 0x37, 0x8a, 0x24, 0xf9, 0x11, 0x50, + 0x9f, 0xaf, 0xa5, 0x18, 0x3c, 0xa3, 0x26, +}; + +byte ecc_signature_192[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x09, 0x75, 0x75, 0x9d, + 0xdb, 0x69, 0x5d, 0xba, 0x02, 0x31, 0xb9, 0x44, + 0xc0, 0x22, 0xeb, 0x9c, 0xb3, 0xd0, 0x9a, 0xc3, + 0x59, 0x2b, 0xdf, 0x23, 0x23, 0x46, 0x32, 0x0b, + 0x02, 0x1c, 0x1f, 0x3f, 0x73, 0x55, 0xbc, 0x29, + 0xa7, 0xa9, 0xd8, 0x3a, 0x9c, 0x3b, 0x97, 0x14, + 0xa5, 0x12, 0x10, 0x4e, 0x6f, 0x1c, 0xa3, 0xa8, + 0xee, 0x6e, 0x47, 0x28, 0xf2, 0x36, +}; + +byte ecc_signature_224[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x52, 0x7b, 0x2e, 0xcb, + 0x6a, 0x99, 0x0f, 0x56, 0xdf, 0x9f, 0xdc, 0x14, + 0xe5, 0xe9, 0x5c, 0x95, 0x7f, 0xed, 0x91, 0x1b, + 0x48, 0xb1, 0x31, 0x41, 0xe0, 0xcb, 0x45, 0xc5, + 0x02, 0x1d, 0x00, 0x9c, 0x62, 0xab, 0x1c, 0xb4, + 0xc5, 0x01, 0xea, 0x31, 0x40, 0x6e, 0x45, 0x77, + 0x29, 0xd6, 0x50, 0xc3, 0x52, 0x3c, 0x8c, 0xe6, + 0x7a, 0x38, 0xae, 0x73, 0xd6, 0xf1, 0x95, +}; + +byte ecc_signature_239[] = { + 0x30, 0x40, 0x02, 0x1e, 0x06, 0x22, 0x6e, 0x25, + 0x61, 0x98, 0xaa, 0x01, 0xd8, 0xfa, 0x43, 0x2d, + 0x7e, 0x7e, 0x22, 0x36, 0x1e, 0x7d, 0x7b, 0xcd, + 0xe2, 0x9f, 0x8d, 0x00, 0xa9, 0xd8, 0xf4, 0xbb, + 0x96, 0x27, 0x02, 0x1e, 0x50, 0x18, 0xa2, 0x90, + 0x0b, 0x43, 0x31, 0xab, 0x0d, 0xc8, 0x52, 0x59, + 0x99, 0x7f, 0x31, 0xbc, 0xac, 0xc7, 0x2b, 0x15, + 0x83, 0x7c, 0x19, 0xd6, 0xed, 0x04, 0x16, 0xe0, + 0xb3, 0x29, +}; + +byte ecc_signature_256[] = { + 0x30, 0x44, 0x02, 0x20, 0x14, 0xc7, 0xa9, 0x91, + 0x47, 0xf5, 0x0d, 0x31, 0x5a, 0x05, 0x4d, 0x7b, + 0x49, 0x40, 0x2f, 0x0e, 0x03, 0xc8, 0x61, 0x99, + 0xa4, 0xdf, 0x83, 0x68, 0xcb, 0x9f, 0xa7, 0x7a, + 0xd9, 0xd4, 0x3c, 0x20, 0x02, 0x20, 0x05, 0xa1, + 0x0d, 0xd8, 0xfd, 0x0b, 0x83, 0x4f, 0xcb, 0x0b, + 0x47, 0x60, 0x60, 0x04, 0xa9, 0xe3, 0x57, 0x46, + 0x5b, 0x34, 0x30, 0xb3, 0xc9, 0x9a, 0x8d, 0xd0, + 0x8f, 0xda, 0x9f, 0xb0, 0xb6, 0x86, +}; + +byte ecc_signature_320[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xb5, 0xaf, 0x8d, + 0x19, 0x3e, 0x3c, 0x15, 0x6c, 0xdc, 0x0b, 0xb9, + 0x64, 0x77, 0x60, 0x60, 0xab, 0x55, 0x2a, 0x4f, + 0x99, 0x23, 0x7c, 0x79, 0x2f, 0xf7, 0x6c, 0x86, + 0xfd, 0x81, 0x49, 0x6e, 0x76, 0x02, 0xe7, 0xb4, + 0x55, 0x0e, 0xff, 0xe8, 0x59, 0xd7, 0x10, 0x4c, + 0x6a, 0xd4, 0x4a, 0x4b, 0xad, 0x02, 0x31, 0x00, + 0xc2, 0x41, 0x36, 0x0e, 0x70, 0xeb, 0x2d, 0x30, + 0x22, 0x6d, 0x1d, 0x05, 0xe3, 0x65, 0xcb, 0x3b, + 0x9d, 0x34, 0x4e, 0xe6, 0x9f, 0x3f, 0xf1, 0xc6, + 0x1c, 0x85, 0xbc, 0x23, 0x6b, 0x2c, 0xa5, 0x02, + 0xbe, 0x4f, 0xd0, 0x87, 0x58, 0x54, 0x9f, 0xaf, + 0x4f, 0x6d, 0x31, 0xed, 0xf1, 0x5b, 0x3d, 0xf5, +}; + +byte ecc_signature_384[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xc0, 0x45, + 0x1c, 0x8c, 0x9a, 0xb1, 0x8e, 0xd2, 0xb9, 0xce, + 0xb7, 0x00, 0x77, 0x38, 0xb9, 0x1d, 0x85, 0x77, + 0x7d, 0x3b, 0xff, 0x12, 0x0c, 0x27, 0x2c, 0xe7, + 0x6f, 0xf4, 0x45, 0xb5, 0x4c, 0x74, 0x06, 0x73, + 0x34, 0x95, 0xb8, 0x17, 0x88, 0xfe, 0x7d, 0x93, + 0x30, 0x9b, 0x70, 0x92, 0x24, 0x02, 0x31, 0x00, + 0xca, 0xfd, 0x25, 0x9e, 0xf2, 0xd7, 0x4e, 0xfc, + 0xc6, 0xfc, 0x38, 0x0a, 0xb7, 0x6a, 0xa5, 0x43, + 0x00, 0xa1, 0xc4, 0x94, 0xc9, 0xa3, 0x40, 0xf9, + 0x54, 0x54, 0x68, 0xbe, 0xc8, 0x0c, 0x0e, 0xbb, + 0x9c, 0x75, 0xa7, 0x25, 0xdb, 0x09, 0x30, 0x50, + 0xff, 0xd1, 0x7f, 0x57, 0x24, 0xbe, 0x2a, 0x19, +}; + +byte ecc_signature_512[] = { + 0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xe0, 0x47, + 0xb7, 0x44, 0x33, 0x90, 0xe0, 0x33, 0x1c, 0xd7, + 0x32, 0x67, 0x3d, 0x89, 0xa4, 0x69, 0xee, 0x1a, + 0x0c, 0x10, 0x10, 0xaa, 0x99, 0xf6, 0xb6, 0xde, + 0x59, 0x5c, 0xbb, 0xb1, 0x2a, 0xb0, 0xe9, 0x50, + 0x06, 0x3e, 0x00, 0x24, 0xc1, 0x44, 0x9c, 0x39, + 0xfe, 0x63, 0x7f, 0x42, 0x6e, 0xa4, 0xf7, 0xb8, + 0x70, 0x53, 0x59, 0xda, 0xeb, 0x61, 0xa1, 0x6e, + 0x63, 0xc7, 0x82, 0xa2, 0xbb, 0x0c, 0x5d, 0x02, + 0x42, 0x01, 0x25, 0x5a, 0xac, 0xcc, 0x39, 0x04, + 0x63, 0x37, 0xce, 0x3f, 0xf7, 0x58, 0x98, 0xb2, + 0x62, 0x24, 0x14, 0xd9, 0x0e, 0x8b, 0xfb, 0x6c, + 0xdb, 0x6b, 0x05, 0xa9, 0x25, 0x90, 0xdb, 0x16, + 0x55, 0x78, 0x96, 0x46, 0x47, 0x66, 0xb2, 0x3b, + 0xcf, 0x16, 0x74, 0x40, 0xc0, 0x3c, 0x7a, 0x77, + 0x50, 0xe8, 0xc6, 0xb7, 0x6d, 0x7f, 0x81, 0xf2, + 0xf6, 0xca, 0x5c, 0x29, 0x8b, 0xa5, 0x4d, 0xd0, + 0x23, 0x86, 0x70, +}; + +byte ecc_signature_521[] = { + 0x30, 0x81, 0x87, 0x02, 0x41, 0x26, 0x39, 0x68, + 0xd0, 0x3d, 0xd4, 0x82, 0xe0, 0x53, 0x23, 0x4c, + 0x3c, 0x0e, 0x2f, 0xd8, 0xdb, 0x8c, 0x38, 0x04, + 0x3d, 0x8c, 0x71, 0xcf, 0xd6, 0x9f, 0x46, 0x80, + 0x68, 0x36, 0xe8, 0x23, 0x94, 0xcf, 0xf0, 0x5a, + 0x93, 0xd1, 0xc4, 0xb6, 0x89, 0x4f, 0x8e, 0x7b, + 0xf8, 0x13, 0x69, 0x0c, 0xc2, 0x11, 0xbd, 0x30, + 0x7b, 0x11, 0x0d, 0x60, 0x80, 0xd6, 0xd7, 0x7a, + 0xc3, 0x9f, 0xb2, 0x25, 0x20, 0xa2, 0x02, 0x42, + 0x00, 0xe1, 0x16, 0x64, 0x20, 0x33, 0x98, 0xfd, + 0x6b, 0xd8, 0x91, 0x5a, 0x83, 0xb7, 0x79, 0x82, + 0x7d, 0x39, 0xd6, 0x83, 0x49, 0x13, 0x10, 0x26, + 0x2f, 0x6c, 0x1e, 0x38, 0x10, 0x13, 0xd8, 0xeb, + 0x6f, 0x82, 0xbb, 0x4a, 0xed, 0x6e, 0x53, 0xbb, + 0xc8, 0x7c, 0xba, 0xe9, 0xac, 0xa9, 0xbe, 0xfd, + 0xe7, 0x6b, 0x80, 0x76, 0x6c, 0x1a, 0x31, 0x63, + 0x47, 0x91, 0x01, 0x9e, 0x15, 0x29, 0x1b, 0xea, + 0x3a, 0x69, +}; + + +typedef struct { + byte *sig; + word32 sig_size; + unsigned char *pubkey; + int key_size; +} sig_key; + +sig_key sig_keys[11] = { + {ecc_signature_112, sizeof(ecc_signature_112), ecc_PublicKey_112, sizeof(ecc_PublicKey_112)}, + {ecc_signature_128, sizeof(ecc_signature_128), ecc_PublicKey_128, sizeof(ecc_PublicKey_128)}, + {ecc_signature_160, sizeof(ecc_signature_160), ecc_PublicKey_160, sizeof(ecc_PublicKey_160)}, + {ecc_signature_192, sizeof(ecc_signature_192), ecc_PublicKey_192, sizeof(ecc_PublicKey_192)}, + {ecc_signature_224, sizeof(ecc_signature_224), ecc_PublicKey_224, sizeof(ecc_PublicKey_224)}, + {ecc_signature_239, sizeof(ecc_signature_239), ecc_PublicKey_239, sizeof(ecc_PublicKey_239)}, + {ecc_signature_256, sizeof(ecc_signature_256), ecc_PublicKey_256, sizeof(ecc_PublicKey_256)}, + {ecc_signature_320, sizeof(ecc_signature_320), ecc_PublicKey_320, sizeof(ecc_PublicKey_320)}, + {ecc_signature_384, sizeof(ecc_signature_384), ecc_PublicKey_384, sizeof(ecc_PublicKey_384)}, + {ecc_signature_512, sizeof(ecc_signature_512), ecc_PublicKey_512, sizeof(ecc_PublicKey_512)}, + {ecc_signature_521, sizeof(ecc_signature_521), ecc_PublicKey_521, sizeof(ecc_PublicKey_521)}, +}; + + diff --git a/embedded/signature/ecc_vfy_only_nonblock/user_settings.h b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h new file mode 100644 index 000000000..c7d29c701 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h @@ -0,0 +1,91 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK +#endif + + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + + + + +#define NONBLOCK +#ifdef NONBLOCK + #define WC_ECC_NONBLOCK + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC +#endif + +#define WOLFSSL_SP_384 +#define WOLFSSL_SP_521 diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index 09825debc..0e30e51e2 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,5 +1,5 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl -# EX_CFLAGS CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) @@ -63,9 +63,9 @@ endif all: verify sign bench mem verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) sign: clean $(OBJ) - $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread mem: clean $(OBJ) diff --git a/embedded/signature/rsa_buffer/rsa_priv_2048.h b/embedded/signature/rsa_buffer/rsa_priv_2048.h index 8c4242271..d859fd1c3 100644 --- a/embedded/signature/rsa_buffer/rsa_priv_2048.h +++ b/embedded/signature/rsa_buffer/rsa_priv_2048.h @@ -1,6 +1,6 @@ /* rsa_priv_2048.h * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/rsa_pub_2048.h b/embedded/signature/rsa_buffer/rsa_pub_2048.h index 0d5a3b672..2df0fa670 100644 --- a/embedded/signature/rsa_buffer/rsa_pub_2048.h +++ b/embedded/signature/rsa_buffer/rsa_pub_2048.h @@ -1,6 +1,6 @@ /* rsa_pub_2048.h * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/sign.c b/embedded/signature/rsa_buffer/sign.c index 847f6db78..3a2d37274 100644 --- a/embedded/signature/rsa_buffer/sign.c +++ b/embedded/signature/rsa_buffer/sign.c @@ -1,6 +1,6 @@ /* sign.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h index cb94fedfa..df714dd8d 100644 --- a/embedded/signature/rsa_buffer/user_settings.h +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -75,3 +75,5 @@ #ifdef BENCHMARK #undef DEBUG_MEMORY #endif + + diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index b2e75655a..3ccab5eed 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -1,6 +1,6 @@ -/* rsa_pub_2048.h +/* verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,11 +57,16 @@ int verify() word32 decSigLen = 0; /* Variables for benchmark */ +#ifdef BENCHMARK double start, total_time; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 #endif int count; +#endif + + + #ifdef DEBUG_MEMORY wolfCrypt_Init(); @@ -99,9 +104,10 @@ int verify() count = 0; printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); - start = current_time(0);// 1 0 + start = current_time(0); while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ #endif + /* Verify the signature by decrypting the value. */ if (ret == 0) { decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), @@ -109,6 +115,7 @@ int verify() if ((int)decSigLen < 0) ret = (int)decSigLen; } + /* Check the decrypted result matches the encoded digest. */ if (ret == 0 && encSigLen != decSigLen) ret = -1; @@ -127,9 +134,10 @@ int verify() printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); printf("Finished Benchmark \n"); #else - printf("Verified\n"); + printf("Verified!\n"); #endif + finish: /* Free the data structures */ if (pRsaKey != NULL) diff --git a/embedded/signature/rsa_sign_verify/Makefile b/embedded/signature/rsa_sign_verify/Makefile new file mode 100644 index 000000000..221279fd8 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/Makefile @@ -0,0 +1,79 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean size mem bench + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +all: rsa_sign_verify bench mem +rsa_sign_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o rsa_sign_verify rsa_sign_verify.c $(OBJ) + +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o rsa_sign_verify_bench rsa_sign_verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_mem rsa_sign_verify.c $(OBJ) -lpthread + +nonblock: CFLAGS += -DNONBLOCK +nonblock: clean $(OBJ) + $(CC) -DNONBLOCK $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_nonblock rsa_sign_verify_nonblock.c $(OBJ) -lpthread + +clean: + rm -f rsa_sign_verify rsa_sign_verify_bench rsa_sign_verify_mem rsa_sign_verify_nonblock $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) sign verify diff --git a/embedded/signature/rsa_sign_verify/README.md b/embedded/signature/rsa_sign_verify/README.md new file mode 100644 index 000000000..0357e7ea6 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/README.md @@ -0,0 +1,106 @@ +# RSA Signature Test Example + +### PKCS#1.5 and PSS +To switch from PKCS#1.5 to PSS, `#define PSS_PADDING` in user_settings.h + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +``` +./sign +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +- built with the option `math=sp arch=arm64` +``` +./verify_bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 236782 times, 78927.31 Cycles/sec +Finished Benchmark +``` + + +- built with the option `math=tfm` +``` +./verify_bench +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76860 times, 25619.98 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify_mem +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 12392 +``` + + +# Non-blocking + +- RSA non-blocking mode only supported using TFM. + +To make Non-blocking RSA, +``` +make nonblock math=tfm +``` +then `rsa_sign_verify_nonblock` is generated. + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_sign_verify/rsa_priv_2048.h b/embedded/signature/rsa_sign_verify/rsa_priv_2048.h new file mode 100644 index 000000000..d859fd1c3 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_priv_2048.h @@ -0,0 +1,151 @@ +/* rsa_priv_2048.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit private key. + * It is the private counterpart to "rsa_pub_2048.h" + */ + +/* RSA private key to sign with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char private_key_2048[] = { + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + diff --git a/embedded/signature/rsa_sign_verify/rsa_pub_2048.h b/embedded/signature/rsa_sign_verify/rsa_pub_2048.h new file mode 100644 index 000000000..2df0fa670 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_pub_2048.h @@ -0,0 +1,68 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit public key. + * It is the public counterpart to "rsa_priv_2048.h" + */ + +/* RSA public key to verify with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char public_key_2048[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, + 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, + 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, + 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, + 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, + 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, + 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, + 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, + 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, + 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, + 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, + 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, + 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, + 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, + 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, + 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, + 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, + 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, + 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, + 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, + 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, + 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, + 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, + 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c new file mode 100644 index 000000000..ef2f5fa38 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c @@ -0,0 +1,287 @@ +/* rsa_sign_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of signing and verifying an RSA signature. + * The signature can be PKCS#1.5 formatted and PSS formatted. + * + * - PKCS#1.5 + * 1. hash -> encSig + * 2. encSig -> signature + * 3. signature -> decSig + * + * - PSS + * 1. hash -> signature + * 2. signature -> decSig + * + * PKCS#1.5 is used for the Signature by default. + * To turning on PSS, define PSS_PADDING + */ + +#include +#include +#include +#include +#include +#include +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* RSA Key size bits */ +#define RSA_KEY_SIZE 2048 + + + + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +/* Variables to be used in both sign() and verify() */ +byte msg[] = "This is a message."; +byte hash[WC_SHA256_DIGEST_SIZE]; +byte signature[ RSA_KEY_SIZE / 8]; +word32 sigLen; +byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; +word32 encSigLen = 0; +byte decSig[ RSA_KEY_SIZE / 8]; +word32 decSigLen; + +RsaKey key; +RsaKey* pKey = NULL; + + +int sign(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + + int ret = 0; + wc_Sha256 sha256; + wc_Sha256* pSha256 = NULL; + WC_RNG rng; + WC_RNG* pRng; + long e = 65537; /* standard value to use for exponent */ + + /* Calculate SHA-256 digest of message */ + ret = wc_InitSha256(&sha256); + CHECK_RET(ret, 0, finish, "wc_InitSha256()"); + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + CHECK_RET(ret, 0, finish, "wc_Sha256Update()"); + ret = wc_Sha256Final(&sha256, hash); + CHECK_RET(ret, 0, finish, "wc_Sha256Final()"); + + + /* Initialize the RSA key. */ + ret = wc_InitRsaKey(&key, NULL); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pKey = &key; + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pRng = &rng; +#if defined(WC_RSA_BLINDING) || defined(PSS_PADDING) + ret = wc_RsaSetRNG(&key, &rng); + CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); +#endif + /* Generate 2048-bit RSA key*/ + ret = wc_MakeRsaKey(&key, RSA_KEY_SIZE, e, &rng); + CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); + +#ifdef PSS_PADDING + sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ + , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); + +#else /* PKCS#1.5 */ + sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ + &key, NULL); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); + +#endif + + +/* Generated Rsakey must be released in verify() */ +finish: + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + if (pRng != NULL) + wc_FreeRng(pRng); + +#if defined(DEBUG_MEMORY) + printf("Memory usage : sign() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + + return ret; +} + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + + int ret = 0; +/* Variables for benchmark */ +#ifdef BENCHMARK + double start, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 3 +#endif + int count; +#endif + +/* Check the RSA Key */ + if (pKey == NULL){ + printf("RSA Key is NULL in verify()\n"); + return -1; + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0); + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + + /* Verify the signature by decrypting the value. */ + + #ifdef PSS_PADDING + decSigLen = wc_RsaPSS_VerifyCheck(signature, sizeof(signature), + decSig, sizeof(decSig), hash, sizeof(hash), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_VerifyCheck()"); + + #else /* PKCS#1.5 */ + decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), + decSig, sizeof(decSig), &key); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + + #endif + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#elif defined(DEBUG_MEMORY) + +#else + printf("Verified!\n"); +#endif + + +finish: + if (pKey != NULL) + wc_FreeRsaKey(pKey); + +#ifdef DEBUG_MEMORY + printf("\n"); + printf("Memory usage : verify() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + + + +int main(){ + int ret = 0; +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)sign); +#else + ret = sign(); +#endif + +/* Check the return value of sign() */ + if(ret != 0) + return ret; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)verify); +#else + ret = verify(); +#endif + return ret; +} diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c new file mode 100644 index 000000000..a458ef2b9 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c @@ -0,0 +1,286 @@ +/* rsa_sign_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of signing and verifying an RSA signature. + * The signature can be PKCS#1.5 formatted and PSS formatted. + * + * - PKCS#1.5 + * 1. hash -> encSig + * 2. encSig -> signature + * 3. signature -> decSig + * + * - PSS + * 1. hash -> signature + * 2. signature -> decSig + * + * PKCS#1.5 is used for the Signature by default. + * To turning on PSS, define PSS_PADDING + */ + +#include +#include +#include +#include +#include +#include +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* RSA Key size bits */ +#define RSA_KEY_SIZE 2048 + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +#ifndef NONBLOCK + #define NONBLOCK +#endif + +/* Variables to be used in both sign() and verify() */ +byte msg[] = "This is a message."; +byte hash[WC_SHA256_DIGEST_SIZE]; +byte signature[ RSA_KEY_SIZE / 8]; +word32 sigLen; +byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; +word32 encSigLen = 0; +byte decSig[ RSA_KEY_SIZE / 8]; +word32 decSigLen; + +RsaKey key; +RsaKey* pKey = NULL; + + +/* Variables for non-blocking RSA */ +RsaNb nb_ctx; +double total_blk_time; +double pre_returned_t; /* previous recent returned time */ +double returned_t; /* most recent returned time */ +double max_t = -1.0; /* Maximum blocking time */ +double min_t = __DBL_MAX__; /* Minimum blocking time */ +double blocking_t; /* current blocking time */ +int blk_count; + + +int sign(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + int ret = 0; + wc_Sha256 sha256; + wc_Sha256* pSha256 = NULL; + WC_RNG rng; + WC_RNG* pRng; + long e = 65537; /* standard value to use for exponent */ + + + /* Calculate SHA-256 digest of message */ + ret = wc_InitSha256(&sha256); + CHECK_RET(ret, 0, finish, "wc_InitSha256()"); + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + CHECK_RET(ret, 0, finish, "wc_Sha256Update()"); + ret = wc_Sha256Final(&sha256, hash); + CHECK_RET(ret, 0, finish, "wc_Sha256Final()"); + + /* Initialize the RSA key. */ + ret = wc_InitRsaKey(&key, NULL); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pKey = &key; + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pRng = &rng; +#if defined(WC_RSA_BLINDING) || defined(PSS_PADDING) + ret = wc_RsaSetRNG(&key, &rng); + CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); +#endif + + + /* Generate 2048-bit RSA key*/ + ret = wc_MakeRsaKey(&key, 2048, e, &rng); + CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); + +#ifdef PSS_PADDING + sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ + , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); + +#else /* PKCS#1.5 */ + sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ + &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); + +#endif + + +finish: + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + if (pRng != NULL) + wc_FreeRng(pRng); +#if defined(DEBUG_MEMORY) + printf("Memory usage : sign() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int verify_nonblock(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + int ret = 0; + + + + /* Verify the signature by decrypting the value with non-blocking mode. */ + if (ret == 0){ + ret = wc_RsaSetNonBlock(&key, &nb_ctx); + if (ret != 0) + return ret; + + blk_count = 0; + total_blk_time = 0; + + pre_returned_t = current_time(1); + do { + + #ifdef PSS_PADDING + decSigLen = wc_RsaPSS_Verify(signature, sizeof(signature), + decSig, sizeof(decSig),WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + + #else /* PKCS#1.5 */ + decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), + decSig, sizeof(decSig), &key); + #endif + + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (decSigLen == FP_WOULDBLOCK); + } + + /* Verification check */ + #ifdef PSS_PADDING + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Verify()"); + + ret = wc_RsaPSS_CheckPadding(hash, sizeof(hash), decSig, decSigLen, WC_HASH_TYPE_SHA256); + CHECK_RET(ret, 0, finish, "Verification Check RSA-PSS"); + + #else + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + + #endif + +finish: + if (pKey != NULL) + wc_FreeRsaKey(pKey); + +#ifdef DEBUG_MEMORY + printf("\n"); + printf("Memory usage : verify_nonblock() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + + return ret; +} + + + +int main(){ + int ret = 0; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)sign); +#else + ret = sign(); +#endif + +/* Check the return value of sign() */ + if(ret != 0) + return ret; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)verify_nonblock); +#else + ret = verify_nonblock(); + +#endif + if (ret == 0){ + printf("\nNon-blocking:\n"); + printf("Total time : %.2f micro sec, Blocking count: %d \n",\ + 1000*1000*total_blk_time, blk_count); + printf("Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + } + return ret; +} diff --git a/embedded/signature/rsa_sign_verify/sign.c b/embedded/signature/rsa_sign_verify/sign.c new file mode 100644 index 000000000..3a2d37274 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/sign.c @@ -0,0 +1,178 @@ +/* sign.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file shows how to sign a message with an RSA private key. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * The output of this program can be used with "verify.c". + */ + +// #include +#include "user_settings.h" +#include + +#include +#include +#include +#include + +#include "rsa_priv_2048.h" + + +/* Signature size is the length of the modulus of the RSA key */ +#define SIG_SZ (2048 / 8) +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Print out the buffer in C code. + * + * name [in] Name of the variable. + * data [in] Data to print out. + * len [in] Length of the data. + */ +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + +/* Main entry point. + * Signs the message passed in as the first command line argument. + * + * argc [in] Count of command line arguments. + * argv [in] Command line argument vector. + * Returns 0 on success and 1 otherwise. + */ +int main(int argc, char* argv[]) +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; +#ifdef WC_RSA_BLINDING + WC_RNG rng; + WC_RNG* pRng = NULL; +#endif + word32 idx; + unsigned char* msg; + word32 msgLen; + unsigned char signature[SIG_SZ]; + word32 sigLen; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen; + + /* Get the message to sign from the command line */ + if (argc != 2) { + fprintf(stderr, "Message to sign required\n"); + ret = -1; + } + else { + msg = (unsigned char*)argv[1]; + msgLen = strlen(argv[1]); + } + + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, msgLen); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize RSA key and random (if required) */ + if (ret == 0) { + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) + pRsaKey = &rsaKey; + } +#ifdef WC_RSA_BLINDING + if (ret == 0) + ret = wc_InitRng(&rng); +#endif + /* Load DER encoded RSA private key from buffer */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + pRng = &rng; +#endif + idx = 0; + ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, + sizeof(private_key_2048)); + } + + /* Sign encoded digest */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, pRng); +#else + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, NULL); +#endif + if (ret >= 0) { + sigLen = ret; + ret = 0; + } + } + + if (ret == 0) { + /* Display message as a buffer */ + print_buffer("msg", msg, msgLen); + printf("\n"); + /* Display binary signature as a buffer */ + print_buffer("rsa_sig_2048", signature, sigLen); + } + + /* Free data structures */ +#ifdef WC_RSA_BLINDING + if (pRng != NULL) + wc_FreeRng(pRng); +#endif + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + + return ret == 0 ? 0 : 1; +} + diff --git a/embedded/signature/rsa_sign_verify/sign_vfy.sh b/embedded/signature/rsa_sign_verify/sign_vfy.sh new file mode 100755 index 000000000..0ad83d54c --- /dev/null +++ b/embedded/signature/rsa_sign_verify/sign_vfy.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +make clean + +make sign +./sign "This is the message" > signature.h +make verify +./verify + + diff --git a/embedded/signature/rsa_sign_verify/signature.h b/embedded/signature/rsa_sign_verify/signature.h new file mode 100644 index 000000000..e0b34c8c9 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/signature.h @@ -0,0 +1,40 @@ +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; diff --git a/embedded/signature/rsa_sign_verify/user_settings.h b/embedded/signature/rsa_sign_verify/user_settings.h new file mode 100644 index 000000000..66e4e1de6 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/user_settings.h @@ -0,0 +1,93 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define WOLFSSL_KEY_GEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif + +// #define PSS_PADDING +#ifdef PSS_PADDING + #define WC_RSA_PSS + #define WC_RSA_BLINDING +#endif + +/* Non-blocking */ +#if defined(NONBLOCK) + #define WC_RSA_NONBLOCK + #define TFM_TIMING_RESISTANT + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC + #undef BENCHMARK +#endif /* NONBLOCK */ diff --git a/embedded/signature/rsa_sign_verify/verify.c b/embedded/signature/rsa_sign_verify/verify.c new file mode 100644 index 000000000..3ccab5eed --- /dev/null +++ b/embedded/signature/rsa_sign_verify/verify.c @@ -0,0 +1,179 @@ +/* verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of verifying an RSA signature. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * "signature.h", used by this program, can be generated using "sign.c". + */ + +#include +#include +#include +#include +#include +#include + +#include "rsa_pub_2048.h" +#include "signature.h" +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + word32 idx; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen = 0; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + +/* Variables for benchmark */ +#ifdef BENCHMARK + double start, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 3 +#endif + int count; +#endif + + + + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + idx = 0; + ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, + sizeof(public_key_2048)); + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0); + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified!\n"); +#endif + + +finish: + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + return verify(); +#endif +} diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index ae67065ed..d1a116c55 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -1,3 +1,4 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os @@ -64,7 +65,7 @@ endif all: verify bench mem verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread mem: clean $(OBJ) diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index bbab06bf7..1888419a1 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -1,6 +1,6 @@ /* verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_vfy_only_nonblock/Makefile b/embedded/signature/rsa_vfy_only_nonblock/Makefile new file mode 100644 index 000000000..be6f72e40 --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/Makefile @@ -0,0 +1,58 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean size mem + + +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) + + +all: verify_nonblock mem + +verify_nonblock: clean $(OBJ) + $(CC) $(CFLAGS) -o verify_nonblock verify_nonblock.c $(OBJ) -lpthread + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem_nonblock verify_nonblock.c $(OBJ) -lpthread +clean: + rm -f verify_nonblock verify_mem_nonblock $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) verify diff --git a/embedded/signature/rsa_vfy_only_nonblock/user_settings.h b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h new file mode 100644 index 000000000..37a345d05 --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h @@ -0,0 +1,87 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif /*SP_FLAG*/ + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + + +/* Non-blocking */ +#define NONBLOCK + +#if defined(NONBLOCK) + #define WC_RSA_NONBLOCK + #define TFM_TIMING_RESISTANT + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC + #undef BENCHMARK +#endif /* NONBLOCK */ diff --git a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c new file mode 100644 index 000000000..c675c7e6b --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c @@ -0,0 +1,257 @@ +/* verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include + +/* RSA public key to verify with. */ +static const unsigned char public_key_2048_n[] = { + 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, + 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, + 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, + 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, + 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, + 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, + 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, + 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, + 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, + 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, + 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, + 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, + 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, +}; + +static const unsigned long public_key_2048_e = 0x010001; + +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; + +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + + +/* ASN.1 encoding of digest algorithm before hash */ +#define ENC_ALG_SZ 19 + +/* verify entry point. + * + * Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + unsigned char encSig[ENC_ALG_SZ + WC_SHA256_DIGEST_SIZE] = { + 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, 0x00, + }; + + /* Variables for non-blocking RSA */ + + RsaNb nb_ctx; + double total_blk_time; + double pre_returned_t; /* previous recent returned time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ + double blocking_t; /* current blocking time */ + int blk_count; + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, encSig + ENC_ALG_SZ); + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + ret = mp_read_unsigned_bin(&rsaKey.n, public_key_2048_n, + sizeof(public_key_2048_n)); + } + if (ret == 0) + ret = mp_set_int(&rsaKey.e, public_key_2048_e); + + + /* Verify the signature by decrypting the value with non-blocking mode. */ + if (ret == 0){ + ret = wc_RsaSetNonBlock(&rsaKey, &nb_ctx); + if (ret != 0) + return ret; + + blk_count = 0; + total_blk_time = 0; + + pre_returned_t = current_time(1); + do { + + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (decSigLen == FP_WOULDBLOCK); + } + if ((int)decSigLen < 0) + ret = (int)decSigLen; + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && decSigLen != sizeof(encSig)) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, decSigLen) != 0) + ret = -1; + + + printf("Verified\n"); + + printf("Non-blocking:\n"); + printf(" Total time : %.2f micro sec, Bloking count: %d \n",1000*1000*total_blk_time, blk_count); + printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + + + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret == 0 ? 0 : 1; +} + +int main(){ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + return verify(); +#endif +} From f6a2790182c8e83c9f98db3da28c848dbe3569e8 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 4 Oct 2024 15:49:37 +0900 Subject: [PATCH 7/8] add wc_encrypt.o as target add Makefile to make all remove unnecessary files remove trailing spaces --- embedded/signature/Makefile | 20 ++ embedded/signature/README.md | 4 +- embedded/signature/ecc_sign_verify/Makefile | 7 +- .../ecc_sign_verify/ecc_sign_verify.c | 16 +- .../signature/ecc_sign_verify/user_settings.h | 2 +- embedded/signature/ecc_vfy_only/Makefile | 7 +- embedded/signature/ecc_vfy_only/ecc_verify.c | 22 +-- .../signature/ecc_vfy_only_nonblock/Makefile | 5 +- .../ecc_verify_nonblock.c | 34 ++-- .../{rsa_buffer => include}/rsa_priv_2048.h | 0 .../{rsa_buffer => include}/rsa_pub_2048.h | 0 embedded/signature/rsa_buffer/Makefile | 76 -------- embedded/signature/rsa_buffer/README.md | 93 --------- embedded/signature/rsa_buffer/sign.c | 178 ----------------- embedded/signature/rsa_buffer/sign_vfy.sh | 10 - embedded/signature/rsa_buffer/signature.h | 40 ---- embedded/signature/rsa_buffer/user_settings.h | 79 -------- embedded/signature/rsa_buffer/verify.c | 179 ------------------ embedded/signature/rsa_sign_verify/Makefile | 11 +- .../signature/rsa_sign_verify/rsa_priv_2048.h | 151 --------------- .../signature/rsa_sign_verify/rsa_pub_2048.h | 68 ------- .../rsa_sign_verify/rsa_sign_verify.c | 72 +++---- .../rsa_sign_verify_nonblock.c | 42 ++-- embedded/signature/rsa_sign_verify/sign.c | 178 ----------------- .../signature/rsa_sign_verify/sign_vfy.sh | 10 - .../signature/rsa_sign_verify/signature.h | 40 ---- .../signature/rsa_sign_verify/user_settings.h | 11 +- embedded/signature/rsa_sign_verify/verify.c | 179 ------------------ embedded/signature/rsa_vfy_only/Makefile | 9 +- .../signature/rsa_vfy_only_nonblock/Makefile | 1 + .../rsa_vfy_only_nonblock/verify_nonblock.c | 24 +-- 31 files changed, 160 insertions(+), 1408 deletions(-) create mode 100644 embedded/signature/Makefile rename embedded/signature/{rsa_buffer => include}/rsa_priv_2048.h (100%) rename embedded/signature/{rsa_buffer => include}/rsa_pub_2048.h (100%) delete mode 100644 embedded/signature/rsa_buffer/Makefile delete mode 100644 embedded/signature/rsa_buffer/README.md delete mode 100644 embedded/signature/rsa_buffer/sign.c delete mode 100755 embedded/signature/rsa_buffer/sign_vfy.sh delete mode 100644 embedded/signature/rsa_buffer/signature.h delete mode 100644 embedded/signature/rsa_buffer/user_settings.h delete mode 100644 embedded/signature/rsa_buffer/verify.c delete mode 100644 embedded/signature/rsa_sign_verify/rsa_priv_2048.h delete mode 100644 embedded/signature/rsa_sign_verify/rsa_pub_2048.h delete mode 100644 embedded/signature/rsa_sign_verify/sign.c delete mode 100755 embedded/signature/rsa_sign_verify/sign_vfy.sh delete mode 100644 embedded/signature/rsa_sign_verify/signature.h delete mode 100644 embedded/signature/rsa_sign_verify/verify.c diff --git a/embedded/signature/Makefile b/embedded/signature/Makefile new file mode 100644 index 000000000..ace1e14fb --- /dev/null +++ b/embedded/signature/Makefile @@ -0,0 +1,20 @@ +CC = gcc +#CC = clang +SRCROOT = . +ECCSRCDIRS := $(shell ls -d $(SRCROOT)/ecc_*) +RSASRCDIRS := $(shell ls -d $(SRCROOT)/rsa_*) + +all: ecc rsa + +ecc: + @for d in $(ECCSRCDIRS); do echo $$d ; $(MAKE) -C $$d CC=$(CC) ; done + +rsa: + @for d in $(RSASRCDIRS); do echo $$d ; $(MAKE) -C $$d CC=$(CC) ; done + +clean: FORCE + @for d in $(ECCSRCDIRS); do echo $$d ; $(MAKE) -C $$d clean; done + @for d in $(RSASRCDIRS); do echo $$d ; $(MAKE) -C $$d clean; done + +FORCE: +.PHONY: FORCE \ No newline at end of file diff --git a/embedded/signature/README.md b/embedded/signature/README.md index 1836f39d6..bae388843 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -5,10 +5,9 @@ This directory includes the following examples under the sub-directories.Each ha |Scheme|Directory|Description| |---|---|---| |RSA|rsa_sign_verify|sign/verify signature inline | -||rsa_buffer|sign/verify signature| ||rsa_vfy_only |verify signature| ||rsa_vfy_only_nonblock|verify signature with non-blocking| -|ECDSA|ecc_sign_verify/|sign msg and verify signature| +|ECDSA|ecc_sign_verify|sign msg and verify signature| ||ecc_vfy_only|verify Signature| ||ecc_vfy_only_nonblock|verify signature with non-blocking| @@ -27,7 +26,6 @@ $ make math= arch= |mem|Memory Track on heap and stack usage| |bench|Performance benchmark| - ## Math library |math|Description| |---|---| diff --git a/embedded/signature/ecc_sign_verify/Makefile b/embedded/signature/ecc_sign_verify/Makefile index 695219ec6..e1c3a431f 100644 --- a/embedded/signature/ecc_sign_verify/Makefile +++ b/embedded/signature/ecc_sign_verify/Makefile @@ -14,6 +14,7 @@ OBJ=\ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ @@ -38,7 +39,7 @@ OBJ_TFM := \ .PHONY: all clean mem size bench -ifeq ($(math) $(arch),sp x64) +ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) @@ -54,7 +55,7 @@ OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) -else +else CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif @@ -62,7 +63,7 @@ endif all : ecc_sign_verify bench mem ecc_sign_verify: clean $(OBJ) - $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread diff --git a/embedded/signature/ecc_sign_verify/ecc_sign_verify.c b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c index 561453c9b..31a090e08 100644 --- a/embedded/signature/ecc_sign_verify/ecc_sign_verify.c +++ b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c @@ -1,6 +1,6 @@ /* ecc_sign_verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -123,7 +123,7 @@ double start_time, total_time; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 1 #endif - int count; + int count; /* @@ -154,7 +154,7 @@ double start_time, total_time; } - + ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); @@ -164,7 +164,7 @@ double start_time, total_time; start_time = current_time(1); while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ -#endif +#endif ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); @@ -177,7 +177,7 @@ double start_time, total_time; hexdump(sig, maxSigSz, 16); #endif - ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), + ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, &key); @@ -185,10 +185,10 @@ double start_time, total_time; CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; maxSigSz = ECC_MAX_SIG_SIZE; -#ifdef BENCHMARK +#ifdef BENCHMARK count++; } - + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); #else @@ -243,7 +243,7 @@ int main(){ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)ecc_sign_verify); -#else +#else return ecc_sign_verify(); #endif } diff --git a/embedded/signature/ecc_sign_verify/user_settings.h b/embedded/signature/ecc_sign_verify/user_settings.h index 4264f7597..8ede6cac6 100644 --- a/embedded/signature/ecc_sign_verify/user_settings.h +++ b/embedded/signature/ecc_sign_verify/user_settings.h @@ -78,4 +78,4 @@ #ifdef BENCHMARK #undef DEBUG_MEMORY -#endif +#endif \ No newline at end of file diff --git a/embedded/signature/ecc_vfy_only/Makefile b/embedded/signature/ecc_vfy_only/Makefile index 850946795..083ab2610 100644 --- a/embedded/signature/ecc_vfy_only/Makefile +++ b/embedded/signature/ecc_vfy_only/Makefile @@ -14,6 +14,7 @@ OBJ=\ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ @@ -38,7 +39,7 @@ OBJ_TFM := \ .PHONY: all clean mem size bench -ifeq ($(math) $(arch),sp x64) +ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) @@ -54,7 +55,7 @@ OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) -else +else CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif @@ -66,7 +67,7 @@ ecc_verify: clean $(OBJ) $(CC) $(CFLAGS) -o ecc_verify ecc_verify.c $(OBJ) bench: clean $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o ecc_verify_bench ecc_verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_verify_bench ecc_verify.c $(OBJ) mem: clean $(OBJ) $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_verify_mem ecc_verify.c $(OBJ) -lpthread diff --git a/embedded/signature/ecc_vfy_only/ecc_verify.c b/embedded/signature/ecc_vfy_only/ecc_verify.c index 53e072a72..f8decd59e 100644 --- a/embedded/signature/ecc_vfy_only/ecc_verify.c +++ b/embedded/signature/ecc_vfy_only/ecc_verify.c @@ -1,6 +1,6 @@ /* ecc_verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -125,7 +125,7 @@ double start_time, total_time; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 1 #endif - int count; + int count; /* @@ -147,7 +147,7 @@ double start_time, total_time; #ifndef BENCHMARK printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); #endif - + ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); @@ -157,7 +157,7 @@ double start_time, total_time; start_time = current_time(1); while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ -#endif +#endif ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); @@ -171,19 +171,19 @@ double start_time, total_time; ret = wc_ecc_import_x963(pKeybuff, key_size, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); - - ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), &verified, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; maxSigSz = ECC_MAX_SIG_SIZE; -#ifdef BENCHMARK +#ifdef BENCHMARK count++; } - + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); #else @@ -221,7 +221,7 @@ int main(){ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)ecc_verify); -#else +#else return ecc_verify(); #endif } @@ -252,7 +252,7 @@ int idx_key(int keysize){ return 10; default: return -1; - } + } -} +} diff --git a/embedded/signature/ecc_vfy_only_nonblock/Makefile b/embedded/signature/ecc_vfy_only_nonblock/Makefile index 83529dde5..c2b93e3a0 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/Makefile +++ b/embedded/signature/ecc_vfy_only_nonblock/Makefile @@ -14,6 +14,7 @@ OBJ=\ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ @@ -37,7 +38,7 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -ifeq ($(math) $(arch),sp x64) +ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) @@ -53,7 +54,7 @@ OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) -else +else CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c index 8434b8431..c455d1af8 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c @@ -1,6 +1,6 @@ /* ecc_verify_nonblock.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -121,16 +121,16 @@ int do_sig_ver_test(int eccKeySz) #ifdef NONBLOCK ecc_nb_ctx_t nb_ctx; - double total_blk_time; + double total_blk_time; double pre_returned_t; /* previous recent returned time */ - double returned_t; /* most recent returned time */ - double max_t = -1.0; /* Maximum blocking time */ - double min_t = __DBL_MAX__; /* Minimum blocking time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ double blocking_t; /* current blocking time */ - int blk_count; - + int blk_count; + #endif - + /* @@ -152,7 +152,7 @@ int do_sig_ver_test(int eccKeySz) printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); - + ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); @@ -170,7 +170,7 @@ int do_sig_ver_test(int eccKeySz) ret = wc_ecc_import_x963(pKeybuff, key_size, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); - + #ifdef NONBLOCK ret = wc_ecc_set_nonblock(&key, &nb_ctx); @@ -180,8 +180,8 @@ int do_sig_ver_test(int eccKeySz) pre_returned_t = current_time(1); do { - - ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), &verified, &key); returned_t = current_time(0); blocking_t = returned_t - pre_returned_t; @@ -198,8 +198,8 @@ int do_sig_ver_test(int eccKeySz) blk_count++; } while (ret == FP_WOULDBLOCK); -#else - ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), +#else + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), &verified, &key); #endif /* NONBLOCK */ @@ -237,7 +237,7 @@ int main(){ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)ecc_verify); -#else +#else return ecc_verify(); #endif } @@ -268,7 +268,7 @@ int idx_key(int keysize){ return 10; default: return -1; - } + } -} +} diff --git a/embedded/signature/rsa_buffer/rsa_priv_2048.h b/embedded/signature/include/rsa_priv_2048.h similarity index 100% rename from embedded/signature/rsa_buffer/rsa_priv_2048.h rename to embedded/signature/include/rsa_priv_2048.h diff --git a/embedded/signature/rsa_buffer/rsa_pub_2048.h b/embedded/signature/include/rsa_pub_2048.h similarity index 100% rename from embedded/signature/rsa_buffer/rsa_pub_2048.h rename to embedded/signature/include/rsa_pub_2048.h diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile deleted file mode 100644 index 0e30e51e2..000000000 --- a/embedded/signature/rsa_buffer/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -# The path to the wolfssl directory must be set correctly for your environment. -WOLFROOT = ../../../../wolfssl -CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os -ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) - -OBJ = \ - $(WOLFROOT)/wolfcrypt/src/rsa.o\ - $(WOLFROOT)/wolfcrypt/src/sha256.o\ - $(WOLFROOT)/wolfcrypt/src/hash.o\ - $(WOLFROOT)/wolfcrypt/src/random.o\ - $(WOLFROOT)/wolfcrypt/src/asn.o\ - $(WOLFROOT)/wolfcrypt/src/wc_port.o\ - $(WOLFROOT)/wolfcrypt/src/coding.o\ - $(WOLFROOT)/wolfcrypt/src/memory.o\ - -OBJ_SP_C32 := \ - $(WOLFROOT)/wolfcrypt/src/sp_int.o\ - $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ - -OBJ_SP_C64 := \ - $(WOLFROOT)/wolfcrypt/src/sp_int.o\ - $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ - -OBJ_SP_ARM64 := \ - $(WOLFROOT)/wolfcrypt/src/sp_int.o\ - $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ - - -OBJ_SP_X86_64 := \ - $(WOLFROOT)/wolfcrypt/src/sp_int.o\ - $(WOLFROOT)/wolfcrypt/src/cpuid.o\ - $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ - $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ - -OBJ_TFM := \ - $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ - $(WOLFROOT)/wolfcrypt/src/tfm.o\ - - -.PHONY: all clean size mem bench - -ifeq ($(math) $(arch),sp x64) -ASFLAGS+= -DSP_X86_64_FLAG -CFLAGS += -DSP_X86_64_FLAG -OBJ += $(OBJ_SP_X86_64) -else ifeq ($(math) $(arch),sp arm64) -CFLAGS += -DSP_ARM64_FLAG -OBJ += $(OBJ_SP_ARM64) -else ifeq ($(math) $(arch),sp c64) -CFLAGS += -DSP_C64_FLAG -OBJ += $(OBJ_SP_C64) -else ifeq ($(math) $(arch),sp c32) -CFLAGS += -DSP_C32_FLAG -OBJ += $(OBJ_SP_C32) -else ifeq ($(math), tfm) -CFLAGS += -DTFM_FLAG -OBJ += $(OBJ_TFM) -else -CFLAGS += -DSP_C64_FLAG -OBJ += $(OBJ_SP_C64) -endif - -all: verify sign bench mem - -verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -sign: clean $(OBJ) - $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -bench: clean $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread -mem: clean $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) -lpthread -clean: - rm -f sign verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o -size : - size $(OBJ) sign verify diff --git a/embedded/signature/rsa_buffer/README.md b/embedded/signature/rsa_buffer/README.md deleted file mode 100644 index c4523ccc9..000000000 --- a/embedded/signature/rsa_buffer/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# RSA Signature Test Example - -Demonstrates using a hash digest to sign and verify a signature using RSA - -First, set the path to wolfssl directory to variable WOLFROOT in Makefile. - -## Building - -### Build example - -``` -make -``` - -### Usage -``` -./verify -``` - -``` -./sign -``` - -# Signature verification Benchmark - -You can generate benchmark program to compare the speed of signature verification between TFM and SP -### SP -Faster math library - -If you build for x86_64 system: -``` -make bench math=sp arch=x64 -``` -else if Aarch64 system: -``` -make bench math=sp arch=arm64 -``` -then a benchmark program is generated. -### TFM - -``` -make bench math=tfm -``` -NOTE: When using TFM, No Architecture specification is required. -## Example Output -- built with the option `math=sp arch=arm64` -``` -./verify_bench ---------------------------------------------------------------- -Enabled WOLFSSL_SP_ARM64 ---------------------------------------------------------------- -Running benchmark... -Please Wait 3.00 seconds -Takes 3.00 Sec for 236782 times, 78927.31 Cycles/sec -Finished Benchmark -``` - - -- built with the option `math=tfm` -``` -./verify_bench ---------------------------------------------------------------- -Enabled TFM ---------------------------------------------------------------- -Running benchmark... -Please Wait 3.00 seconds -Takes 3.00 Sec for 76860 times, 25619.98 Cycles/sec -Finished Benchmark -``` - -# Tracking memory -To see a stack and heap memory usage - -``` -make mem -``` -## Example Output -``` -./verify_mem -Verified -total Allocs = 0 -total Deallocs = 0 -total Bytes = 0 -peak Bytes = 0 -current Bytes = 0 -stack used = 12392 -``` - - -Best wishes in all your testing! - -- The wolfSSL Team - diff --git a/embedded/signature/rsa_buffer/sign.c b/embedded/signature/rsa_buffer/sign.c deleted file mode 100644 index 3a2d37274..000000000 --- a/embedded/signature/rsa_buffer/sign.c +++ /dev/null @@ -1,178 +0,0 @@ -/* sign.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file shows how to sign a message with an RSA private key. - * The signature is PKCS#1.5 formatted. - * Key and data are held in buffers. - * The output of this program can be used with "verify.c". - */ - -// #include -#include "user_settings.h" -#include - -#include -#include -#include -#include - -#include "rsa_priv_2048.h" - - -/* Signature size is the length of the modulus of the RSA key */ -#define SIG_SZ (2048 / 8) -/* Maximum bound on digest algorithm encoding around digest */ -#define MAX_ENC_ALG_SZ 32 - -/* Print out the buffer in C code. - * - * name [in] Name of the variable. - * data [in] Data to print out. - * len [in] Length of the data. - */ -void print_buffer(char* name, unsigned char* data, word32 len) -{ - word32 i; - - printf("unsigned char %s[] = {\n", name); - for (i = 0; i < len; i++) { - if ((i % 8) == 0) - printf(" "); - printf(" 0x%02x,", data[i]); - if ((i % 8) == 7) - printf("\n"); - } - if ((i % 8) != 0) - printf("\n"); - printf("};\n"); - -} - -/* Main entry point. - * Signs the message passed in as the first command line argument. - * - * argc [in] Count of command line arguments. - * argv [in] Command line argument vector. - * Returns 0 on success and 1 otherwise. - */ -int main(int argc, char* argv[]) -{ - int ret = 0; - Sha256 sha256; - Sha256* pSha256 = NULL; - RsaKey rsaKey; - RsaKey* pRsaKey = NULL; -#ifdef WC_RSA_BLINDING - WC_RNG rng; - WC_RNG* pRng = NULL; -#endif - word32 idx; - unsigned char* msg; - word32 msgLen; - unsigned char signature[SIG_SZ]; - word32 sigLen; - unsigned char digest[WC_SHA256_DIGEST_SIZE]; - unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; - word32 encSigLen; - - /* Get the message to sign from the command line */ - if (argc != 2) { - fprintf(stderr, "Message to sign required\n"); - ret = -1; - } - else { - msg = (unsigned char*)argv[1]; - msgLen = strlen(argv[1]); - } - - /* Calculate SHA-256 digest of message */ - if (ret == 0) - ret = wc_InitSha256(&sha256); - if (ret == 0) { - pSha256 = &sha256; - ret = wc_Sha256Update(&sha256, msg, msgLen); - } - if (ret == 0) - ret = wc_Sha256Final(&sha256, digest); - - /* Encode digest with algorithm information as per PKCS#1.5 */ - if (ret == 0) { - encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); - if ((int)encSigLen < 0) - ret = (int)encSigLen; - } - - /* Initialize RSA key and random (if required) */ - if (ret == 0) { - ret = wc_InitRsaKey(&rsaKey, NULL); - if (ret == 0) - pRsaKey = &rsaKey; - } -#ifdef WC_RSA_BLINDING - if (ret == 0) - ret = wc_InitRng(&rng); -#endif - /* Load DER encoded RSA private key from buffer */ - if (ret == 0) { -#ifdef WC_RSA_BLINDING - pRng = &rng; -#endif - idx = 0; - ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, - sizeof(private_key_2048)); - } - - /* Sign encoded digest */ - if (ret == 0) { -#ifdef WC_RSA_BLINDING - ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), - &rsaKey, pRng); -#else - ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), - &rsaKey, NULL); -#endif - if (ret >= 0) { - sigLen = ret; - ret = 0; - } - } - - if (ret == 0) { - /* Display message as a buffer */ - print_buffer("msg", msg, msgLen); - printf("\n"); - /* Display binary signature as a buffer */ - print_buffer("rsa_sig_2048", signature, sigLen); - } - - /* Free data structures */ -#ifdef WC_RSA_BLINDING - if (pRng != NULL) - wc_FreeRng(pRng); -#endif - if (pRsaKey != NULL) - wc_FreeRsaKey(pRsaKey); - if (pSha256 != NULL) - wc_Sha256Free(pSha256); - - return ret == 0 ? 0 : 1; -} - diff --git a/embedded/signature/rsa_buffer/sign_vfy.sh b/embedded/signature/rsa_buffer/sign_vfy.sh deleted file mode 100755 index 0ad83d54c..000000000 --- a/embedded/signature/rsa_buffer/sign_vfy.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -make clean - -make sign -./sign "This is the message" > signature.h -make verify -./verify - - diff --git a/embedded/signature/rsa_buffer/signature.h b/embedded/signature/rsa_buffer/signature.h deleted file mode 100644 index e0b34c8c9..000000000 --- a/embedded/signature/rsa_buffer/signature.h +++ /dev/null @@ -1,40 +0,0 @@ -unsigned char msg[] = { - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, -}; - -unsigned char rsa_sig_2048[] = { - 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, - 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, - 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, - 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, - 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, - 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, - 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, - 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, - 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, - 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, - 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, - 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, - 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, - 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, - 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, - 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, - 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, - 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, - 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, - 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, - 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, - 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, - 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, - 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, - 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, - 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, - 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, - 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, - 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, - 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, - 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, - 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, -}; diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h deleted file mode 100644 index df714dd8d..000000000 --- a/embedded/signature/rsa_buffer/user_settings.h +++ /dev/null @@ -1,79 +0,0 @@ -#define WOLFCRYPT_ONLY -#define NO_SIG_WRAPPER -#define WOLFSSL_PUBLIC_MP - -/* hash */ -#define NO_MD4 -#define NO_MD5 -#define NO_SHA - -/* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE -#define WC_NO_RSA_OAEP -#define WC_NO_RSA_PSS -#define WC_NO_HARDEN - -/* sp_int */ -#define NO_DH -#define NO_DSA -#define NO_DES3 -#define NO_AES - -/* asn */ -#define NO_ASN_TIME -#define IGNORE_NAME_CONSTRAINTS -#define WOLFSSL_NO_ASN_STRICT - - -#ifdef DEBUG_MEMORY - #define WOLFSSL_TRACK_MEMORY - #define HAVE_STACK_SIZE - // #define WOLFSSL_DEBUG_MEMORY - // #define WOLFSSL_DEBUG_MEMORY_PRINT -#endif - - -#ifdef SP_C32_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH_ALL - #undef USE_FAST_MATH -#endif - -#ifdef SP_C64_FLAG - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH_ALL - #define SP_WORD_SIZE 64 - #define HAVE___UINT128_T - #undef USE_FAST_MATH - -#endif - -#ifdef SP_ARM64_FLAG - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH_ALL - #define WOLFSSL_SP_ARM64 - #define WOLFSSL_SP_ARM64_ASM -#endif /*SP_ARM64_FLAG*/ - - -#ifdef SP_X86_64_FLAG - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH_ALL - #define WOLFSSL_SP_X86_64 - #define WOLFSSL_SP_X86_64_ASM -#endif /*SP_X86_64_FLAG*/ - -#ifdef TFM_FLAG - #define USE_FAST_MATH - #undef WOLFSSL_HAVE_SP_RSA - #undef WOLFSSL_SP_ARM64 - #undef WOLFSSL_SP_ARM64_ASM - #undef WOLFSSL_SP_X86_64 - #undef WOLFSSL_SP_X86_64_ASM -#endif /* TFM_FLAG*/ - -#ifdef BENCHMARK - #undef DEBUG_MEMORY -#endif - - diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c deleted file mode 100644 index 3ccab5eed..000000000 --- a/embedded/signature/rsa_buffer/verify.c +++ /dev/null @@ -1,179 +0,0 @@ -/* verify.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file is an example of verifying an RSA signature. - * The signature is PKCS#1.5 formatted. - * Key and data are held in buffers. - * "signature.h", used by this program, can be generated using "sign.c". - */ - -#include -#include -#include -#include -#include -#include - -#include "rsa_pub_2048.h" -#include "signature.h" -#include - -/* Maximum bound on digest algorithm encoding around digest */ -#define MAX_ENC_ALG_SZ 32 - -/* Verifies the signature with the message and RSA public key. - * Returns 0 on success and 1 otherwise. - */ -int verify() -{ - int ret = 0; - Sha256 sha256; - Sha256* pSha256 = NULL; - RsaKey rsaKey; - RsaKey* pRsaKey = NULL; - word32 idx; - unsigned char digest[WC_SHA256_DIGEST_SIZE]; - unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; - word32 encSigLen = 0; - unsigned char decSig[sizeof(rsa_sig_2048)]; - word32 decSigLen = 0; - -/* Variables for benchmark */ -#ifdef BENCHMARK - double start, total_time; -#ifndef BENCH_TIME_SEC - #define BENCH_TIME_SEC 3 -#endif - int count; -#endif - - - - -#ifdef DEBUG_MEMORY - wolfCrypt_Init(); - InitMemoryTracker(); -#endif - /* Calculate SHA-256 digest of message */ - if (ret == 0) - ret = wc_InitSha256(&sha256); - if (ret == 0) { - pSha256 = &sha256; - ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); - } - if (ret == 0) - ret = wc_Sha256Final(&sha256, digest); - - /* Encode digest with algorithm information as per PKCS#1.5 */ - if (ret == 0) { - encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); - if ((int)encSigLen < 0) - ret = (int)encSigLen; - } - - /* Initialize the RSA key and decode the DER encoded public key. */ - if (ret == 0) - ret = wc_InitRsaKey(&rsaKey, NULL); - if (ret == 0) { - pRsaKey = &rsaKey; - - idx = 0; - ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, - sizeof(public_key_2048)); - } - -#ifdef BENCHMARK - count = 0; - printf("Running benchmark...\n"); - printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); - start = current_time(0); - while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ -#endif - - /* Verify the signature by decrypting the value. */ - if (ret == 0) { - decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), - decSig, sizeof(decSig), &rsaKey); - if ((int)decSigLen < 0) - ret = (int)decSigLen; - } - - /* Check the decrypted result matches the encoded digest. */ - if (ret == 0 && encSigLen != decSigLen) - ret = -1; - if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) - ret = -1; - - if(ret != 0){ - printf("Invalid Signature!\n"); - goto finish; - } - -#ifdef BENCHMARK - count++; - } - - printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); - printf("Finished Benchmark \n"); -#else - printf("Verified!\n"); -#endif - - -finish: - /* Free the data structures */ - if (pRsaKey != NULL) - wc_FreeRsaKey(pRsaKey); - if (pSha256 != NULL) - wc_Sha256Free(pSha256); - -#ifdef DEBUG_MEMORY - ShowMemoryTracker(); - CleanupMemoryTracker(); - wolfCrypt_Cleanup(); -#endif - return ret; -} - -int main(){ -#ifdef BENCHMARK - printf("---------------------------------------------------------------\n"); -#if defined(SP_C64_FLAG) - printf("Enabled 64-bit SP \n"); -#elif defined(SP_C32_FLAG) - printf("Enabled 32-bit SP \n"); -#elif defined(SP_X86_64_FLAG) - printf("Enabled SP for x86_64\n"); -#elif defined(SP_ARM64_FLAG) - printf("Enabled SP for Arm64\n"); -#elif defined(TFM_FLAG) - printf("Enabled TFM \n"); -#endif - printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK */ - -#ifdef DEBUG_MEMORY - return StackSizeCheck(NULL, (thread_func)verify); -#else - - return verify(); -#endif -} diff --git a/embedded/signature/rsa_sign_verify/Makefile b/embedded/signature/rsa_sign_verify/Makefile index 221279fd8..ae598d3ba 100644 --- a/embedded/signature/rsa_sign_verify/Makefile +++ b/embedded/signature/rsa_sign_verify/Makefile @@ -13,6 +13,7 @@ OBJ = \ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ @@ -39,7 +40,7 @@ OBJ_TFM := \ .PHONY: all clean size mem bench -ifeq ($(math) $(arch),sp x64) +ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) @@ -55,12 +56,12 @@ OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) -else +else CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif -all: rsa_sign_verify bench mem +all: rsa_sign_verify bench mem rsa_sign_verify: clean $(OBJ) $(CC) $(CFLAGS) -o rsa_sign_verify rsa_sign_verify.c $(OBJ) @@ -70,10 +71,10 @@ mem: clean $(OBJ) $(CC) $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_mem rsa_sign_verify.c $(OBJ) -lpthread nonblock: CFLAGS += -DNONBLOCK -nonblock: clean $(OBJ) +nonblock: clean $(OBJ) $(CC) -DNONBLOCK $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_nonblock rsa_sign_verify_nonblock.c $(OBJ) -lpthread clean: rm -f rsa_sign_verify rsa_sign_verify_bench rsa_sign_verify_mem rsa_sign_verify_nonblock $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) sign verify + size $(OBJ) sign verify diff --git a/embedded/signature/rsa_sign_verify/rsa_priv_2048.h b/embedded/signature/rsa_sign_verify/rsa_priv_2048.h deleted file mode 100644 index d859fd1c3..000000000 --- a/embedded/signature/rsa_sign_verify/rsa_priv_2048.h +++ /dev/null @@ -1,151 +0,0 @@ -/* rsa_priv_2048.h - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file contains an RSA 2048-bit private key. - * It is the private counterpart to "rsa_pub_2048.h" - */ - -/* RSA private key to sign with. - * Key is PKCS#1 formatted and DER encoded. - */ -static const unsigned char private_key_2048[] = { - 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, - 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, - 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, - 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, - 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, - 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, - 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, - 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, - 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, - 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, - 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, - 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, - 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, - 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, - 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, - 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, - 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, - 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, - 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, - 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, - 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, - 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, - 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, - 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, - 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, - 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, - 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, - 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, - 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, - 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, - 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, - 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, - 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, - 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, - 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, - 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, - 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, - 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, - 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, - 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, - 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, - 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, - 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, - 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, - 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, - 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, - 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, - 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, - 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, - 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, - 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, - 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, - 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, - 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, - 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, - 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, - 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, - 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, - 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, - 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, - 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, - 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, - 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, - 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, - 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, - 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, - 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, - 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, - 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, - 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, - 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, - 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, - 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, - 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, - 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, - 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, - 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, - 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, - 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, - 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, - 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, - 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, - 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, - 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, - 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, - 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, - 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, - 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, - 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, - 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, - 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, - 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, - 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, - 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, - 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, - 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, - 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, - 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, - 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, - 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, - 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, - 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, - 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, - 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, - 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, - 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, - 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, - 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, - 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, - 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, - 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, - 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, - 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, - 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, - 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, - 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, - 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, - 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, - 0xF5, 0xBF -}; - diff --git a/embedded/signature/rsa_sign_verify/rsa_pub_2048.h b/embedded/signature/rsa_sign_verify/rsa_pub_2048.h deleted file mode 100644 index 2df0fa670..000000000 --- a/embedded/signature/rsa_sign_verify/rsa_pub_2048.h +++ /dev/null @@ -1,68 +0,0 @@ -/* rsa_pub_2048.h - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file contains an RSA 2048-bit public key. - * It is the public counterpart to "rsa_priv_2048.h" - */ - -/* RSA public key to verify with. - * Key is PKCS#1 formatted and DER encoded. - */ -static const unsigned char public_key_2048[] = { - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, - 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, - 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, - 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, - 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, - 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, - 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, - 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, - 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, - 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, - 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, - 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, - 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, - 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, - 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, - 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, - 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, - 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, - 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, - 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, - 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, - 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, - 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, - 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, - 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, - 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, - 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, - 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, - 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, - 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, - 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, - 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, - 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, - 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 -}; - diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c index ef2f5fa38..c03c85300 100644 --- a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c @@ -1,6 +1,6 @@ /* rsa_sign_verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,16 @@ /* This file is an example of signing and verifying an RSA signature. * The signature can be PKCS#1.5 formatted and PSS formatted. - * + * * - PKCS#1.5 * 1. hash -> encSig - * 2. encSig -> signature + * 2. encSig -> signature * 3. signature -> decSig - * + * * - PSS - * 1. hash -> signature + * 1. hash -> signature * 2. signature -> decSig - * + * * PKCS#1.5 is used for the Signature by default. * To turning on PSS, define PSS_PADDING */ @@ -43,16 +43,16 @@ #include #include +#if !defined(WOLFSSL_KEY_GEN) +#include "../include/rsa_priv_2048.h" +#include "../include/rsa_pub_2048.h" +#endif /* Maximum bound on digest algorithm encoding around digest */ #define MAX_ENC_ALG_SZ 32 /* RSA Key size bits */ #define RSA_KEY_SIZE 2048 - - - - #define CHECK_RET(a, b, eLabel, msg) { \ if (a != b) { \ printf("failed %s\n", msg); \ @@ -83,6 +83,9 @@ int sign(){ #endif int ret = 0; +#if !defined(WOLFSSL_KEY_GEN) + word32 idx = 0; +#endif wc_Sha256 sha256; wc_Sha256* pSha256 = NULL; WC_RNG rng; @@ -98,7 +101,6 @@ int sign(){ ret = wc_Sha256Final(&sha256, hash); CHECK_RET(ret, 0, finish, "wc_Sha256Final()"); - /* Initialize the RSA key. */ ret = wc_InitRsaKey(&key, NULL); CHECK_RET(ret, 0, finish, "wc_InitRng()"); @@ -111,25 +113,32 @@ int sign(){ ret = wc_RsaSetRNG(&key, &rng); CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); #endif + +#if defined(WOLFSSL_KEY_GEN) /* Generate 2048-bit RSA key*/ ret = wc_MakeRsaKey(&key, RSA_KEY_SIZE, e, &rng); CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); - - /* Encode digest with algorithm information as per PKCS#1.5 */ - encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); - if ((int)encSigLen < 0) - ret = (int)encSigLen; - CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); +#else + /* private key import */ + ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &key, + sizeof(private_key_2048)); +#endif #ifdef PSS_PADDING - sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ - , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); + sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if ((int)sigLen < 0) ret = (int)sigLen; CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); #else /* PKCS#1.5 */ - sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ + /* Encode digest with algorithm information as per PKCS#1.5 */ + encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); + + sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sigBuffLen, &key, NULL); if ((int)sigLen < 0) ret = (int)sigLen; @@ -182,7 +191,7 @@ int verify(){ return -1; } -#ifdef BENCHMARK +#ifdef BENCHMARK count = 0; printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); @@ -191,15 +200,16 @@ int verify(){ #endif /* Verify the signature by decrypting the value. */ - + #ifdef PSS_PADDING decSigLen = wc_RsaPSS_VerifyCheck(signature, sizeof(signature), - decSig, sizeof(decSig), hash, sizeof(hash), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); - + decSig, sizeof(decSig), hash, sizeof(hash), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + if ((int)decSigLen < 0) ret = (int)decSigLen; CHECK_RET(ret, 0, finish, "wc_RsaPSS_VerifyCheck()"); - + #else /* PKCS#1.5 */ decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), decSig, sizeof(decSig), &key); @@ -220,11 +230,11 @@ int verify(){ #endif -#ifdef BENCHMARK +#ifdef BENCHMARK count++; } - - printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", + total_time, count, count/total_time); printf("Finished Benchmark \n"); #elif defined(DEBUG_MEMORY) @@ -248,8 +258,6 @@ int verify(){ return ret; } - - int main(){ int ret = 0; #ifdef BENCHMARK @@ -270,7 +278,7 @@ int main(){ #ifdef DEBUG_MEMORY ret = StackSizeCheck(NULL, (thread_func)sign); -#else +#else ret = sign(); #endif @@ -280,7 +288,7 @@ int main(){ #ifdef DEBUG_MEMORY ret = StackSizeCheck(NULL, (thread_func)verify); -#else +#else ret = verify(); #endif return ret; diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c index a458ef2b9..221708aae 100644 --- a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c @@ -1,6 +1,6 @@ /* rsa_sign_verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,16 @@ /* This file is an example of signing and verifying an RSA signature. * The signature can be PKCS#1.5 formatted and PSS formatted. - * + * * - PKCS#1.5 * 1. hash -> encSig - * 2. encSig -> signature + * 2. encSig -> signature * 3. signature -> decSig - * + * * - PSS - * 1. hash -> signature + * 1. hash -> signature * 2. signature -> decSig - * + * * PKCS#1.5 is used for the Signature by default. * To turning on PSS, define PSS_PADDING */ @@ -58,7 +58,7 @@ } #ifndef NONBLOCK - #define NONBLOCK + #define NONBLOCK #endif /* Variables to be used in both sign() and verify() */ @@ -77,11 +77,11 @@ RsaKey* pKey = NULL; /* Variables for non-blocking RSA */ RsaNb nb_ctx; -double total_blk_time; +double total_blk_time; double pre_returned_t; /* previous recent returned time */ -double returned_t; /* most recent returned time */ -double max_t = -1.0; /* Maximum blocking time */ -double min_t = __DBL_MAX__; /* Minimum blocking time */ +double returned_t; /* most recent returned time */ +double max_t = -1.0; /* Maximum blocking time */ +double min_t = __DBL_MAX__; /* Minimum blocking time */ double blocking_t; /* current blocking time */ int blk_count; @@ -122,7 +122,7 @@ int sign(){ CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); #endif - + /* Generate 2048-bit RSA key*/ ret = wc_MakeRsaKey(&key, 2048, e, &rng); CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); @@ -178,7 +178,7 @@ int verify_nonblock(){ /* Verify the signature by decrypting the value with non-blocking mode. */ if (ret == 0){ ret = wc_RsaSetNonBlock(&key, &nb_ctx); - if (ret != 0) + if (ret != 0) return ret; blk_count = 0; @@ -186,16 +186,16 @@ int verify_nonblock(){ pre_returned_t = current_time(1); do { - + #ifdef PSS_PADDING decSigLen = wc_RsaPSS_Verify(signature, sizeof(signature), decSig, sizeof(decSig),WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); - + #else /* PKCS#1.5 */ decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), decSig, sizeof(decSig), &key); #endif - + returned_t = current_time(0); blocking_t = returned_t - pre_returned_t; total_blk_time += blocking_t; @@ -211,7 +211,7 @@ int verify_nonblock(){ blk_count++; } while (decSigLen == FP_WOULDBLOCK); } - + /* Verification check */ #ifdef PSS_PADDING if ((int)decSigLen < 0) @@ -221,7 +221,7 @@ int verify_nonblock(){ ret = wc_RsaPSS_CheckPadding(hash, sizeof(hash), decSig, decSigLen, WC_HASH_TYPE_SHA256); CHECK_RET(ret, 0, finish, "Verification Check RSA-PSS"); - #else + #else if ((int)decSigLen < 0) ret = (int)decSigLen; CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); @@ -249,7 +249,7 @@ int verify_nonblock(){ ShowMemoryTracker(); CleanupMemoryTracker(); wolfCrypt_Cleanup(); -#endif +#endif return ret; } @@ -261,7 +261,7 @@ int main(){ #ifdef DEBUG_MEMORY ret = StackSizeCheck(NULL, (thread_func)sign); -#else +#else ret = sign(); #endif @@ -271,7 +271,7 @@ int main(){ #ifdef DEBUG_MEMORY ret = StackSizeCheck(NULL, (thread_func)verify_nonblock); -#else +#else ret = verify_nonblock(); #endif diff --git a/embedded/signature/rsa_sign_verify/sign.c b/embedded/signature/rsa_sign_verify/sign.c deleted file mode 100644 index 3a2d37274..000000000 --- a/embedded/signature/rsa_sign_verify/sign.c +++ /dev/null @@ -1,178 +0,0 @@ -/* sign.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file shows how to sign a message with an RSA private key. - * The signature is PKCS#1.5 formatted. - * Key and data are held in buffers. - * The output of this program can be used with "verify.c". - */ - -// #include -#include "user_settings.h" -#include - -#include -#include -#include -#include - -#include "rsa_priv_2048.h" - - -/* Signature size is the length of the modulus of the RSA key */ -#define SIG_SZ (2048 / 8) -/* Maximum bound on digest algorithm encoding around digest */ -#define MAX_ENC_ALG_SZ 32 - -/* Print out the buffer in C code. - * - * name [in] Name of the variable. - * data [in] Data to print out. - * len [in] Length of the data. - */ -void print_buffer(char* name, unsigned char* data, word32 len) -{ - word32 i; - - printf("unsigned char %s[] = {\n", name); - for (i = 0; i < len; i++) { - if ((i % 8) == 0) - printf(" "); - printf(" 0x%02x,", data[i]); - if ((i % 8) == 7) - printf("\n"); - } - if ((i % 8) != 0) - printf("\n"); - printf("};\n"); - -} - -/* Main entry point. - * Signs the message passed in as the first command line argument. - * - * argc [in] Count of command line arguments. - * argv [in] Command line argument vector. - * Returns 0 on success and 1 otherwise. - */ -int main(int argc, char* argv[]) -{ - int ret = 0; - Sha256 sha256; - Sha256* pSha256 = NULL; - RsaKey rsaKey; - RsaKey* pRsaKey = NULL; -#ifdef WC_RSA_BLINDING - WC_RNG rng; - WC_RNG* pRng = NULL; -#endif - word32 idx; - unsigned char* msg; - word32 msgLen; - unsigned char signature[SIG_SZ]; - word32 sigLen; - unsigned char digest[WC_SHA256_DIGEST_SIZE]; - unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; - word32 encSigLen; - - /* Get the message to sign from the command line */ - if (argc != 2) { - fprintf(stderr, "Message to sign required\n"); - ret = -1; - } - else { - msg = (unsigned char*)argv[1]; - msgLen = strlen(argv[1]); - } - - /* Calculate SHA-256 digest of message */ - if (ret == 0) - ret = wc_InitSha256(&sha256); - if (ret == 0) { - pSha256 = &sha256; - ret = wc_Sha256Update(&sha256, msg, msgLen); - } - if (ret == 0) - ret = wc_Sha256Final(&sha256, digest); - - /* Encode digest with algorithm information as per PKCS#1.5 */ - if (ret == 0) { - encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); - if ((int)encSigLen < 0) - ret = (int)encSigLen; - } - - /* Initialize RSA key and random (if required) */ - if (ret == 0) { - ret = wc_InitRsaKey(&rsaKey, NULL); - if (ret == 0) - pRsaKey = &rsaKey; - } -#ifdef WC_RSA_BLINDING - if (ret == 0) - ret = wc_InitRng(&rng); -#endif - /* Load DER encoded RSA private key from buffer */ - if (ret == 0) { -#ifdef WC_RSA_BLINDING - pRng = &rng; -#endif - idx = 0; - ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, - sizeof(private_key_2048)); - } - - /* Sign encoded digest */ - if (ret == 0) { -#ifdef WC_RSA_BLINDING - ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), - &rsaKey, pRng); -#else - ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), - &rsaKey, NULL); -#endif - if (ret >= 0) { - sigLen = ret; - ret = 0; - } - } - - if (ret == 0) { - /* Display message as a buffer */ - print_buffer("msg", msg, msgLen); - printf("\n"); - /* Display binary signature as a buffer */ - print_buffer("rsa_sig_2048", signature, sigLen); - } - - /* Free data structures */ -#ifdef WC_RSA_BLINDING - if (pRng != NULL) - wc_FreeRng(pRng); -#endif - if (pRsaKey != NULL) - wc_FreeRsaKey(pRsaKey); - if (pSha256 != NULL) - wc_Sha256Free(pSha256); - - return ret == 0 ? 0 : 1; -} - diff --git a/embedded/signature/rsa_sign_verify/sign_vfy.sh b/embedded/signature/rsa_sign_verify/sign_vfy.sh deleted file mode 100755 index 0ad83d54c..000000000 --- a/embedded/signature/rsa_sign_verify/sign_vfy.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -make clean - -make sign -./sign "This is the message" > signature.h -make verify -./verify - - diff --git a/embedded/signature/rsa_sign_verify/signature.h b/embedded/signature/rsa_sign_verify/signature.h deleted file mode 100644 index e0b34c8c9..000000000 --- a/embedded/signature/rsa_sign_verify/signature.h +++ /dev/null @@ -1,40 +0,0 @@ -unsigned char msg[] = { - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, -}; - -unsigned char rsa_sig_2048[] = { - 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, - 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, - 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, - 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, - 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, - 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, - 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, - 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, - 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, - 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, - 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, - 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, - 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, - 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, - 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, - 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, - 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, - 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, - 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, - 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, - 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, - 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, - 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, - 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, - 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, - 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, - 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, - 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, - 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, - 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, - 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, - 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, -}; diff --git a/embedded/signature/rsa_sign_verify/user_settings.h b/embedded/signature/rsa_sign_verify/user_settings.h index 66e4e1de6..8fee44660 100644 --- a/embedded/signature/rsa_sign_verify/user_settings.h +++ b/embedded/signature/rsa_sign_verify/user_settings.h @@ -11,7 +11,7 @@ #define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_HARDEN -#define WOLFSSL_KEY_GEN +/* #define WOLFSSL_KEY_GEN */ /* sp_int */ #define NO_DH @@ -22,7 +22,7 @@ /* asn */ #define NO_ASN_TIME #define IGNORE_NAME_CONSTRAINTS -#define WOLFSSL_NO_ASN_STRICT +#define WOLFSSL_NO_ASN_STRICT #ifdef DEBUG_MEMORY @@ -33,11 +33,11 @@ #endif -#ifdef SP_C32_FLAG +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_SP_MATH_ALL #undef USE_FAST_MATH -#endif +#endif #ifdef SP_C64_FLAG #define WOLFSSL_HAVE_SP_RSA @@ -76,7 +76,7 @@ #undef DEBUG_MEMORY #endif -// #define PSS_PADDING +#define PSS_PADDING #ifdef PSS_PADDING #define WC_RSA_PSS #define WC_RSA_BLINDING @@ -91,3 +91,4 @@ #define WOLFSSL_SP_NO_MALLOC #undef BENCHMARK #endif /* NONBLOCK */ + diff --git a/embedded/signature/rsa_sign_verify/verify.c b/embedded/signature/rsa_sign_verify/verify.c deleted file mode 100644 index 3ccab5eed..000000000 --- a/embedded/signature/rsa_sign_verify/verify.c +++ /dev/null @@ -1,179 +0,0 @@ -/* verify.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* This file is an example of verifying an RSA signature. - * The signature is PKCS#1.5 formatted. - * Key and data are held in buffers. - * "signature.h", used by this program, can be generated using "sign.c". - */ - -#include -#include -#include -#include -#include -#include - -#include "rsa_pub_2048.h" -#include "signature.h" -#include - -/* Maximum bound on digest algorithm encoding around digest */ -#define MAX_ENC_ALG_SZ 32 - -/* Verifies the signature with the message and RSA public key. - * Returns 0 on success and 1 otherwise. - */ -int verify() -{ - int ret = 0; - Sha256 sha256; - Sha256* pSha256 = NULL; - RsaKey rsaKey; - RsaKey* pRsaKey = NULL; - word32 idx; - unsigned char digest[WC_SHA256_DIGEST_SIZE]; - unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; - word32 encSigLen = 0; - unsigned char decSig[sizeof(rsa_sig_2048)]; - word32 decSigLen = 0; - -/* Variables for benchmark */ -#ifdef BENCHMARK - double start, total_time; -#ifndef BENCH_TIME_SEC - #define BENCH_TIME_SEC 3 -#endif - int count; -#endif - - - - -#ifdef DEBUG_MEMORY - wolfCrypt_Init(); - InitMemoryTracker(); -#endif - /* Calculate SHA-256 digest of message */ - if (ret == 0) - ret = wc_InitSha256(&sha256); - if (ret == 0) { - pSha256 = &sha256; - ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); - } - if (ret == 0) - ret = wc_Sha256Final(&sha256, digest); - - /* Encode digest with algorithm information as per PKCS#1.5 */ - if (ret == 0) { - encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); - if ((int)encSigLen < 0) - ret = (int)encSigLen; - } - - /* Initialize the RSA key and decode the DER encoded public key. */ - if (ret == 0) - ret = wc_InitRsaKey(&rsaKey, NULL); - if (ret == 0) { - pRsaKey = &rsaKey; - - idx = 0; - ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, - sizeof(public_key_2048)); - } - -#ifdef BENCHMARK - count = 0; - printf("Running benchmark...\n"); - printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); - start = current_time(0); - while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ -#endif - - /* Verify the signature by decrypting the value. */ - if (ret == 0) { - decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), - decSig, sizeof(decSig), &rsaKey); - if ((int)decSigLen < 0) - ret = (int)decSigLen; - } - - /* Check the decrypted result matches the encoded digest. */ - if (ret == 0 && encSigLen != decSigLen) - ret = -1; - if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) - ret = -1; - - if(ret != 0){ - printf("Invalid Signature!\n"); - goto finish; - } - -#ifdef BENCHMARK - count++; - } - - printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); - printf("Finished Benchmark \n"); -#else - printf("Verified!\n"); -#endif - - -finish: - /* Free the data structures */ - if (pRsaKey != NULL) - wc_FreeRsaKey(pRsaKey); - if (pSha256 != NULL) - wc_Sha256Free(pSha256); - -#ifdef DEBUG_MEMORY - ShowMemoryTracker(); - CleanupMemoryTracker(); - wolfCrypt_Cleanup(); -#endif - return ret; -} - -int main(){ -#ifdef BENCHMARK - printf("---------------------------------------------------------------\n"); -#if defined(SP_C64_FLAG) - printf("Enabled 64-bit SP \n"); -#elif defined(SP_C32_FLAG) - printf("Enabled 32-bit SP \n"); -#elif defined(SP_X86_64_FLAG) - printf("Enabled SP for x86_64\n"); -#elif defined(SP_ARM64_FLAG) - printf("Enabled SP for Arm64\n"); -#elif defined(TFM_FLAG) - printf("Enabled TFM \n"); -#endif - printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK */ - -#ifdef DEBUG_MEMORY - return StackSizeCheck(NULL, (thread_func)verify); -#else - - return verify(); -#endif -} diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index d1a116c55..9224c4ad2 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -13,6 +13,7 @@ OBJ = \ $(WOLFROOT)/wolfcrypt/src/wc_port.o\ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ @@ -38,10 +39,10 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean size bench mem +.PHONY: all clean size bench mem -ifeq ($(math) $(arch),sp x64) +ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) @@ -57,7 +58,7 @@ OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) -else +else CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif @@ -65,7 +66,7 @@ endif all: verify bench mem verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread mem: clean $(OBJ) diff --git a/embedded/signature/rsa_vfy_only_nonblock/Makefile b/embedded/signature/rsa_vfy_only_nonblock/Makefile index be6f72e40..fb8aace42 100644 --- a/embedded/signature/rsa_vfy_only_nonblock/Makefile +++ b/embedded/signature/rsa_vfy_only_nonblock/Makefile @@ -13,6 +13,7 @@ OBJ = \ $(WOLFROOT)/wolfcrypt/src/wc_port.o\ $(WOLFROOT)/wolfcrypt/src/coding.o\ $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ diff --git a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c index c675c7e6b..75b0fcf78 100644 --- a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c +++ b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c @@ -1,6 +1,6 @@ /* verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -150,13 +150,13 @@ int verify() /* Variables for non-blocking RSA */ RsaNb nb_ctx; - double total_blk_time; + double total_blk_time; double pre_returned_t; /* previous recent returned time */ - double returned_t; /* most recent returned time */ - double max_t = -1.0; /* Maximum blocking time */ - double min_t = __DBL_MAX__; /* Minimum blocking time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ double blocking_t; /* current blocking time */ - int blk_count; + int blk_count; #ifdef DEBUG_MEMORY wolfCrypt_Init(); @@ -188,7 +188,7 @@ int verify() /* Verify the signature by decrypting the value with non-blocking mode. */ if (ret == 0){ ret = wc_RsaSetNonBlock(&rsaKey, &nb_ctx); - if (ret != 0) + if (ret != 0) return ret; blk_count = 0; @@ -196,10 +196,10 @@ int verify() pre_returned_t = current_time(1); do { - + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), decSig, sizeof(decSig), &rsaKey); - + returned_t = current_time(0); blocking_t = returned_t - pre_returned_t; total_blk_time += blocking_t; @@ -226,7 +226,7 @@ int verify() printf("Verified\n"); - + printf("Non-blocking:\n"); printf(" Total time : %.2f micro sec, Bloking count: %d \n",1000*1000*total_blk_time, blk_count); printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ @@ -243,7 +243,7 @@ int verify() ShowMemoryTracker(); CleanupMemoryTracker(); wolfCrypt_Cleanup(); -#endif +#endif return ret == 0 ? 0 : 1; } @@ -251,7 +251,7 @@ int main(){ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); -#else +#else return verify(); #endif } From 51b3eff6c250e3079082d5a4d11b84b0a13dee09 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 20 Aug 2025 06:25:07 +0900 Subject: [PATCH 8/8] addressed review comments add file header fix wc_RsaSSL_Verify --- embedded/signature/README.md | 13 ++-- .../ecc_sign_verify/ecc_sign_verify.c | 26 ++------ .../signature/ecc_sign_verify/user_settings.h | 1 - embedded/signature/ecc_vfy_only/ecc_verify.c | 39 +++-------- .../signature/ecc_vfy_only/user_settings.h | 1 - .../ecc_vfy_only_nonblock/ecc_pubKey.h | 22 ++++++- .../ecc_verify_nonblock.c | 39 ++--------- .../ecc_vfy_only_nonblock/signature.h | 20 ++++++ .../ecc_vfy_only_nonblock/user_settings.h | 1 - embedded/signature/include/rsa_priv_2048.h | 3 +- embedded/signature/include/rsa_pub_2048.h | 3 +- .../rsa_sign_verify/rsa_sign_verify.c | 64 ++++++++----------- .../rsa_sign_verify_nonblock.c | 44 ++++--------- .../signature/rsa_sign_verify/user_settings.h | 1 - .../signature/rsa_vfy_only/user_settings.h | 5 +- embedded/signature/rsa_vfy_only/verify.c | 25 ++++---- .../rsa_vfy_only_nonblock/user_settings.h | 5 +- .../rsa_vfy_only_nonblock/verify_nonblock.c | 20 +++--- 18 files changed, 136 insertions(+), 196 deletions(-) diff --git a/embedded/signature/README.md b/embedded/signature/README.md index bae388843..5099fd007 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -1,6 +1,6 @@ # Signature Examples for Embedded Systems ​ -This directory includes the following examples under the sub-directories.Each has a Makefile and source files to build and execute the example and a README to show how to build and Example output. +This directory includes the following examples. Each subdirectory has a Makefile, source files, and a README to show how to build the example, along with expected example output. ​ |Scheme|Directory|Description| |---|---|---| @@ -12,7 +12,8 @@ This directory includes the following examples under the sub-directories.Each ha ||ecc_vfy_only_nonblock|verify signature with non-blocking| -You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. +When building each example, you can specify arguments to control the build. Specify a target function to run either a simple example, benchmark, or memory tracking example. Specify an "arch" option to build optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default. And specify a "math" option to choose an underlying wolfCrypt math library to use, between Single Precision or TFM. + ``` $ make math= arch= @@ -30,7 +31,7 @@ $ make math= arch= |math|Description| |---|---| |Default|Generic architecture by pure C language source code| -|sp| SP for generic or specified archtecture| +|sp| SP for generic or specified architecture| |tfm|TFM for generic architecture| ## MCU Architectures NOTE: No architecture specification is required when using TFM. @@ -43,10 +44,10 @@ NOTE: No architecture specification is required when using TFM. |x64|SP for x86 64bit| -The Makefile is self-contained without libwolfssl. Put your wolfSSL source filesin parallel with wolfssl-examples directory. It is defined by WOLFROOT in Makefile.It compiles only needed files for the target. OBJ and OBJ_xxx macro in Makefiledefine object files for the common and specific target. -​ -Example programs are hard coded for a hash algorithm or signature scheme.Sha256 is for the hash by default. PKCS #1 v1.5 or ECDSA for the signature scheme.You can refer to the following API tables for modifying the examples for other algorithms or schemes. +Each Makefile is self-contained to statically link wolfCrypt source files (without using a shared libwolfssl.so). Put your wolfSSL source files in parallel with the wolfssl-examples directory. The location of the primary wolfSSL source directory is defined by WOLFROOT in each Makefile. Each build compiles only the needed files for the target. OBJ and OBJ_xxx macros in each Makefile define object files for the common and specific target. ​ +Example programs are hard coded to use a specific hash algorithm or signature scheme. Sha256 is used for the hash by default. PKCS#1 v1.5 or ECDSA is used for the signature scheme. You can refer to the following API tables for modifying the examples for other algorithms or schemes. + ## Table 1: Hash algorithms for PKCS#1 Signature |Algorithm|Src File|Macro SW
Enable|
Disable|Note| |---|---|---|---|---| diff --git a/embedded/signature/ecc_sign_verify/ecc_sign_verify.c b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c index 31a090e08..5108d17bc 100644 --- a/embedded/signature/ecc_sign_verify/ecc_sign_verify.c +++ b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c @@ -1,6 +1,6 @@ /* ecc_sign_verify.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -27,9 +27,7 @@ #include #include #include -#include - - +#include /* uncomment to show signatures */ /* #define SHOW_SIGS_IN_EXAMPLE */ @@ -91,7 +89,6 @@ int ecc_sign_verify(void) ret = do_sig_ver_test(ECC_KEY_SIZE_521); CHECK_RET(ret, 0, finished, "521 test"); - finished: #ifdef DEBUG_MEMORY printf("\n"); @@ -117,15 +114,12 @@ int do_sig_ver_test(int eccKeySz) WC_RNG rng; int verified = 0; - /* Variables for Benchmark */ double start_time, total_time; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 1 #endif int count; - - /* * for odd curve sizes account for mod EG: * Case 1) curve field of 256: @@ -152,10 +146,6 @@ double start_time, total_time; printf("Failed to allocate sig buff\n"); return -1001; } - - - - ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); @@ -179,8 +169,6 @@ double start_time, total_time; ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, &key); - - CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; @@ -188,13 +176,9 @@ double start_time, total_time; #ifdef BENCHMARK count++; } - printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); - #else - -printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); - + printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); #endif rng_done: @@ -222,8 +206,8 @@ static void hexdump(const void *buffer, word32 len, byte cols) } #endif - -int main(){ +int main() +{ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); #if defined(SP_C64_FLAG) diff --git a/embedded/signature/ecc_sign_verify/user_settings.h b/embedded/signature/ecc_sign_verify/user_settings.h index 8ede6cac6..b60f0c356 100644 --- a/embedded/signature/ecc_sign_verify/user_settings.h +++ b/embedded/signature/ecc_sign_verify/user_settings.h @@ -7,7 +7,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_HARDEN #define NO_RSA diff --git a/embedded/signature/ecc_vfy_only/ecc_verify.c b/embedded/signature/ecc_vfy_only/ecc_verify.c index f8decd59e..b46e2e819 100644 --- a/embedded/signature/ecc_vfy_only/ecc_verify.c +++ b/embedded/signature/ecc_vfy_only/ecc_verify.c @@ -1,6 +1,6 @@ /* ecc_verify.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -27,10 +27,9 @@ #include #include #include -#include +#include #include "signature.h" - #define HEAP_HINT NULL #define ECC_KEY_SIZE_112 112 #define ECC_KEY_SIZE_128 128 @@ -45,10 +44,8 @@ #define ECC_KEY_SIZE_521 521 #define BYTE_SZ 8 - int idx_key(int keysize); - #define CHECK_RET(a, b, eLabel, msg) { \ if (a != b) { \ printf("failed %s\n", msg); \ @@ -59,7 +56,6 @@ int idx_key(int keysize); int do_sig_ver_test(int eccKeySz); - int ecc_verify(void) { int ret = 0; @@ -90,7 +86,6 @@ int ecc_verify(void) ret = do_sig_ver_test(ECC_KEY_SIZE_521); CHECK_RET(ret, 0, finished, "521 test"); - finished: #ifdef DEBUG_MEMORY printf("\n"); @@ -119,15 +114,12 @@ int do_sig_ver_test(int eccKeySz) int key_size; unsigned char *pKeybuff; - /* Variables for Benchmark */ -double start_time, total_time; + double start_time, total_time; + int count; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 1 #endif - int count; - - /* * for odd curve sizes account for mod EG: * Case 1) curve field of 256: @@ -148,7 +140,6 @@ double start_time, total_time; printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); #endif - ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); @@ -156,14 +147,12 @@ double start_time, total_time; count = 0; start_time = current_time(1); - while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ + while((double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time)){ #endif ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); - - /* Import signature and ecc_key */ - + /* Import signature and ecc_key */ sig = sig_keys[idx_key(eccKeySz)].sig; sig_size = sig_keys[idx_key(eccKeySz)].sig_size; pKeybuff = sig_keys[idx_key(eccKeySz)].pubkey; @@ -172,10 +161,8 @@ double start_time, total_time; ret = wc_ecc_import_x963(pKeybuff, key_size, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); - ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), - &verified, &key); - + &verified, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; @@ -183,13 +170,9 @@ double start_time, total_time; #ifdef BENCHMARK count++; } - printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); - #else - -printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); - + printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); #endif /* BENCHMARK */ rng_done: @@ -200,8 +183,8 @@ printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); return ret; } - -int main(){ +int main() +{ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); #if defined(SP_C64_FLAG) @@ -253,6 +236,4 @@ int idx_key(int keysize){ default: return -1; } - } - diff --git a/embedded/signature/ecc_vfy_only/user_settings.h b/embedded/signature/ecc_vfy_only/user_settings.h index 5c81ec9d5..3976a1e2b 100644 --- a/embedded/signature/ecc_vfy_only/user_settings.h +++ b/embedded/signature/ecc_vfy_only/user_settings.h @@ -7,7 +7,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_HARDEN #define NO_RSA diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h index 0afe2c9e7..05d023d7e 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h @@ -1,3 +1,23 @@ +/* ecc_pubkey.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ unsigned char ecc_PublicKey_112[] = { 0x04, 0x67, 0xa6, 0xdc, 0x12, 0x25, 0xdb, 0x81, 0x5c, 0x67, 0x7c, 0xbf, 0x55, 0x3b, 0xd9, 0x51, @@ -9,7 +29,7 @@ unsigned char ecc_PublicKey_112[] = { 0xad, }; -unsigned char ecc_PublicKey_128[] = { +unsigned char ecc_PublicKey_128[] = { 0x04, 0x0f, 0x31, 0xea, 0x92, 0x1d, 0x84, 0xcf, 0xce, 0xe1, 0xe5, 0x0b, 0x13, 0xda, 0xd3, 0xb2, 0xb0, 0x57, 0x0c, 0x02, 0xdb, 0x50, 0xaa, 0xaa, diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c index c455d1af8..66cff1833 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c @@ -1,6 +1,6 @@ /* ecc_verify_nonblock.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -27,10 +27,9 @@ #include #include #include -#include +#include #include "signature.h" - #define HEAP_HINT NULL #define ECC_KEY_SIZE_112 112 #define ECC_KEY_SIZE_128 128 @@ -45,10 +44,8 @@ #define ECC_KEY_SIZE_521 521 #define BYTE_SZ 8 - int idx_key(int keysize); - #define CHECK_RET(a, b, eLabel, msg) { \ if (a != b) { \ printf("failed %s\n", msg); \ @@ -59,7 +56,6 @@ int idx_key(int keysize); int do_sig_ver_test(int eccKeySz); - int ecc_verify(void) { int ret = 0; @@ -90,7 +86,6 @@ int ecc_verify(void) ret = do_sig_ver_test(ECC_KEY_SIZE_521); CHECK_RET(ret, 0, finished, "521 test"); - finished: #ifdef DEBUG_MEMORY printf("\n"); @@ -122,7 +117,7 @@ int do_sig_ver_test(int eccKeySz) #ifdef NONBLOCK ecc_nb_ctx_t nb_ctx; double total_blk_time; - double pre_returned_t; /* previous recent returned time */ + double pre_returned_t; /* previous recent returned time */ double returned_t; /* most recent returned time */ double max_t = -1.0; /* Maximum blocking time */ double min_t = __DBL_MAX__; /* Minimum blocking time */ @@ -130,9 +125,6 @@ int do_sig_ver_test(int eccKeySz) int blk_count; #endif - - - /* * for odd curve sizes account for mod EG: * Case 1) curve field of 256: @@ -152,16 +144,10 @@ int do_sig_ver_test(int eccKeySz) printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); - - ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); - - ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); - - /* Import signature and ecc_key */ sig = sig_keys[idx_key(eccKeySz)].sig; sig_size = sig_keys[idx_key(eccKeySz)].sig_size; @@ -170,8 +156,6 @@ int do_sig_ver_test(int eccKeySz) ret = wc_ecc_import_x963(pKeybuff, key_size, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); - - #ifdef NONBLOCK ret = wc_ecc_set_nonblock(&key, &nb_ctx); CHECK_RET(ret, 0, rng_done, "wc_ecc_set_nonblock()"); @@ -197,7 +181,6 @@ int do_sig_ver_test(int eccKeySz) pre_returned_t = returned_t; blk_count++; } while (ret == FP_WOULDBLOCK); - #else ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), &verified, &key); @@ -206,9 +189,8 @@ int do_sig_ver_test(int eccKeySz) CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; - - - printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + printf("Successfully verified signature w/ ecc key size %d!\n", + eccKeySz); #ifdef NONBLOCK if (eccKeySz >= ECC_KEY_SIZE_256){ @@ -217,11 +199,9 @@ int do_sig_ver_test(int eccKeySz) 1000*1000*total_blk_time, blk_count); printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); - } #endif /* NONBLOCK */ - rng_done: wc_FreeRng(&rng); key_done: @@ -230,11 +210,8 @@ int do_sig_ver_test(int eccKeySz) return ret; } - - - -int main(){ - +int main() +{ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)ecc_verify); #else @@ -269,6 +246,4 @@ int idx_key(int keysize){ default: return -1; } - } - diff --git a/embedded/signature/ecc_vfy_only_nonblock/signature.h b/embedded/signature/ecc_vfy_only_nonblock/signature.h index e311cebef..abc07c53e 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/signature.h +++ b/embedded/signature/ecc_vfy_only_nonblock/signature.h @@ -1,3 +1,23 @@ +/* signature.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ #include "ecc_pubKey.h" byte ecc_signature_112[] = { diff --git a/embedded/signature/ecc_vfy_only_nonblock/user_settings.h b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h index c7d29c701..6f2d1e651 100644 --- a/embedded/signature/ecc_vfy_only_nonblock/user_settings.h +++ b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h @@ -7,7 +7,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_HARDEN #define NO_RSA diff --git a/embedded/signature/include/rsa_priv_2048.h b/embedded/signature/include/rsa_priv_2048.h index d859fd1c3..2c9178647 100644 --- a/embedded/signature/include/rsa_priv_2048.h +++ b/embedded/signature/include/rsa_priv_2048.h @@ -1,6 +1,6 @@ /* rsa_priv_2048.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -148,4 +148,3 @@ static const unsigned char private_key_2048[] = { 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, 0xF5, 0xBF }; - diff --git a/embedded/signature/include/rsa_pub_2048.h b/embedded/signature/include/rsa_pub_2048.h index 2df0fa670..84457b5c0 100644 --- a/embedded/signature/include/rsa_pub_2048.h +++ b/embedded/signature/include/rsa_pub_2048.h @@ -1,6 +1,6 @@ /* rsa_pub_2048.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -65,4 +65,3 @@ static const unsigned char public_key_2048[] = { 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 }; - diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c index c03c85300..475948bbc 100644 --- a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c @@ -1,6 +1,6 @@ /* rsa_sign_verify.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,7 @@ #include #include #include -#include +#include #if !defined(WOLFSSL_KEY_GEN) #include "../include/rsa_priv_2048.h" @@ -70,18 +70,15 @@ byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; word32 encSigLen = 0; byte decSig[ RSA_KEY_SIZE / 8]; word32 decSigLen; - RsaKey key; RsaKey* pKey = NULL; - -int sign(){ - +int sign() +{ #ifdef DEBUG_MEMORY wolfCrypt_Init(); InitMemoryTracker(); #endif - int ret = 0; #if !defined(WOLFSSL_KEY_GEN) word32 idx = 0; @@ -130,7 +127,6 @@ int sign(){ if ((int)sigLen < 0) ret = (int)sigLen; CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); - #else /* PKCS#1.5 */ /* Encode digest with algorithm information as per PKCS#1.5 */ encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); @@ -143,10 +139,7 @@ int sign(){ if ((int)sigLen < 0) ret = (int)sigLen; CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); - #endif - - /* Generated Rsakey must be released in verify() */ finish: if (pSha256 != NULL) @@ -168,13 +161,12 @@ int sign(){ /* Verifies the signature with the message and RSA public key. * Returns 0 on success and 1 otherwise. */ -int verify(){ - +int verify() +{ #ifdef DEBUG_MEMORY wolfCrypt_Init(); InitMemoryTracker(); #endif - int ret = 0; /* Variables for benchmark */ #ifdef BENCHMARK @@ -184,51 +176,45 @@ int verify(){ #endif int count; #endif - -/* Check the RSA Key */ + /* Check the RSA Key */ if (pKey == NULL){ printf("RSA Key is NULL in verify()\n"); return -1; } - #ifdef BENCHMARK count = 0; printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0); - while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + while ((double)BENCH_TIME_SEC > (total_time = current_time(0) - start )) { #endif - /* Verify the signature by decrypting the value. */ - - #ifdef PSS_PADDING - decSigLen = wc_RsaPSS_VerifyCheck(signature, sizeof(signature), - decSig, sizeof(decSig), hash, sizeof(hash), - WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); - - if ((int)decSigLen < 0) - ret = (int)decSigLen; - CHECK_RET(ret, 0, finish, "wc_RsaPSS_VerifyCheck()"); - - #else /* PKCS#1.5 */ - decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), - decSig, sizeof(decSig), &key); - if ((int)decSigLen < 0) - ret = (int)decSigLen; - CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); + #ifdef PSS_PADDING + decSigLen = wc_RsaPSS_VerifyCheck(signature, sizeof(signature), + decSig, sizeof(decSig), hash, sizeof(hash), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_VerifyCheck()"); + + #else /* PKCS#1.5 */ + decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), + decSig, sizeof(decSig), &key); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); /* Check the decrypted result matches the encoded digest. */ if (ret == 0 && encSigLen != decSigLen) ret = -1; if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) ret = -1; - if(ret != 0){ printf("Invalid Signature!\n"); goto finish; } - #endif + #endif #ifdef BENCHMARK count++; @@ -242,7 +228,6 @@ int verify(){ printf("Verified!\n"); #endif - finish: if (pKey != NULL) wc_FreeRsaKey(pKey); @@ -258,7 +243,8 @@ int verify(){ return ret; } -int main(){ +int main() +{ int ret = 0; #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c index 221708aae..a049bde64 100644 --- a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c @@ -1,6 +1,6 @@ /* rsa_sign_verify.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,7 @@ #include #include #include -#include +#include /* Maximum bound on digest algorithm encoding around digest */ #define MAX_ENC_ALG_SZ 32 @@ -70,24 +70,20 @@ byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; word32 encSigLen = 0; byte decSig[ RSA_KEY_SIZE / 8]; word32 decSigLen; - RsaKey key; RsaKey* pKey = NULL; - - /* Variables for non-blocking RSA */ RsaNb nb_ctx; double total_blk_time; -double pre_returned_t; /* previous recent returned time */ +double pre_returned_t; /* previous recent returned time */ double returned_t; /* most recent returned time */ double max_t = -1.0; /* Maximum blocking time */ double min_t = __DBL_MAX__; /* Minimum blocking time */ double blocking_t; /* current blocking time */ int blk_count; - -int sign(){ - +int sign() +{ #ifdef DEBUG_MEMORY wolfCrypt_Init(); InitMemoryTracker(); @@ -99,7 +95,6 @@ int sign(){ WC_RNG* pRng; long e = 65537; /* standard value to use for exponent */ - /* Calculate SHA-256 digest of message */ ret = wc_InitSha256(&sha256); CHECK_RET(ret, 0, finish, "wc_InitSha256()"); @@ -122,7 +117,6 @@ int sign(){ CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); #endif - /* Generate 2048-bit RSA key*/ ret = wc_MakeRsaKey(&key, 2048, e, &rng); CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); @@ -132,24 +126,20 @@ int sign(){ if ((int)encSigLen < 0) ret = (int)encSigLen; CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); - #ifdef PSS_PADDING sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if ((int)sigLen < 0) ret = (int)sigLen; CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); - #else /* PKCS#1.5 */ sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ &key, &rng); if ((int)sigLen < 0) ret = (int)sigLen; CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); - #endif - finish: if (pSha256 != NULL) wc_Sha256Free(pSha256); @@ -165,16 +155,13 @@ int sign(){ return ret; } -int verify_nonblock(){ - +int verify_nonblock() +{ #ifdef DEBUG_MEMORY wolfCrypt_Init(); InitMemoryTracker(); #endif int ret = 0; - - - /* Verify the signature by decrypting the value with non-blocking mode. */ if (ret == 0){ ret = wc_RsaSetNonBlock(&key, &nb_ctx); @@ -189,7 +176,8 @@ int verify_nonblock(){ #ifdef PSS_PADDING decSigLen = wc_RsaPSS_Verify(signature, sizeof(signature), - decSig, sizeof(decSig),WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + decSig, sizeof(decSig),WC_HASH_TYPE_SHA256, + WC_MGF1SHA256, &key); #else /* PKCS#1.5 */ decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), @@ -218,9 +206,9 @@ int verify_nonblock(){ ret = (int)decSigLen; CHECK_RET(ret, 0, finish, "wc_RsaPSS_Verify()"); - ret = wc_RsaPSS_CheckPadding(hash, sizeof(hash), decSig, decSigLen, WC_HASH_TYPE_SHA256); + ret = wc_RsaPSS_CheckPadding(hash, sizeof(hash), decSig, decSigLen, + WC_HASH_TYPE_SHA256); CHECK_RET(ret, 0, finish, "Verification Check RSA-PSS"); - #else if ((int)decSigLen < 0) ret = (int)decSigLen; @@ -235,13 +223,10 @@ int verify_nonblock(){ printf("Invalid Signature!\n"); goto finish; } - #endif - finish: if (pKey != NULL) wc_FreeRsaKey(pKey); - #ifdef DEBUG_MEMORY printf("\n"); printf("Memory usage : verify_nonblock() \n"); @@ -254,11 +239,9 @@ int verify_nonblock(){ return ret; } - - -int main(){ +int main() +{ int ret = 0; - #ifdef DEBUG_MEMORY ret = StackSizeCheck(NULL, (thread_func)sign); #else @@ -273,7 +256,6 @@ int main(){ ret = StackSizeCheck(NULL, (thread_func)verify_nonblock); #else ret = verify_nonblock(); - #endif if (ret == 0){ printf("\nNon-blocking:\n"); diff --git a/embedded/signature/rsa_sign_verify/user_settings.h b/embedded/signature/rsa_sign_verify/user_settings.h index 8fee44660..73db66c05 100644 --- a/embedded/signature/rsa_sign_verify/user_settings.h +++ b/embedded/signature/rsa_sign_verify/user_settings.h @@ -8,7 +8,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_HARDEN /* #define WOLFSSL_KEY_GEN */ diff --git a/embedded/signature/rsa_vfy_only/user_settings.h b/embedded/signature/rsa_vfy_only/user_settings.h index ca802043f..7d677ddc2 100644 --- a/embedded/signature/rsa_vfy_only/user_settings.h +++ b/embedded/signature/rsa_vfy_only/user_settings.h @@ -8,7 +8,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_RSA_PSS #define WC_NO_HARDEN @@ -22,7 +21,7 @@ /* asn */ #define NO_ASN_TIME #define IGNORE_NAME_CONSTRAINTS -#define WOLFSSL_NO_ASN_STRICT +#define WOLFSSL_NO_ASN_STRICT #ifdef DEBUG_MEMORY @@ -33,7 +32,7 @@ #endif -#ifdef SP_C32_FLAG +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_SP_MATH_ALL #define SP_WORD_SIZE 32 diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index 1888419a1..c1c0d239e 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -1,6 +1,6 @@ /* verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,11 +20,11 @@ */ #include -#include +#include #include #include -#include -#include +#include +#include /* RSA public key to verify with. */ static const unsigned char public_key_2048_n[] = { @@ -179,13 +179,13 @@ int verify() } if (ret == 0) ret = mp_set_int(&rsaKey.e, public_key_2048_e); -#ifdef BENCHMARK +#ifdef BENCHMARK count = 0; printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0);// 1 0 while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ - if (ret != 0 ) printf("Invalid signature in benchmark\n"); + if (ret != 0 ) printf("Invalid signature in benchmark\n"); #endif /* Verify the signature by decrypting the value. */ if (ret == 0) { @@ -195,8 +195,6 @@ int verify() ret = (int)decSigLen; } - - /* Check the decrypted result matches the encoded digest. */ if (ret == 0 && decSigLen != sizeof(encSig)) ret = -1; @@ -206,10 +204,10 @@ int verify() #ifdef BENCHMARK count++; } - + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); printf("Finished Benchmark \n"); -#else +#else printf("Verified\n"); #endif @@ -223,11 +221,12 @@ int verify() ShowMemoryTracker(); CleanupMemoryTracker(); wolfCrypt_Cleanup(); -#endif +#endif return ret == 0 ? 0 : 1; } -int main(){ +int main() +{ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); #if defined(SP_C64_FLAG) @@ -246,7 +245,7 @@ int main(){ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); -#else +#else return verify(); #endif diff --git a/embedded/signature/rsa_vfy_only_nonblock/user_settings.h b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h index 37a345d05..8180909c6 100644 --- a/embedded/signature/rsa_vfy_only_nonblock/user_settings.h +++ b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h @@ -8,7 +8,6 @@ #define NO_SHA /* rsa */ -#define WOLFSSL_RSA_VERIFY_INLINE #define WC_NO_RSA_OAEP #define WC_NO_RSA_PSS #define WC_NO_HARDEN @@ -22,7 +21,7 @@ /* asn */ #define NO_ASN_TIME #define IGNORE_NAME_CONSTRAINTS -#define WOLFSSL_NO_ASN_STRICT +#define WOLFSSL_NO_ASN_STRICT #ifdef DEBUG_MEMORY @@ -33,7 +32,7 @@ #endif -#ifdef SP_C32_FLAG +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_SP_MATH_ALL #define SP_WORD_SIZE 32 diff --git a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c index 75b0fcf78..b1b20e311 100644 --- a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c +++ b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c @@ -1,6 +1,6 @@ /* verify.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,11 +20,11 @@ */ #include -#include +#include #include #include -#include -#include +#include +#include /* RSA public key to verify with. */ static const unsigned char public_key_2048_n[] = { @@ -151,7 +151,7 @@ int verify() RsaNb nb_ctx; double total_blk_time; - double pre_returned_t; /* previous recent returned time */ + double pre_returned_t; /* previous recent returned time */ double returned_t; /* most recent returned time */ double max_t = -1.0; /* Maximum blocking time */ double min_t = __DBL_MAX__; /* Minimum blocking time */ @@ -228,10 +228,10 @@ int verify() printf("Verified\n"); printf("Non-blocking:\n"); - printf(" Total time : %.2f micro sec, Bloking count: %d \n",1000*1000*total_blk_time, blk_count); + printf(" Total time : %.2f micro sec, Bloking count: %d \n", + 1000 * 1000 * total_blk_time, blk_count); printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ - max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); - + max_t * 1000 * 1000, 1000 * 1000 * total_blk_time/blk_count ); /* Free the data structures */ if (pRsaKey != NULL) @@ -247,8 +247,8 @@ int verify() return ret == 0 ? 0 : 1; } -int main(){ - +int main() +{ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); #else