From 8cc20cb15a0aeaf9d26c84bf85e67af8be5afa2d Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Tue, 6 Dec 2022 15:07:34 +0900 Subject: [PATCH 1/6] Add benchmarks and memory tracking feature to Signature Examples. Add becnmark and memory tranking to the following program: signature/rsa_vfy_only/verify signature/rsa_buffer/verify signature/ecc-sign-verify/ecc_sign_verify --- embedded/signature/README.md | 87 ++++++ embedded/signature/ecc-sign-verify/Makefile | 66 +++++ embedded/signature/ecc-sign-verify/README.md | 133 ++++++++++ .../ecc-sign-verify/ecc_sign_verify.c | 250 ++++++++++++++++++ .../signature/ecc-sign-verify/user_settings.h | 70 +++++ embedded/signature/rsa_buffer/Makefile | 66 +++++ embedded/signature/rsa_buffer/README.md | 92 +++++++ embedded/signature/rsa_buffer/rsa_priv_2048.h | 151 +++++++++++ embedded/signature/rsa_buffer/rsa_pub_2048.h | 68 +++++ embedded/signature/rsa_buffer/sign.c | 178 +++++++++++++ embedded/signature/rsa_buffer/sign_vfy.sh | 10 + embedded/signature/rsa_buffer/signature.h | 40 +++ embedded/signature/rsa_buffer/user_settings.h | 74 ++++++ embedded/signature/rsa_buffer/verify.c | 166 ++++++++++++ embedded/signature/rsa_vfy_only/Makefile | 65 +++++ embedded/signature/rsa_vfy_only/README.md | 89 +++++++ .../signature/rsa_vfy_only/user_settings.h | 74 ++++++ embedded/signature/rsa_vfy_only/verify.c | 246 +++++++++++++++++ 18 files changed, 1925 insertions(+) create mode 100644 embedded/signature/README.md create mode 100644 embedded/signature/ecc-sign-verify/Makefile create mode 100644 embedded/signature/ecc-sign-verify/README.md create mode 100644 embedded/signature/ecc-sign-verify/ecc_sign_verify.c create mode 100644 embedded/signature/ecc-sign-verify/user_settings.h create mode 100644 embedded/signature/rsa_buffer/Makefile create mode 100644 embedded/signature/rsa_buffer/README.md create mode 100644 embedded/signature/rsa_buffer/rsa_priv_2048.h create mode 100644 embedded/signature/rsa_buffer/rsa_pub_2048.h create mode 100644 embedded/signature/rsa_buffer/sign.c create mode 100755 embedded/signature/rsa_buffer/sign_vfy.sh create mode 100644 embedded/signature/rsa_buffer/signature.h create mode 100644 embedded/signature/rsa_buffer/user_settings.h create mode 100644 embedded/signature/rsa_buffer/verify.c create mode 100644 embedded/signature/rsa_vfy_only/Makefile create mode 100644 embedded/signature/rsa_vfy_only/README.md create mode 100644 embedded/signature/rsa_vfy_only/user_settings.h create mode 100644 embedded/signature/rsa_vfy_only/verify.c diff --git a/embedded/signature/README.md b/embedded/signature/README.md new file mode 100644 index 000000000..028049556 --- /dev/null +++ b/embedded/signature/README.md @@ -0,0 +1,87 @@ +# Signature Examples for Embedded Systems +​ +This directory includes the following examples under the sub-directories.Each has a Makefile and source files to build and execute the example and a README to show how to build and Example output. +​ +|Scheme|Directory|Description| +|---|---|---| +|RSA|rsa_vfy_only |verify signature| +||rsa_buffer|sign/verify signature | +|ECDSA|signature/ecc-sign-verify/ecc_sign_verify.c|sign msg and verify signature| + +You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. + +``` +$ make math= arch= +``` +​ +## Functions + +|Function name|Description| +|---|---| +|Default|Simple Execution| +|mem|Memory Track on heap and stack usage| +|bench|Performance benchmark| + + +## Math library +|math|Description| +|---|---| +|Default|Generic architecture by pure C language source code| +|sp| SP for specified archtecture| +|tfm|TFM for generic architecture| +## MCU Architectures +NOTE: No architecture specification is required when using TFM. +|arch|Description| +|---|---| +|Default|Generic architecture by pure C language source code| +|arm64|SP for ARM64 | +|x64|SP for x86 64bit| + + +The Makefile is self-contained without libwolfssl. Put your wolfSSL source filesin parallel with wolfssl-examples directory. It is defined by WOLFROOT in Makefile.It compiles only needed files for the target. OBJ and OBJ_xxx macro in Makefiledefine object files for the common and specific target. +​ +Example programs are hard coded for a hash algorithm or signature scheme.Sha256 is for the hash by default. PKCS #1 v1.5 or ECDSA for the signature scheme.You can refer to the following API tables for modifying the examples for other algorithms or schemes. +​ +## Table 1: Hash algorithms for PKCS#1 Signature +|Algorithm|Src File|Macro SW
Enable|
Disable|Note| +|---|---|---|---|---| +|MD2|md2.c|WOLFSSL_MD2||Only for v1.5 Backward compatibility| +|MD5|md5.c||NO_MD5|Only for v1.5 Backward compatibility| +|SHA1|sha.c||NO_SHA|||SHA256|sha256.c||NO_SHA256| +||SHA384|sha512.c|WOLFSSL_SHA384||Disabled by default| +|SHA512|sha512.c|WOLFSSL_SHA512||Disabled by default| + + +## Table 2: Hash Algorithm APIs +|Algorithm|
Init|API
Update|
Final| +|---|---|---|---| +|MD2|wc_InitMd2|wc_Md2Update|wc_Md2Final| +|MD5|wc_InitMd5|wc_Md5Update|wc_Md5Final| +|SHA1|wc_InitSha|wc_ShaUpdate|wc_ShaFinal| +|SHA256|wc_InitSha256|wc_Sha256Update|wc_Sha256Final| +|SHA384|wc_initSha384|wc_Sha384Update|wc_Sha384Final| +|SHA512|wc_InitSha512|wc_Sha512Update|wc_Sha512Final| + +​ +## Table 3: RSA Signature APIs +​ +|Padding|API|Description| +|---|---|---| +|PKCS #1 v1.5|wc_RsaSSL_Verify|Decrypt input signature to verify| +||wc_RsaSSL_VerifyInline|The output uses the same byte array as the input| +|PSS|wc_RsaPSS_Verify|Decrypt input signature to verify with PSS| +| |wc_RsaPSS_VerifyCheck|Verify the message signed| +| |wc_RsaPSS_VerifyCheck_ex|with Salt length argument| +| |wc_RsaPSS_VerifyInline|The output uses the same byte array as the input| +| |wc_RsaPSS_VerifyCheckInline|Verify the message signed| +| |wc_RsaPSS_VerifyCheckPadding|Checks the PSS data to ensure that the signature matches| +| |wc_RsaPSS_VerifyCheckPadding_ex|with Salt length argument| + + +## Table 4: ECC Signature APIs +​ +|Algorithm|API|Hash| +|---|---|---| +|ECDSA|wc_ecc_sign_hash|SHA512| +|Ed25519|wc_ed25519_sign_hash|SHA512| +|Ed488|wc_ed488_sign_hash|SHAKE256| diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile new file mode 100644 index 000000000..bf37344da --- /dev/null +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -0,0 +1,66 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + +.PHONY: all clean mem size + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all : ecc_sign_verify bench +mem:CFLAGS+= -DDEBUG_MEMORY +mem: ecc_sign_verify + +ecc_sign_verify: $(OBJ) + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) + +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench ecc_sign_verify.c $(OBJ) + +clean: + rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc-sign-verify/README.md new file mode 100644 index 000000000..6afc7ae22 --- /dev/null +++ b/embedded/signature/ecc-sign-verify/README.md @@ -0,0 +1,133 @@ +# Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using ECC + +First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. +## Building + +### Build example + +``` +make +``` + +## Usage + +``` +./ecc_sign_verify +Key size is 112, byteField = 14, maxSigSz = 44 +Successfully verified signature w/ ecc key size 112! +Key size is 128, byteField = 16, maxSigSz = 48 +Successfully verified signature w/ ecc key size 128! +Key size is 160, byteField = 20, maxSigSz = 56 +Successfully verified signature w/ ecc key size 160! +Key size is 192, byteField = 24, maxSigSz = 64 +Successfully verified signature w/ ecc key size 192! +Key size is 224, byteField = 28, maxSigSz = 72 +Successfully verified signature w/ ecc key size 224! +Key size is 239, byteField = 36, maxSigSz = 88 +Successfully verified signature w/ ecc key size 239! +Key size is 256, byteField = 32, maxSigSz = 80 +Successfully verified signature w/ ecc key size 256! +Key size is 320, byteField = 40, maxSigSz = 96 +Successfully verified signature w/ ecc key size 320! +Key size is 384, byteField = 48, maxSigSz = 112 +Successfully verified signature w/ ecc key size 384! +Key size is 512, byteField = 64, maxSigSz = 144 +Successfully verified signature w/ ecc key size 512! +Key size is 521, byteField = 66, maxSigSz = 148 +Successfully verified signature w/ ecc key size 521! +``` + +NOTE: Also an option to dump out the signatures. For more verbose output + uncomment define in example "SHOW_SIGS_IN_EXAMPLE" + + + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. + +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running ECC Sign Verify Benchmarks... +ECC Key Size 112 1275.78 Cycles/sec +ECC Key Size 128 1351.68 Cycles/sec +ECC Key Size 160 1368.65 Cycles/sec +ECC Key Size 192 1382.20 Cycles/sec +ECC Key Size 224 1385.06 Cycles/sec +ECC Key Size 239 1401.38 Cycles/sec +ECC Key Size 256 12830.67 Cycles/sec +ECC Key Size 320 626.52 Cycles/sec +ECC Key Size 384 634.85 Cycles/sec +ECC Key Size 512 279.71 Cycles/sec +ECC Key Size 521 279.15 Cycles/sec +``` + +# Tracking memory +To see a stack and heap memory usage. + +``` +make mem +``` +## Example Output +``` +./ecc_sign_verify +Key size is 112, byteField = 14 +Successfully verified signature w/ ecc key size 112! +Key size is 128, byteField = 16 +Successfully verified signature w/ ecc key size 128! +Key size is 160, byteField = 20 +Successfully verified signature w/ ecc key size 160! +Key size is 192, byteField = 24 +Successfully verified signature w/ ecc key size 192! +Key size is 224, byteField = 28 +Successfully verified signature w/ ecc key size 224! +Key size is 239, byteField = 30 +Successfully verified signature w/ ecc key size 239! +Key size is 256, byteField = 32 +Successfully verified signature w/ ecc key size 256! +Key size is 320, byteField = 40 +Successfully verified signature w/ ecc key size 320! +Key size is 384, byteField = 48 +Successfully verified signature w/ ecc key size 384! +Key size is 512, byteField = 64 +Successfully verified signature w/ ecc key size 512! +Key size is 521, byteField = 66 +Successfully verified signature w/ ecc key size 521! + +total Allocs = 522 +total Deallocs = 522 +total Bytes = 225047 +peak Bytes = 5161 +current Bytes = 0 +stack used = 16752 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c new file mode 100644 index 000000000..79773bf1d --- /dev/null +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -0,0 +1,250 @@ +/* ecc_sign_verify.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + + + +/* uncomment to show signatures */ +/* #define SHOW_SIGS_IN_EXAMPLE */ + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 +#define BENCH_TIME_SEC 1 +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + +#ifdef SHOW_SIGS_IN_EXAMPLE + static void hexdump(const void *buffer, word32 len, byte cols); +#endif + +// int ret; +double start_time, total_time; + + +int ecc_sign_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + int count; // for the benchmark + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; +#ifndef BENCHMARK + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); +#endif + sig = (byte*) XMALLOC(maxSigSz * sizeof(byte), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (sig == NULL) { + printf("Failed to allocate sig buff\n"); + return -1001; + } + + wolfCrypt_Init(); + + + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + + ret = wc_ecc_make_key(&rng, byteField, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); + +#ifdef BENCHMARK + count = 0; + start_time = current_time(1); + + while( BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ +#endif + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + ret = wc_ecc_make_key(&rng, byteField, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); + // printf("%s\n",hash); + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &maxSigSz, &rng, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_sign_hash()"); + + #ifdef SHOW_SIGS_IN_EXAMPLE + hexdump(sig, maxSigSz, 16); + #endif + + + ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, + &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + maxSigSz = ECC_MAX_SIG_SIZE; +#ifdef BENCHMARK + count++; + } + + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); + +#else + +printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#endif + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#ifdef SHOW_SIGS_IN_EXAMPLE +static void hexdump(const void *buffer, word32 len, byte cols) +{ + word32 i; + + for (i = 0; i < len + ((len % cols) ? (cols - len % cols) : 0); i++) { + /* print hex data */ + if (i < len) + printf("%02X ", ((byte*)buffer)[i] & 0xFF); + + if (i % cols == (cols - 1)) + printf("\n"); + } +} +#endif + + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_ECC) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_ECC \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); + printf("Running ECC Sign Verify Benchmarks...\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_sign_verify); +#else + return ecc_sign_verify(); +#endif +} diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h new file mode 100644 index 000000000..b063470a6 --- /dev/null +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -0,0 +1,70 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + // #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile new file mode 100644 index 000000000..e838a42c5 --- /dev/null +++ b/embedded/signature/rsa_buffer/Makefile @@ -0,0 +1,66 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean mem size + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all: verify sign bench + +mem:CFLAGS+= -DDEBUG_MEMORY +mem: verify sign + +verify: $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) +sign: $(OBJ) + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) +clean: + rm -f verify sign bench $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) diff --git a/embedded/signature/rsa_buffer/README.md b/embedded/signature/rsa_buffer/README.md new file mode 100644 index 000000000..7f1900042 --- /dev/null +++ b/embedded/signature/rsa_buffer/README.md @@ -0,0 +1,92 @@ +# RSA Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +``` +./sign +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 236782 times, 78927.31 Cycles/sec +Finished Benchmark +``` + + +built with the option `math=tfm` +``` +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76860 times, 25619.98 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 13528 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_buffer/rsa_priv_2048.h b/embedded/signature/rsa_buffer/rsa_priv_2048.h new file mode 100644 index 000000000..8c4242271 --- /dev/null +++ b/embedded/signature/rsa_buffer/rsa_priv_2048.h @@ -0,0 +1,151 @@ +/* rsa_priv_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit private key. + * It is the private counterpart to "rsa_pub_2048.h" + */ + +/* RSA private key to sign with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char private_key_2048[] = { + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + diff --git a/embedded/signature/rsa_buffer/rsa_pub_2048.h b/embedded/signature/rsa_buffer/rsa_pub_2048.h new file mode 100644 index 000000000..0d5a3b672 --- /dev/null +++ b/embedded/signature/rsa_buffer/rsa_pub_2048.h @@ -0,0 +1,68 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit public key. + * It is the public counterpart to "rsa_priv_2048.h" + */ + +/* RSA public key to verify with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char public_key_2048[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, + 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, + 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, + 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, + 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, + 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, + 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, + 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, + 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, + 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, + 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, + 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, + 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, + 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, + 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, + 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, + 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, + 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, + 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, + 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, + 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, + 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, + 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, + 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + diff --git a/embedded/signature/rsa_buffer/sign.c b/embedded/signature/rsa_buffer/sign.c new file mode 100644 index 000000000..847f6db78 --- /dev/null +++ b/embedded/signature/rsa_buffer/sign.c @@ -0,0 +1,178 @@ +/* sign.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file shows how to sign a message with an RSA private key. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * The output of this program can be used with "verify.c". + */ + +// #include +#include "user_settings.h" +#include + +#include +#include +#include +#include + +#include "rsa_priv_2048.h" + + +/* Signature size is the length of the modulus of the RSA key */ +#define SIG_SZ (2048 / 8) +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Print out the buffer in C code. + * + * name [in] Name of the variable. + * data [in] Data to print out. + * len [in] Length of the data. + */ +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + +/* Main entry point. + * Signs the message passed in as the first command line argument. + * + * argc [in] Count of command line arguments. + * argv [in] Command line argument vector. + * Returns 0 on success and 1 otherwise. + */ +int main(int argc, char* argv[]) +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; +#ifdef WC_RSA_BLINDING + WC_RNG rng; + WC_RNG* pRng = NULL; +#endif + word32 idx; + unsigned char* msg; + word32 msgLen; + unsigned char signature[SIG_SZ]; + word32 sigLen; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen; + + /* Get the message to sign from the command line */ + if (argc != 2) { + fprintf(stderr, "Message to sign required\n"); + ret = -1; + } + else { + msg = (unsigned char*)argv[1]; + msgLen = strlen(argv[1]); + } + + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, msgLen); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize RSA key and random (if required) */ + if (ret == 0) { + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) + pRsaKey = &rsaKey; + } +#ifdef WC_RSA_BLINDING + if (ret == 0) + ret = wc_InitRng(&rng); +#endif + /* Load DER encoded RSA private key from buffer */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + pRng = &rng; +#endif + idx = 0; + ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, + sizeof(private_key_2048)); + } + + /* Sign encoded digest */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, pRng); +#else + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, NULL); +#endif + if (ret >= 0) { + sigLen = ret; + ret = 0; + } + } + + if (ret == 0) { + /* Display message as a buffer */ + print_buffer("msg", msg, msgLen); + printf("\n"); + /* Display binary signature as a buffer */ + print_buffer("rsa_sig_2048", signature, sigLen); + } + + /* Free data structures */ +#ifdef WC_RSA_BLINDING + if (pRng != NULL) + wc_FreeRng(pRng); +#endif + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + + return ret == 0 ? 0 : 1; +} + diff --git a/embedded/signature/rsa_buffer/sign_vfy.sh b/embedded/signature/rsa_buffer/sign_vfy.sh new file mode 100755 index 000000000..0ad83d54c --- /dev/null +++ b/embedded/signature/rsa_buffer/sign_vfy.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +make clean + +make sign +./sign "This is the message" > signature.h +make verify +./verify + + diff --git a/embedded/signature/rsa_buffer/signature.h b/embedded/signature/rsa_buffer/signature.h new file mode 100644 index 000000000..e0b34c8c9 --- /dev/null +++ b/embedded/signature/rsa_buffer/signature.h @@ -0,0 +1,40 @@ +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h new file mode 100644 index 000000000..b9fc3348a --- /dev/null +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -0,0 +1,74 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + + + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c new file mode 100644 index 000000000..5c1129526 --- /dev/null +++ b/embedded/signature/rsa_buffer/verify.c @@ -0,0 +1,166 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of verifying an RSA signature. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * "signature.h", used by this program, can be generated using "sign.c". + */ + +#include +#include "user_settings.h" +#include +#include +#include +#include +#include + +#include "rsa_pub_2048.h" +#include "signature.h" +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + word32 idx; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen = 0; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + + double start, total_time; + #define BENCH_TIME_SEC 3 + int count; + +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + idx = 0; + ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, + sizeof(public_key_2048)); + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0);// 1 0 + while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified\n"); +#endif + +finish: + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK*/ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + + return verify(); +#endif +} diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile new file mode 100644 index 000000000..30fe0524e --- /dev/null +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -0,0 +1,65 @@ +WOLFROOT = ../../../../wolfssl + +CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean mem size + + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_FLAG +OBJ += $(OBJ_SP_C32) +endif + +all: verify bench + +mem:CFLAGS+= -DDEBUG_MEMORY +mem: verify + +verify: $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) +bench: $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) +clean: + rm -f verify bench $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) diff --git a/embedded/signature/rsa_vfy_only/README.md b/embedded/signature/rsa_vfy_only/README.md new file mode 100644 index 000000000..6b8a303c9 --- /dev/null +++ b/embedded/signature/rsa_vfy_only/README.md @@ -0,0 +1,89 @@ +# RSA Signature Test Example + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +built with the option `math=sp arch=arm64` +``` +./bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 237053 times, 79017.45 Cycles/sec +Finished Benchmark +``` + + +built with the option `math=tfm` +``` +./bench +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76438 times, 25479.23 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 11384 +``` + + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_vfy_only/user_settings.h b/embedded/signature/rsa_vfy_only/user_settings.h new file mode 100644 index 000000000..b65f9b16b --- /dev/null +++ b/embedded/signature/rsa_vfy_only/user_settings.h @@ -0,0 +1,74 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + + + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif /*SP_FLAG*/ + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c new file mode 100644 index 000000000..736e04409 --- /dev/null +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -0,0 +1,246 @@ +/* verify.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include + +/* RSA public key to verify with. */ +static const unsigned char public_key_2048_n[] = { + 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, + 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, + 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, + 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, + 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, + 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, + 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, + 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, + 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, + 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, + 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, + 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, + 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, +}; + +static const unsigned long public_key_2048_e = 0x010001; + +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; + +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + + +/* ASN.1 encoding of digest algorithm before hash */ +#define ENC_ALG_SZ 19 + +/* verify entry point. + * + * Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + unsigned char encSig[ENC_ALG_SZ + WC_SHA256_DIGEST_SIZE] = { + 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, 0x00, + }; + + double start, total_time; + #define BENCH_TIME_SEC 3 + int count; + +#ifdef DEBUG_MEMORY + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, encSig + ENC_ALG_SZ); + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + ret = mp_read_unsigned_bin(&rsaKey.n, public_key_2048_n, + sizeof(public_key_2048_n)); + } + if (ret == 0) + ret = mp_set_int(&rsaKey.e, public_key_2048_e); +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0);// 1 0 + while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + if (ret != 0 ) printf("Invalid signature in benchmark\n"); +#endif + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + + + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && decSigLen != sizeof(encSig)) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, decSigLen) != 0) + ret = -1; + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified\n"); +#endif + + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); +#endif + return ret == 0 ? 0 : 1; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled WOLFSSL_SP_X86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled WOLFSSL_SP_ARM64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK*/ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + return verify(); +#endif +} From 75264e92020fd040276cd971da36e6a6259d601e Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Wed, 14 Dec 2022 07:33:43 +0900 Subject: [PATCH 2/6] Moved files in the embedded directory to the embedded/tls directory --- embedded/{ => tls}/Makefile | 0 embedded/{ => tls}/README.md | 0 embedded/{ => tls}/certs.h | 0 embedded/{ => tls}/sockets.h | 0 embedded/{ => tls}/threading.h | 0 embedded/{ => tls}/tls-client-server.c | 0 embedded/{ => tls}/tls-info.h | 0 embedded/{ => tls}/tls-server-size.c | 0 embedded/{ => tls}/tls-sock-client-ca.c | 0 embedded/{ => tls}/tls-sock-client.c | 0 embedded/{ => tls}/tls-sock-server-ca.c | 0 embedded/{ => tls}/tls-sock-server.c | 0 embedded/{ => tls}/tls-sock-threaded.c | 0 embedded/{ => tls}/tls-threaded.c | 0 14 files changed, 0 insertions(+), 0 deletions(-) rename embedded/{ => tls}/Makefile (100%) rename embedded/{ => tls}/README.md (100%) rename embedded/{ => tls}/certs.h (100%) rename embedded/{ => tls}/sockets.h (100%) rename embedded/{ => tls}/threading.h (100%) rename embedded/{ => tls}/tls-client-server.c (100%) rename embedded/{ => tls}/tls-info.h (100%) rename embedded/{ => tls}/tls-server-size.c (100%) rename embedded/{ => tls}/tls-sock-client-ca.c (100%) rename embedded/{ => tls}/tls-sock-client.c (100%) rename embedded/{ => tls}/tls-sock-server-ca.c (100%) rename embedded/{ => tls}/tls-sock-server.c (100%) rename embedded/{ => tls}/tls-sock-threaded.c (100%) rename embedded/{ => tls}/tls-threaded.c (100%) diff --git a/embedded/Makefile b/embedded/tls/Makefile similarity index 100% rename from embedded/Makefile rename to embedded/tls/Makefile diff --git a/embedded/README.md b/embedded/tls/README.md similarity index 100% rename from embedded/README.md rename to embedded/tls/README.md diff --git a/embedded/certs.h b/embedded/tls/certs.h similarity index 100% rename from embedded/certs.h rename to embedded/tls/certs.h diff --git a/embedded/sockets.h b/embedded/tls/sockets.h similarity index 100% rename from embedded/sockets.h rename to embedded/tls/sockets.h diff --git a/embedded/threading.h b/embedded/tls/threading.h similarity index 100% rename from embedded/threading.h rename to embedded/tls/threading.h diff --git a/embedded/tls-client-server.c b/embedded/tls/tls-client-server.c similarity index 100% rename from embedded/tls-client-server.c rename to embedded/tls/tls-client-server.c diff --git a/embedded/tls-info.h b/embedded/tls/tls-info.h similarity index 100% rename from embedded/tls-info.h rename to embedded/tls/tls-info.h diff --git a/embedded/tls-server-size.c b/embedded/tls/tls-server-size.c similarity index 100% rename from embedded/tls-server-size.c rename to embedded/tls/tls-server-size.c diff --git a/embedded/tls-sock-client-ca.c b/embedded/tls/tls-sock-client-ca.c similarity index 100% rename from embedded/tls-sock-client-ca.c rename to embedded/tls/tls-sock-client-ca.c diff --git a/embedded/tls-sock-client.c b/embedded/tls/tls-sock-client.c similarity index 100% rename from embedded/tls-sock-client.c rename to embedded/tls/tls-sock-client.c diff --git a/embedded/tls-sock-server-ca.c b/embedded/tls/tls-sock-server-ca.c similarity index 100% rename from embedded/tls-sock-server-ca.c rename to embedded/tls/tls-sock-server-ca.c diff --git a/embedded/tls-sock-server.c b/embedded/tls/tls-sock-server.c similarity index 100% rename from embedded/tls-sock-server.c rename to embedded/tls/tls-sock-server.c diff --git a/embedded/tls-sock-threaded.c b/embedded/tls/tls-sock-threaded.c similarity index 100% rename from embedded/tls-sock-threaded.c rename to embedded/tls/tls-sock-threaded.c diff --git a/embedded/tls-threaded.c b/embedded/tls/tls-threaded.c similarity index 100% rename from embedded/tls-threaded.c rename to embedded/tls/tls-threaded.c From e93fc7fd5517aaceed84eda24fcb8bad591c6488 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 15 Dec 2022 18:54:30 +0900 Subject: [PATCH 3/6] fix SP_C64/C32 option (#2) --- embedded/signature/ecc-sign-verify/Makefile | 14 ++++++++++++-- .../signature/ecc-sign-verify/user_settings.h | 17 ++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index bf37344da..ce6afe9d7 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -19,6 +19,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -41,12 +45,18 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +OBJ += $(OBJ_SP_C64) endif all : ecc_sign_verify bench @@ -63,4 +73,4 @@ clean: rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) ecc_sign_verify diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h index b063470a6..d563e4af7 100644 --- a/embedded/signature/ecc-sign-verify/user_settings.h +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -37,10 +37,25 @@ #ifdef SP_FLAG #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_MATH #undef USE_FAST_MATH #endif +#if defined(SP_C32_FLAG) +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_MATH_ALL +#undef USE_FAST_MATH +#endif + +#if defined(SP_C64_FLAG) +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_MATH_ALL +#define SP_WORD_SIZE 64 +#undef USE_FAST_MATH +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_ECC #define WOLFSSL_SP_MATH_ALL From fadc52989f2363227e91bafde007ae2dce4d3b91 Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Fri, 16 Dec 2022 16:28:07 +0900 Subject: [PATCH 4/6] Fixed for sp_c64.c to be available. --- embedded/signature/README.md | 6 ++-- embedded/signature/ecc-sign-verify/Makefile | 18 +++++------ embedded/signature/ecc-sign-verify/README.md | 12 +++---- .../ecc-sign-verify/ecc_sign_verify.c | 18 +++++------ .../signature/ecc-sign-verify/user_settings.h | 30 ++++++++---------- embedded/signature/rsa_buffer/Makefile | 31 ++++++++++++------- embedded/signature/rsa_buffer/README.md | 11 ++++--- embedded/signature/rsa_buffer/user_settings.h | 17 +++++----- embedded/signature/rsa_buffer/verify.c | 18 ++++++----- embedded/signature/rsa_vfy_only/Makefile | 31 ++++++++++++------- embedded/signature/rsa_vfy_only/README.md | 16 +++++----- .../signature/rsa_vfy_only/user_settings.h | 18 ++++++----- embedded/signature/rsa_vfy_only/verify.c | 16 ++++++---- 13 files changed, 135 insertions(+), 107 deletions(-) diff --git a/embedded/signature/README.md b/embedded/signature/README.md index 028049556..9a2646330 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -6,7 +6,7 @@ This directory includes the following examples under the sub-directories.Each ha |---|---|---| |RSA|rsa_vfy_only |verify signature| ||rsa_buffer|sign/verify signature | -|ECDSA|signature/ecc-sign-verify/ecc_sign_verify.c|sign msg and verify signature| +|ECDSA|signature/ecc-sign-verify/|sign msg and verify signature| You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. @@ -27,13 +27,15 @@ $ make math= arch= |math|Description| |---|---| |Default|Generic architecture by pure C language source code| -|sp| SP for specified archtecture| +|sp| SP for generic or specified archtecture| |tfm|TFM for generic architecture| ## MCU Architectures NOTE: No architecture specification is required when using TFM. |arch|Description| |---|---| |Default|Generic architecture by pure C language source code| +|c32| SP using 32-bit data type | +|c64| SP using 64-bit data type (default) | |arm64|SP for ARM64 | |x64|SP for x86 64bit| diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index ce6afe9d7..f01218112 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ=\ @@ -14,7 +14,6 @@ OBJ=\ $(WOLFROOT)/wolfcrypt/src/memory.o\ $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ - OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ @@ -27,7 +26,6 @@ OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ - OBJ_SP_X86_64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/cpuid.o\ @@ -37,7 +35,7 @@ OBJ_SP_X86_64 := \ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean mem size bench ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG @@ -55,22 +53,22 @@ else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG +CFLAGS += -DSP_C64_FLAG OBJ += $(OBJ_SP_C64) endif -all : ecc_sign_verify bench -mem:CFLAGS+= -DDEBUG_MEMORY -mem: ecc_sign_verify +all : ecc_sign_verify bench mem ecc_sign_verify: $(OBJ) $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench ecc_sign_verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) clean: - rm -f ecc_sign_verify bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f ecc_sign_verify ecc_sign_verify_bench ecc_sign_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : size $(OBJ) ecc_sign_verify diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc-sign-verify/README.md index 6afc7ae22..53382982b 100644 --- a/embedded/signature/ecc-sign-verify/README.md +++ b/embedded/signature/ecc-sign-verify/README.md @@ -67,9 +67,9 @@ make bench math=tfm NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./ecc_sign_verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -95,7 +95,7 @@ make mem ``` ## Example Output ``` -./ecc_sign_verify +./ecc_sign_verify_mem Key size is 112, byteField = 14 Successfully verified signature w/ ecc key size 112! Key size is 128, byteField = 16 @@ -121,10 +121,10 @@ Successfully verified signature w/ ecc key size 521! total Allocs = 522 total Deallocs = 522 -total Bytes = 225047 -peak Bytes = 5161 +total Bytes = 243047 +peak Bytes = 5557 current Bytes = 0 -stack used = 16752 +stack used = 14448 ``` diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c index 79773bf1d..e95087cdc 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -20,8 +20,7 @@ */ #include -#include - +#include #include #include #include @@ -71,6 +70,7 @@ int ecc_sign_verify(void) { int ret = 0; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif ret = do_sig_ver_test(ECC_KEY_SIZE_112); @@ -102,6 +102,7 @@ int ecc_sign_verify(void) printf("\n"); ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret; } @@ -149,8 +150,6 @@ int do_sig_ver_test(int eccKeySz) printf("Failed to allocate sig buff\n"); return -1001; } - - wolfCrypt_Init(); @@ -205,7 +204,6 @@ printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); wc_ecc_free(&key); sig_done: XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } @@ -229,12 +227,14 @@ static void hexdump(const void *buffer, word32 len, byte cols) int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_ECC) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_ECC \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc-sign-verify/user_settings.h index d563e4af7..4264f7597 100644 --- a/embedded/signature/ecc-sign-verify/user_settings.h +++ b/embedded/signature/ecc-sign-verify/user_settings.h @@ -28,32 +28,28 @@ #ifdef DEBUG_MEMORY - // #define WOLFSSL_TRACK_MEMORY + #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE - #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK #endif -#ifdef SP_FLAG + +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 #undef USE_FAST_MATH #endif -#if defined(SP_C32_FLAG) -#define WOLFSSL_HAVE_SP_ECC -#define WOLFSSL_SP_MATH -#define WOLFSSL_SP_MATH_ALL -#undef USE_FAST_MATH -#endif - -#if defined(SP_C64_FLAG) -#define WOLFSSL_HAVE_SP_ECC -#define WOLFSSL_SP_MATH -#define WOLFSSL_SP_MATH_ALL -#define SP_WORD_SIZE 64 -#undef USE_FAST_MATH +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH #endif #ifdef SP_ARM64_FLAG diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index e838a42c5..0dfe42678 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ = \ @@ -17,6 +17,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -33,7 +37,7 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean size mem bench ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG @@ -41,26 +45,31 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) endif -all: verify sign bench - -mem:CFLAGS+= -DDEBUG_MEMORY -mem: verify sign +all: verify sign bench mem verify: $(OBJ) $(CC) $(CFLAGS) -o verify verify.c $(OBJ) sign: $(OBJ) $(CC) $(CFLAGS) -o sign sign.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) clean: - rm -f verify sign bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f sign verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) sign verify diff --git a/embedded/signature/rsa_buffer/README.md b/embedded/signature/rsa_buffer/README.md index 7f1900042..c4523ccc9 100644 --- a/embedded/signature/rsa_buffer/README.md +++ b/embedded/signature/rsa_buffer/README.md @@ -43,9 +43,9 @@ make bench math=tfm ``` NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -56,8 +56,9 @@ Finished Benchmark ``` -built with the option `math=tfm` +- built with the option `math=tfm` ``` +./verify_bench --------------------------------------------------------------- Enabled TFM --------------------------------------------------------------- @@ -75,14 +76,14 @@ make mem ``` ## Example Output ``` -./verify +./verify_mem Verified total Allocs = 0 total Deallocs = 0 total Bytes = 0 peak Bytes = 0 current Bytes = 0 -stack used = 13528 +stack used = 12392 ``` diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h index b9fc3348a..cb94fedfa 100644 --- a/embedded/signature/rsa_buffer/user_settings.h +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -25,9 +25,6 @@ #define WOLFSSL_NO_ASN_STRICT - - - #ifdef DEBUG_MEMORY #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE @@ -36,16 +33,23 @@ #endif -#ifdef SP_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ +#ifdef SP_C32_FLAG /* Use multi-platform SP (sp_c32.c) by default*/ #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #undef USE_FAST_MATH #endif +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_ARM64 #define WOLFSSL_SP_ARM64_ASM @@ -54,7 +58,6 @@ #ifdef SP_X86_64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_X86_64 #define WOLFSSL_SP_X86_64_ASM diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index 5c1129526..c2b42c76d 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -25,8 +25,7 @@ * "signature.h", used by this program, can be generated using "sign.c". */ -#include -#include "user_settings.h" +#include #include #include #include @@ -62,6 +61,7 @@ int verify() int count; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif /* Calculate SHA-256 digest of message */ @@ -137,6 +137,7 @@ int verify() #ifdef DEBUG_MEMORY ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret; } @@ -144,23 +145,24 @@ int verify() int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK*/ +#endif /* BENCHMARK */ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); #else - return verify(); #endif } diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index 30fe0524e..1e14142f9 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -1,6 +1,6 @@ WOLFROOT = ../../../../wolfssl -CFLAGS =-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) OBJ = \ @@ -17,6 +17,10 @@ OBJ_SP_C32 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + OBJ_SP_ARM64 := \ $(WOLFROOT)/wolfcrypt/src/sp_int.o\ $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ @@ -33,7 +37,7 @@ OBJ_TFM := \ $(WOLFROOT)/wolfcrypt/src/tfm.o\ -.PHONY: all clean mem size +.PHONY: all clean size bench mem ifeq ($(math) $(arch),sp x64) @@ -42,24 +46,29 @@ OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) else ifeq ($(math), tfm) CFLAGS += -DTFM_FLAG OBJ += $(OBJ_TFM) else -CFLAGS += -DSP_FLAG -OBJ += $(OBJ_SP_C32) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) endif -all: verify bench - -mem:CFLAGS+= -DDEBUG_MEMORY -mem: verify +all: verify bench mem verify: $(OBJ) $(CC) $(CFLAGS) -o verify verify.c $(OBJ) bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o bench verify.c $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) +mem: $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) clean: - rm -f verify bench $(WOLFROOT)/wolfcrypt/src/*.o + rm -f verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : - size $(OBJ) + size $(OBJ) verify diff --git a/embedded/signature/rsa_vfy_only/README.md b/embedded/signature/rsa_vfy_only/README.md index 6b8a303c9..b86914649 100644 --- a/embedded/signature/rsa_vfy_only/README.md +++ b/embedded/signature/rsa_vfy_only/README.md @@ -2,14 +2,14 @@ Demonstrates using a hash digest to sign and verify a signature using RSA -First, set the path to wolfssl directory to variable WOLFROOT in the Makefile. +First, set the path to wolfssl directory to the WOLFROOT in the Makefile. ## Building ### Build example ``` -make +make ``` ### Usage @@ -39,9 +39,9 @@ make bench math=tfm ``` NOTE: When using TFM, No Architecture specification is required. ## Example Output -built with the option `math=sp arch=arm64` +- built with the option `math=sp arch=arm64` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled WOLFSSL_SP_ARM64 --------------------------------------------------------------- @@ -52,9 +52,9 @@ Finished Benchmark ``` -built with the option `math=tfm` +- built with the option `math=tfm` ``` -./bench +./verify_bench --------------------------------------------------------------- Enabled TFM --------------------------------------------------------------- @@ -72,14 +72,14 @@ make mem ``` ## Example Output ``` -./verify +./verify_mem Verified total Allocs = 0 total Deallocs = 0 total Bytes = 0 peak Bytes = 0 current Bytes = 0 -stack used = 11384 +stack used = 12344 ``` diff --git a/embedded/signature/rsa_vfy_only/user_settings.h b/embedded/signature/rsa_vfy_only/user_settings.h index b65f9b16b..ca802043f 100644 --- a/embedded/signature/rsa_vfy_only/user_settings.h +++ b/embedded/signature/rsa_vfy_only/user_settings.h @@ -25,9 +25,6 @@ #define WOLFSSL_NO_ASN_STRICT - - - #ifdef DEBUG_MEMORY #define WOLFSSL_TRACK_MEMORY #define HAVE_STACK_SIZE @@ -36,16 +33,24 @@ #endif -#ifdef SP_FLAG +#ifdef SP_C32_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 #undef USE_FAST_MATH #endif /*SP_FLAG*/ +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + #ifdef SP_ARM64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_ARM64 #define WOLFSSL_SP_ARM64_ASM @@ -54,7 +59,6 @@ #ifdef SP_X86_64_FLAG #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_SP_MATH #define WOLFSSL_SP_MATH_ALL #define WOLFSSL_SP_X86_64 #define WOLFSSL_SP_X86_64_ASM diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index 736e04409..77491cb4a 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -20,7 +20,7 @@ */ #include -#include +#include #include #include #include @@ -152,6 +152,7 @@ int verify() int count; #ifdef DEBUG_MEMORY + wolfCrypt_Init(); InitMemoryTracker(); #endif /* Calculate SHA-256 digest of message */ @@ -218,6 +219,7 @@ int verify() #ifdef DEBUG_MEMORY ShowMemoryTracker(); CleanupMemoryTracker(); + wolfCrypt_Cleanup(); #endif return ret == 0 ? 0 : 1; } @@ -225,17 +227,19 @@ int verify() int main(){ #ifdef BENCHMARK printf("---------------------------------------------------------------\n"); -#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_X86_64_FLAG) && !defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_HAVE_SP_RSA \n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); #elif defined(SP_X86_64_FLAG) - printf("Enabled WOLFSSL_SP_X86_64\n"); + printf("Enabled SP for x86_64\n"); #elif defined(SP_ARM64_FLAG) - printf("Enabled WOLFSSL_SP_ARM64\n"); + printf("Enabled SP for Arm64\n"); #elif defined(TFM_FLAG) printf("Enabled TFM \n"); #endif printf("---------------------------------------------------------------\n"); -#endif /* BENCHMARK*/ +#endif /* BENCHMARK */ #ifdef DEBUG_MEMORY return StackSizeCheck(NULL, (thread_func)verify); From ce003469064756f2e5b23aeaa8e1b021afaaf32b Mon Sep 17 00:00:00 2001 From: Shingo Morimoto Date: Thu, 19 Jan 2023 09:41:00 +0900 Subject: [PATCH 5/6] Modified Makefile and benchmark variables -modified Makefile to execute clean target before building. -modified Makefile to add CFLAGS for sp_x86_64. -fixed BENCH_TIME_SEC possible to be defined by compiler flags. -add -lpthread to be given to compiler. --- embedded/signature/ecc-sign-verify/Makefile | 13 +++++++------ .../ecc-sign-verify/ecc_sign_verify.c | 15 ++++++++------- embedded/signature/rsa_buffer/Makefile | 19 ++++++++++--------- embedded/signature/rsa_buffer/verify.c | 5 ++++- embedded/signature/rsa_vfy_only/Makefile | 13 +++++++------ embedded/signature/rsa_vfy_only/verify.c | 5 ++++- 6 files changed, 40 insertions(+), 30 deletions(-) diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc-sign-verify/Makefile index f01218112..9b9925e1d 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc-sign-verify/Makefile @@ -39,6 +39,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -59,14 +60,14 @@ endif all : ecc_sign_verify bench mem -ecc_sign_verify: $(OBJ) - $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) +ecc_sign_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) -lpthread -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) -lpthread clean: rm -f ecc_sign_verify ecc_sign_verify_bench ecc_sign_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c index e95087cdc..989fd533b 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc-sign-verify/ecc_sign_verify.c @@ -47,7 +47,6 @@ #define ECC_KEY_SIZE_512 512 #define ECC_KEY_SIZE_521 521 #define BYTE_SZ 8 -#define BENCH_TIME_SEC 1 #define CHECK_RET(a, b, eLabel, msg) { \ if (a != b) { \ printf("failed %s\n", msg); \ @@ -62,10 +61,6 @@ int do_sig_ver_test(int eccKeySz); static void hexdump(const void *buffer, word32 len, byte cols); #endif -// int ret; -double start_time, total_time; - - int ecc_sign_verify(void) { int ret = 0; @@ -121,7 +116,13 @@ int do_sig_ver_test(int eccKeySz) byte* sig = NULL; // get rid of this magic number WC_RNG rng; int verified = 0; - int count; // for the benchmark + +/* Variables for Benchmark */ +double start_time, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 1 +#endif + int count; /* @@ -164,7 +165,7 @@ int do_sig_ver_test(int eccKeySz) count = 0; start_time = current_time(1); - while( BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ #endif ret = wc_ecc_init(&key); CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index 0dfe42678..09825debc 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,5 +1,5 @@ WOLFROOT = ../../../../wolfssl - +# EX_CFLAGS CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) @@ -41,6 +41,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -61,14 +62,14 @@ endif all: verify sign bench mem -verify: $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -sign: $(OBJ) - $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) +verify: clean $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread +sign: clean $(OBJ) + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -lpthread +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) -lpthread clean: rm -f sign verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index c2b42c76d..b2e75655a 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -56,8 +56,11 @@ int verify() unsigned char decSig[sizeof(rsa_sig_2048)]; word32 decSigLen = 0; +/* Variables for benchmark */ double start, total_time; +#ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 +#endif int count; #ifdef DEBUG_MEMORY @@ -97,7 +100,7 @@ int verify() printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0);// 1 0 - while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ #endif /* Verify the signature by decrypting the value. */ if (ret == 0) { diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index 1e14142f9..ae67065ed 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -42,6 +42,7 @@ OBJ_TFM := \ ifeq ($(math) $(arch),sp x64) ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG OBJ += $(OBJ_SP_X86_64) else ifeq ($(math) $(arch),sp arm64) CFLAGS += -DSP_ARM64_FLAG @@ -62,12 +63,12 @@ endif all: verify bench mem -verify: $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -bench: $(OBJ) - $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -mem: $(OBJ) - $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) +verify: clean $(OBJ) + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem verify.c $(OBJ) -lpthread clean: rm -f verify verify_bench verify_mem $(WOLFROOT)/wolfcrypt/src/*.o size : diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index 77491cb4a..bbab06bf7 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -147,8 +147,11 @@ int verify() 0x00, 0x04, 0x20, 0x00, }; +/* Variables for a benchmark*/ double start, total_time; +#ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 +#endif int count; #ifdef DEBUG_MEMORY @@ -181,7 +184,7 @@ int verify() printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); start = current_time(0);// 1 0 - while( BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ if (ret != 0 ) printf("Invalid signature in benchmark\n"); #endif /* Verify the signature by decrypting the value. */ From cd31d151a0168a7796898cc12393f188470405ea Mon Sep 17 00:00:00 2001 From: Shingo Morimoto <105830364+Gonsix@users.noreply.github.com> Date: Fri, 24 Feb 2023 09:14:16 +0900 Subject: [PATCH 6/6] Add Non-blocking mode (#3) * Add non-blocking mode for ECC Signature Example * Add non-blocking mode for RSA with TFM * Add ecc_vfy_only and ecc_vfy_only_nonblock - Add ecc_vfy_only to separate the function Verifying only from the ecc_sign_verify that signing and verifying the signatures. - Rename rsa_buffer to rsa_sign_verify - Add rsa_vfy_only_nonblock * Revise the README --------- Co-authored-by: Shingo Morimoto --- embedded/signature/README.md | 11 +- .../Makefile | 3 +- .../README.md | 6 +- .../ecc_sign_verify.c | 14 +- .../user_settings.h | 0 embedded/signature/ecc_vfy_only/Makefile | 77 +++++ embedded/signature/ecc_vfy_only/ecc_pubKey.h | 150 +++++++++ embedded/signature/ecc_vfy_only/ecc_verify.c | 258 ++++++++++++++++ embedded/signature/ecc_vfy_only/signature.h | 178 +++++++++++ .../signature/ecc_vfy_only/user_settings.h | 83 +++++ .../signature/ecc_vfy_only_nonblock/Makefile | 77 +++++ .../ecc_vfy_only_nonblock/ecc_pubKey.h | 150 +++++++++ .../ecc_verify_nonblock.c | 274 +++++++++++++++++ .../ecc_vfy_only_nonblock/signature.h | 178 +++++++++++ .../ecc_vfy_only_nonblock/user_settings.h | 91 ++++++ embedded/signature/rsa_buffer/Makefile | 6 +- embedded/signature/rsa_buffer/rsa_priv_2048.h | 2 +- embedded/signature/rsa_buffer/rsa_pub_2048.h | 2 +- embedded/signature/rsa_buffer/sign.c | 2 +- embedded/signature/rsa_buffer/user_settings.h | 2 + embedded/signature/rsa_buffer/verify.c | 16 +- embedded/signature/rsa_sign_verify/Makefile | 79 +++++ embedded/signature/rsa_sign_verify/README.md | 106 +++++++ .../signature/rsa_sign_verify/rsa_priv_2048.h | 151 +++++++++ .../signature/rsa_sign_verify/rsa_pub_2048.h | 68 +++++ .../rsa_sign_verify/rsa_sign_verify.c | 287 ++++++++++++++++++ .../rsa_sign_verify_nonblock.c | 286 +++++++++++++++++ embedded/signature/rsa_sign_verify/sign.c | 178 +++++++++++ .../signature/rsa_sign_verify/sign_vfy.sh | 10 + .../signature/rsa_sign_verify/signature.h | 40 +++ .../signature/rsa_sign_verify/user_settings.h | 93 ++++++ embedded/signature/rsa_sign_verify/verify.c | 179 +++++++++++ embedded/signature/rsa_vfy_only/Makefile | 3 +- embedded/signature/rsa_vfy_only/verify.c | 2 +- .../signature/rsa_vfy_only_nonblock/Makefile | 58 ++++ .../rsa_vfy_only_nonblock/user_settings.h | 87 ++++++ .../rsa_vfy_only_nonblock/verify_nonblock.c | 257 ++++++++++++++++ 37 files changed, 3437 insertions(+), 27 deletions(-) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/Makefile (93%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/README.md (97%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/ecc_sign_verify.c (96%) rename embedded/signature/{ecc-sign-verify => ecc_sign_verify}/user_settings.h (100%) create mode 100644 embedded/signature/ecc_vfy_only/Makefile create mode 100644 embedded/signature/ecc_vfy_only/ecc_pubKey.h create mode 100644 embedded/signature/ecc_vfy_only/ecc_verify.c create mode 100644 embedded/signature/ecc_vfy_only/signature.h create mode 100644 embedded/signature/ecc_vfy_only/user_settings.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/Makefile create mode 100644 embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c create mode 100644 embedded/signature/ecc_vfy_only_nonblock/signature.h create mode 100644 embedded/signature/ecc_vfy_only_nonblock/user_settings.h create mode 100644 embedded/signature/rsa_sign_verify/Makefile create mode 100644 embedded/signature/rsa_sign_verify/README.md create mode 100644 embedded/signature/rsa_sign_verify/rsa_priv_2048.h create mode 100644 embedded/signature/rsa_sign_verify/rsa_pub_2048.h create mode 100644 embedded/signature/rsa_sign_verify/rsa_sign_verify.c create mode 100644 embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c create mode 100644 embedded/signature/rsa_sign_verify/sign.c create mode 100755 embedded/signature/rsa_sign_verify/sign_vfy.sh create mode 100644 embedded/signature/rsa_sign_verify/signature.h create mode 100644 embedded/signature/rsa_sign_verify/user_settings.h create mode 100644 embedded/signature/rsa_sign_verify/verify.c create mode 100644 embedded/signature/rsa_vfy_only_nonblock/Makefile create mode 100644 embedded/signature/rsa_vfy_only_nonblock/user_settings.h create mode 100644 embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c diff --git a/embedded/signature/README.md b/embedded/signature/README.md index 9a2646330..1836f39d6 100644 --- a/embedded/signature/README.md +++ b/embedded/signature/README.md @@ -4,9 +4,14 @@ This directory includes the following examples under the sub-directories.Each ha ​ |Scheme|Directory|Description| |---|---|---| -|RSA|rsa_vfy_only |verify signature| -||rsa_buffer|sign/verify signature | -|ECDSA|signature/ecc-sign-verify/|sign msg and verify signature| +|RSA|rsa_sign_verify|sign/verify signature inline | +||rsa_buffer|sign/verify signature| +||rsa_vfy_only |verify signature| +||rsa_vfy_only_nonblock|verify signature with non-blocking| +|ECDSA|ecc_sign_verify/|sign msg and verify signature| +||ecc_vfy_only|verify Signature| +||ecc_vfy_only_nonblock|verify signature with non-blocking| + You can specify a target function of Simple example, Benchemark or Memory track program.It also has options for optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default, as well as Math library of Single Precision or TFM. diff --git a/embedded/signature/ecc-sign-verify/Makefile b/embedded/signature/ecc_sign_verify/Makefile similarity index 93% rename from embedded/signature/ecc-sign-verify/Makefile rename to embedded/signature/ecc_sign_verify/Makefile index 9b9925e1d..695219ec6 100644 --- a/embedded/signature/ecc-sign-verify/Makefile +++ b/embedded/signature/ecc_sign_verify/Makefile @@ -1,3 +1,4 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os @@ -61,7 +62,7 @@ endif all : ecc_sign_verify bench mem ecc_sign_verify: clean $(OBJ) - $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread diff --git a/embedded/signature/ecc-sign-verify/README.md b/embedded/signature/ecc_sign_verify/README.md similarity index 97% rename from embedded/signature/ecc-sign-verify/README.md rename to embedded/signature/ecc_sign_verify/README.md index 53382982b..9835ff7c5 100644 --- a/embedded/signature/ecc-sign-verify/README.md +++ b/embedded/signature/ecc_sign_verify/README.md @@ -119,9 +119,9 @@ Successfully verified signature w/ ecc key size 512! Key size is 521, byteField = 66 Successfully verified signature w/ ecc key size 521! -total Allocs = 522 -total Deallocs = 522 -total Bytes = 243047 +total Allocs = 422 +total Deallocs = 422 +total Bytes = 195047 peak Bytes = 5557 current Bytes = 0 stack used = 14448 diff --git a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c similarity index 96% rename from embedded/signature/ecc-sign-verify/ecc_sign_verify.c rename to embedded/signature/ecc_sign_verify/ecc_sign_verify.c index 989fd533b..561453c9b 100644 --- a/embedded/signature/ecc-sign-verify/ecc_sign_verify.c +++ b/embedded/signature/ecc_sign_verify/ecc_sign_verify.c @@ -1,6 +1,6 @@ /* ecc_sign_verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -117,6 +117,7 @@ int do_sig_ver_test(int eccKeySz) WC_RNG rng; int verified = 0; + /* Variables for Benchmark */ double start_time, total_time; #ifndef BENCH_TIME_SEC @@ -158,9 +159,6 @@ double start_time, total_time; ret = wc_InitRng(&rng); CHECK_RET(ret, 0, key_done, "wc_InitRng()"); - ret = wc_ecc_make_key(&rng, byteField, &key); - CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); - #ifdef BENCHMARK count = 0; start_time = current_time(1); @@ -172,17 +170,17 @@ double start_time, total_time; ret = wc_ecc_make_key(&rng, byteField, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_make_key()"); - // printf("%s\n",hash); ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &maxSigSz, &rng, &key); CHECK_RET(ret, 0, rng_done, "wc_ecc_sign_hash()"); #ifdef SHOW_SIGS_IN_EXAMPLE hexdump(sig, maxSigSz, 16); #endif - - ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), &verified, - &key); + ret = wc_ecc_verify_hash(sig, maxSigSz, hash, sizeof(hash), + &verified, &key); + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); CHECK_RET(verified, 1, rng_done, "verification check"); verified = 0; diff --git a/embedded/signature/ecc-sign-verify/user_settings.h b/embedded/signature/ecc_sign_verify/user_settings.h similarity index 100% rename from embedded/signature/ecc-sign-verify/user_settings.h rename to embedded/signature/ecc_sign_verify/user_settings.h diff --git a/embedded/signature/ecc_vfy_only/Makefile b/embedded/signature/ecc_vfy_only/Makefile new file mode 100644 index 000000000..850946795 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/Makefile @@ -0,0 +1,77 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + +.PHONY: all clean mem size bench + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +all : ecc_verify bench mem + + +ecc_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_verify ecc_verify.c $(OBJ) + +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o ecc_verify_bench ecc_verify.c $(OBJ) + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_verify_mem ecc_verify.c $(OBJ) -lpthread +clean: + rm -f ecc_verify ecc_verify_bench ecc_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) ecc_verify diff --git a/embedded/signature/ecc_vfy_only/ecc_pubKey.h b/embedded/signature/ecc_vfy_only/ecc_pubKey.h new file mode 100644 index 000000000..0afe2c9e7 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/ecc_pubKey.h @@ -0,0 +1,150 @@ +unsigned char ecc_PublicKey_112[] = { + 0x04, 0x67, 0xa6, 0xdc, 0x12, 0x25, 0xdb, 0x81, + 0x5c, 0x67, 0x7c, 0xbf, 0x55, 0x3b, 0xd9, 0x51, + 0xb1, 0x61, 0xb4, 0x88, 0xb8, 0x6c, 0xa5, 0x4a, + 0xb0, 0xe8, 0x79, 0x15, 0x4a, 0xfc, 0x6f, 0x01, + 0x6b, 0xc0, 0xc5, 0xdd, 0xc2, 0xe3, 0x59, 0xda, + 0x18, 0x82, 0x46, 0xa4, 0x32, 0xb5, 0x6d, 0x3b, + 0xd1, 0x91, 0xcc, 0x19, 0xb7, 0xab, 0x8d, 0x99, + 0xad, +}; + +unsigned char ecc_PublicKey_128[] = { + 0x04, 0x0f, 0x31, 0xea, 0x92, 0x1d, 0x84, 0xcf, + 0xce, 0xe1, 0xe5, 0x0b, 0x13, 0xda, 0xd3, 0xb2, + 0xb0, 0x57, 0x0c, 0x02, 0xdb, 0x50, 0xaa, 0xaa, + 0x65, 0x47, 0x6c, 0x2a, 0x41, 0xd4, 0x01, 0x72, + 0xdb, 0xd3, 0xcf, 0x42, 0x81, 0x7c, 0x05, 0x67, + 0x6e, 0x2a, 0x0a, 0x03, 0x0f, 0x91, 0x2b, 0x3b, + 0xe3, 0x48, 0x87, 0xb3, 0xb3, 0x70, 0x58, 0x17, + 0xed, +}; + +unsigned char ecc_PublicKey_160[] = { + 0x04, 0xf8, 0x93, 0xf7, 0xf7, 0x1f, 0xc6, 0x56, + 0x8c, 0x40, 0x11, 0x14, 0x74, 0xf5, 0x98, 0xa8, + 0x12, 0xc3, 0xba, 0x06, 0x9e, 0x6d, 0xdc, 0x1b, + 0xd3, 0x94, 0x9c, 0xf0, 0xc1, 0x99, 0x4e, 0x83, + 0xe9, 0x42, 0x53, 0xcd, 0x8d, 0x26, 0x5a, 0x01, + 0x4f, 0x82, 0x06, 0x42, 0x83, 0x65, 0x3c, 0x9e, + 0xd5, 0x2d, 0x73, 0x52, 0xbc, 0x49, 0x1b, 0x99, + 0x5c, +}; + +unsigned char ecc_PublicKey_192[] = { + 0x04, 0xf7, 0xea, 0x10, 0xc6, 0x43, 0xba, 0xbb, + 0x21, 0x14, 0x93, 0x11, 0xfe, 0x1a, 0x68, 0x59, + 0x23, 0x71, 0x52, 0xde, 0x47, 0x08, 0x04, 0xd1, + 0x77, 0xe4, 0x6f, 0x1f, 0x48, 0x4e, 0x8b, 0x92, + 0x1a, 0xb9, 0xe9, 0x61, 0xf4, 0x3c, 0x1b, 0xcd, + 0xe7, 0xaf, 0xc8, 0x59, 0x64, 0x9f, 0x80, 0x7e, + 0x4e, 0x72, 0x98, 0x15, 0x18, 0x60, 0x01, 0x77, + 0x8d, +}; + +unsigned char ecc_PublicKey_224[] = { + 0x04, 0xf1, 0x25, 0xec, 0xac, 0x14, 0x47, 0x35, + 0xcf, 0x32, 0x1a, 0xd2, 0x31, 0x60, 0xf6, 0x6b, + 0xb6, 0x8c, 0x02, 0xd1, 0x46, 0xfa, 0xa6, 0xe3, + 0xd9, 0xfd, 0x96, 0xbe, 0x44, 0x79, 0xc8, 0xbb, + 0x0f, 0x41, 0xc6, 0x3d, 0x52, 0xd2, 0x8b, 0xc7, + 0xe1, 0xfb, 0x03, 0x01, 0x07, 0x11, 0xaa, 0xba, + 0xf9, 0x57, 0x90, 0x5f, 0xc2, 0xaf, 0x20, 0xe2, + 0xd7, +}; + +unsigned char ecc_PublicKey_239[] = { + 0x04, 0x01, 0xc2, 0x14, 0xbf, 0x8c, 0x36, 0x9c, + 0x9d, 0xca, 0xb1, 0x20, 0xc8, 0x36, 0x45, 0x37, + 0x79, 0x60, 0x97, 0xe9, 0x57, 0xc3, 0x1e, 0x86, + 0xd1, 0x15, 0xc1, 0x57, 0xf1, 0x78, 0x91, 0x4e, + 0x69, 0x8f, 0xee, 0xf3, 0xb2, 0xcd, 0xae, 0x00, + 0x4e, 0x67, 0x47, 0x61, 0xab, 0xdd, 0x04, 0x79, + 0x0b, 0xf9, 0xeb, 0x4b, 0x70, 0xa3, 0x22, 0xa0, + 0xce, 0xb3, 0xc2, 0xd3, 0xd2, +}; + +unsigned char ecc_PublicKey_256[] = { + 0x04, 0x80, 0xc7, 0xb7, 0x97, 0xe3, 0xc6, 0x63, + 0x34, 0xcc, 0x72, 0x19, 0xb0, 0x3f, 0x4b, 0xe0, + 0x68, 0x3e, 0xba, 0x8c, 0x0e, 0x60, 0xb0, 0xef, + 0xfb, 0x6a, 0xb5, 0x5d, 0xaa, 0xaa, 0x27, 0x3b, + 0x5d, 0x4c, 0x2d, 0x58, 0x0f, 0x96, 0x75, 0xe0, + 0xe7, 0x5a, 0xab, 0xa0, 0xe9, 0x6a, 0x6a, 0x5f, + 0xa7, 0xd7, 0x5d, 0xb1, 0x1a, 0x8b, 0x3b, 0x74, + 0xcd, 0x75, 0x51, 0xa6, 0x89, 0xd4, 0x3d, 0x00, + 0xeb, +}; + +unsigned char ecc_PublicKey_320[] = { + 0x04, 0x5b, 0xf1, 0x32, 0x17, 0xf3, 0x63, 0x82, + 0xfc, 0x1c, 0x93, 0xca, 0x30, 0x7d, 0x22, 0xf6, + 0x97, 0xc9, 0x2d, 0x54, 0x35, 0x11, 0x77, 0x9c, + 0x3f, 0x44, 0x37, 0x9f, 0x8b, 0x82, 0x8d, 0x50, + 0x68, 0x2d, 0x0d, 0x1a, 0x19, 0x6d, 0xfc, 0xac, + 0xde, 0xc1, 0x81, 0x13, 0x90, 0x31, 0xcc, 0x0f, + 0x00, 0xa2, 0xf6, 0x7b, 0xc3, 0x51, 0x05, 0x46, + 0x67, 0xd3, 0x91, 0xb7, 0xaa, 0xdd, 0xb9, 0x87, + 0x03, 0x4e, 0x21, 0xd0, 0xa0, 0xfa, 0x31, 0x93, + 0x04, 0xc8, 0xea, 0xc5, 0x71, 0x4b, 0x0f, 0x98, + 0x4d, 0x16, 0x69, 0xe9, 0xc7, 0xda, 0xff, 0xfa, + 0xe1, 0xf0, 0xa5, 0xdd, 0x36, 0xf2, 0x04, 0x62, + 0xa6, +}; + +unsigned char ecc_PublicKey_384[] = { + 0x04, 0x51, 0xb3, 0x72, 0xda, 0xd2, 0xd7, 0x81, + 0x53, 0xe3, 0x4e, 0xa1, 0x27, 0x9a, 0x91, 0x42, + 0x8a, 0x29, 0x62, 0x7c, 0x8f, 0x49, 0x47, 0x47, + 0x4c, 0x0e, 0x23, 0x09, 0xf5, 0x13, 0x56, 0x08, + 0x2d, 0x54, 0xc3, 0xac, 0x05, 0xc4, 0x1f, 0x16, + 0x27, 0xd0, 0x4c, 0x3b, 0xed, 0xa0, 0x74, 0x62, + 0xe3, 0x1b, 0xa3, 0xd5, 0xf2, 0xf2, 0x5d, 0x6a, + 0x87, 0xa2, 0xf4, 0x09, 0x9a, 0x87, 0xee, 0xab, + 0x20, 0xe7, 0x42, 0xd2, 0x6d, 0x1b, 0x1c, 0x75, + 0x69, 0x46, 0x2e, 0x8c, 0x00, 0xe5, 0xd7, 0xc5, + 0xc4, 0xfb, 0x46, 0xe7, 0xf8, 0xc1, 0x25, 0x7c, + 0x94, 0x30, 0xd0, 0xd5, 0xdb, 0x8d, 0xe3, 0x15, + 0xc8, +}; + +unsigned char ecc_PublicKey_512[] = { + 0x04, 0x01, 0x5c, 0x37, 0xe0, 0x37, 0x3b, 0xad, + 0x8a, 0xfe, 0x3c, 0x52, 0x5d, 0xe7, 0xab, 0x77, + 0x39, 0x67, 0x94, 0x6c, 0x2a, 0x3f, 0xee, 0x95, + 0x19, 0x8d, 0xcc, 0xdc, 0xad, 0x62, 0x50, 0x97, + 0x79, 0xeb, 0xde, 0x70, 0xed, 0x2d, 0x44, 0x8f, + 0xcf, 0x1d, 0x49, 0x46, 0x32, 0x96, 0xe3, 0xb6, + 0xc5, 0x61, 0x4c, 0xfd, 0xcb, 0x65, 0x1f, 0x04, + 0x97, 0x39, 0x54, 0x46, 0xde, 0x54, 0x2f, 0x0a, + 0x51, 0xd5, 0xe6, 0x01, 0x1e, 0x78, 0x20, 0x15, + 0x1c, 0xb3, 0x6f, 0x14, 0x8f, 0x2f, 0x95, 0x9c, + 0x40, 0xea, 0x12, 0x52, 0x5a, 0xce, 0x7c, 0x43, + 0x28, 0x22, 0x31, 0x00, 0xcb, 0xbf, 0x86, 0x56, + 0xdc, 0x72, 0xa4, 0x49, 0x75, 0x80, 0xa4, 0x17, + 0xde, 0xa6, 0xf8, 0x3b, 0x39, 0x88, 0xd0, 0x8b, + 0x4e, 0x44, 0x69, 0x39, 0x7a, 0xcc, 0xcc, 0xc7, + 0x15, 0x1e, 0x6c, 0x76, 0xf2, 0x8d, 0x1b, 0x6c, + 0x64, 0x0a, 0x4c, 0x29, 0x35, +}; + + +unsigned char ecc_PublicKey_521[] = { + 0x04, 0x00, 0xf9, 0x56, 0xfb, 0x6c, 0x5a, 0x3d, + 0xc4, 0xf3, 0xb8, 0x07, 0x19, 0x2f, 0x93, 0x07, + 0x3c, 0x30, 0x7b, 0xd9, 0x9c, 0x11, 0xe8, 0xda, + 0xbe, 0x1b, 0x1b, 0xa3, 0xf2, 0x81, 0xf9, 0xd0, + 0x47, 0x0d, 0x06, 0xa4, 0x47, 0xa0, 0x8b, 0xca, + 0x0f, 0x0a, 0x3a, 0xda, 0x68, 0x38, 0x67, 0x5d, + 0x11, 0x77, 0xf8, 0x2f, 0x28, 0x0f, 0x31, 0xe5, + 0x26, 0xf5, 0x88, 0x2a, 0x79, 0x5f, 0xce, 0x55, + 0xe9, 0x71, 0x4c, 0x00, 0x9e, 0xfc, 0x7d, 0x00, + 0x04, 0xb8, 0x89, 0x04, 0xfc, 0x06, 0x38, 0x3f, + 0x9f, 0x0a, 0x80, 0x7f, 0x6b, 0x4c, 0xd2, 0x61, + 0x69, 0x00, 0x7f, 0x9c, 0x7c, 0x9b, 0xab, 0xa6, + 0x9c, 0x71, 0xa9, 0x15, 0x63, 0x4a, 0x03, 0xe8, + 0x96, 0xbb, 0x79, 0x6a, 0x50, 0xa6, 0xd0, 0xdf, + 0x66, 0xf5, 0xc8, 0xfa, 0x22, 0x94, 0xe0, 0x72, + 0xa6, 0x15, 0x94, 0x1e, 0x3b, 0x47, 0x36, 0x8e, + 0xcb, 0x10, 0x15, 0x27, 0x5b, +}; diff --git a/embedded/signature/ecc_vfy_only/ecc_verify.c b/embedded/signature/ecc_vfy_only/ecc_verify.c new file mode 100644 index 000000000..53e072a72 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/ecc_verify.c @@ -0,0 +1,258 @@ +/* ecc_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "signature.h" + + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 + + +int idx_key(int keysize); + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + + +int ecc_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + word32 sig_size; + int key_size; + unsigned char *pKeybuff; + + +/* Variables for Benchmark */ +double start_time, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 1 +#endif + int count; + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; +#ifndef BENCHMARK + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); +#endif + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + +#ifdef BENCHMARK + count = 0; + start_time = current_time(1); + + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start_time ) ){ +#endif + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + + /* Import signature and ecc_key */ + + sig = sig_keys[idx_key(eccKeySz)].sig; + sig_size = sig_keys[idx_key(eccKeySz)].sig_size; + pKeybuff = sig_keys[idx_key(eccKeySz)].pubkey; + key_size = sig_keys[idx_key(eccKeySz)].key_size; + + ret = wc_ecc_import_x963(pKeybuff, key_size, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); + + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + maxSigSz = ECC_MAX_SIG_SIZE; +#ifdef BENCHMARK + count++; + } + + printf("ECC Key Size %d %9.2f Cycles/sec\n", eccKeySz, count/total_time); + +#else + +printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#endif /* BENCHMARK */ + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + return ret; +} + + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); + printf("Running ECC Sign Verify Benchmarks...\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_verify); +#else + return ecc_verify(); +#endif +} + +int idx_key(int keysize){ + switch(keysize){ + case ECC_KEY_SIZE_112: + return 0; + case ECC_KEY_SIZE_128: + return 1; + case ECC_KEY_SIZE_160: + return 2; + case ECC_KEY_SIZE_192: + return 3; + case ECC_KEY_SIZE_224: + return 4; + case ECC_KEY_SIZE_239: + return 5; + case ECC_KEY_SIZE_256: + return 6; + case ECC_KEY_SIZE_320: + return 7; + case ECC_KEY_SIZE_384: + return 8; + case ECC_KEY_SIZE_512: + return 9; + case ECC_KEY_SIZE_521: + return 10; + default: + return -1; + } + +} + diff --git a/embedded/signature/ecc_vfy_only/signature.h b/embedded/signature/ecc_vfy_only/signature.h new file mode 100644 index 000000000..e311cebef --- /dev/null +++ b/embedded/signature/ecc_vfy_only/signature.h @@ -0,0 +1,178 @@ +#include "ecc_pubKey.h" + +byte ecc_signature_112[] = { + 0x30, 0x3e, 0x02, 0x1d, 0x00, 0xdc, 0xef, 0xcc, + 0x1a, 0xe9, 0x97, 0x44, 0xf4, 0x85, 0xad, 0xef, + 0x88, 0x6e, 0x77, 0x2b, 0x27, 0x7b, 0xd5, 0xcd, + 0xfb, 0x47, 0x43, 0x40, 0x1a, 0x53, 0x2f, 0xc4, + 0x0b, 0x02, 0x1d, 0x00, 0x8e, 0x34, 0xbb, 0xf4, + 0x59, 0xef, 0xa0, 0x6b, 0x8c, 0xda, 0x00, 0xca, + 0xcb, 0xb4, 0x75, 0xdb, 0x37, 0x7e, 0x8e, 0xe1, + 0x7a, 0xc2, 0xd5, 0x3c, 0xb5, 0xbc, 0x33, 0xcd, +}; + +byte ecc_signature_128[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x23, 0x41, 0xf0, 0xe2, + 0x0f, 0x72, 0xbb, 0xe0, 0x8b, 0x42, 0xf8, 0xba, + 0xba, 0x81, 0xcb, 0xb2, 0xf9, 0xc6, 0x45, 0x44, + 0xfa, 0x8d, 0x8a, 0x33, 0x8d, 0xea, 0x34, 0xf0, + 0x02, 0x1c, 0x5f, 0x5e, 0x67, 0xad, 0x32, 0xee, + 0x90, 0xf1, 0x40, 0x6d, 0x34, 0x8e, 0x66, 0xd2, + 0x94, 0x1e, 0x28, 0xb3, 0xaa, 0x32, 0x10, 0x46, + 0x1c, 0xf7, 0x58, 0x1b, 0xf7, 0x4b, +}; + +byte ecc_signature_160[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x18, 0x8e, 0xc8, 0x08, + 0xe3, 0x0e, 0xf5, 0x7c, 0xe4, 0x32, 0xc9, 0x5d, + 0xe8, 0xab, 0xb4, 0x3c, 0x99, 0x18, 0xa8, 0x7f, + 0xba, 0x10, 0x49, 0x52, 0x63, 0xc6, 0x52, 0x58, + 0x02, 0x1d, 0x00, 0xc1, 0x5f, 0xe0, 0x17, 0xbb, + 0x16, 0x19, 0x52, 0xed, 0xb1, 0xde, 0x30, 0x1b, + 0x49, 0x87, 0x37, 0x8a, 0x24, 0xf9, 0x11, 0x50, + 0x9f, 0xaf, 0xa5, 0x18, 0x3c, 0xa3, 0x26, +}; + +byte ecc_signature_192[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x09, 0x75, 0x75, 0x9d, + 0xdb, 0x69, 0x5d, 0xba, 0x02, 0x31, 0xb9, 0x44, + 0xc0, 0x22, 0xeb, 0x9c, 0xb3, 0xd0, 0x9a, 0xc3, + 0x59, 0x2b, 0xdf, 0x23, 0x23, 0x46, 0x32, 0x0b, + 0x02, 0x1c, 0x1f, 0x3f, 0x73, 0x55, 0xbc, 0x29, + 0xa7, 0xa9, 0xd8, 0x3a, 0x9c, 0x3b, 0x97, 0x14, + 0xa5, 0x12, 0x10, 0x4e, 0x6f, 0x1c, 0xa3, 0xa8, + 0xee, 0x6e, 0x47, 0x28, 0xf2, 0x36, +}; + +byte ecc_signature_224[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x52, 0x7b, 0x2e, 0xcb, + 0x6a, 0x99, 0x0f, 0x56, 0xdf, 0x9f, 0xdc, 0x14, + 0xe5, 0xe9, 0x5c, 0x95, 0x7f, 0xed, 0x91, 0x1b, + 0x48, 0xb1, 0x31, 0x41, 0xe0, 0xcb, 0x45, 0xc5, + 0x02, 0x1d, 0x00, 0x9c, 0x62, 0xab, 0x1c, 0xb4, + 0xc5, 0x01, 0xea, 0x31, 0x40, 0x6e, 0x45, 0x77, + 0x29, 0xd6, 0x50, 0xc3, 0x52, 0x3c, 0x8c, 0xe6, + 0x7a, 0x38, 0xae, 0x73, 0xd6, 0xf1, 0x95, +}; + +byte ecc_signature_239[] = { + 0x30, 0x40, 0x02, 0x1e, 0x06, 0x22, 0x6e, 0x25, + 0x61, 0x98, 0xaa, 0x01, 0xd8, 0xfa, 0x43, 0x2d, + 0x7e, 0x7e, 0x22, 0x36, 0x1e, 0x7d, 0x7b, 0xcd, + 0xe2, 0x9f, 0x8d, 0x00, 0xa9, 0xd8, 0xf4, 0xbb, + 0x96, 0x27, 0x02, 0x1e, 0x50, 0x18, 0xa2, 0x90, + 0x0b, 0x43, 0x31, 0xab, 0x0d, 0xc8, 0x52, 0x59, + 0x99, 0x7f, 0x31, 0xbc, 0xac, 0xc7, 0x2b, 0x15, + 0x83, 0x7c, 0x19, 0xd6, 0xed, 0x04, 0x16, 0xe0, + 0xb3, 0x29, +}; + +byte ecc_signature_256[] = { + 0x30, 0x44, 0x02, 0x20, 0x14, 0xc7, 0xa9, 0x91, + 0x47, 0xf5, 0x0d, 0x31, 0x5a, 0x05, 0x4d, 0x7b, + 0x49, 0x40, 0x2f, 0x0e, 0x03, 0xc8, 0x61, 0x99, + 0xa4, 0xdf, 0x83, 0x68, 0xcb, 0x9f, 0xa7, 0x7a, + 0xd9, 0xd4, 0x3c, 0x20, 0x02, 0x20, 0x05, 0xa1, + 0x0d, 0xd8, 0xfd, 0x0b, 0x83, 0x4f, 0xcb, 0x0b, + 0x47, 0x60, 0x60, 0x04, 0xa9, 0xe3, 0x57, 0x46, + 0x5b, 0x34, 0x30, 0xb3, 0xc9, 0x9a, 0x8d, 0xd0, + 0x8f, 0xda, 0x9f, 0xb0, 0xb6, 0x86, +}; + +byte ecc_signature_320[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xb5, 0xaf, 0x8d, + 0x19, 0x3e, 0x3c, 0x15, 0x6c, 0xdc, 0x0b, 0xb9, + 0x64, 0x77, 0x60, 0x60, 0xab, 0x55, 0x2a, 0x4f, + 0x99, 0x23, 0x7c, 0x79, 0x2f, 0xf7, 0x6c, 0x86, + 0xfd, 0x81, 0x49, 0x6e, 0x76, 0x02, 0xe7, 0xb4, + 0x55, 0x0e, 0xff, 0xe8, 0x59, 0xd7, 0x10, 0x4c, + 0x6a, 0xd4, 0x4a, 0x4b, 0xad, 0x02, 0x31, 0x00, + 0xc2, 0x41, 0x36, 0x0e, 0x70, 0xeb, 0x2d, 0x30, + 0x22, 0x6d, 0x1d, 0x05, 0xe3, 0x65, 0xcb, 0x3b, + 0x9d, 0x34, 0x4e, 0xe6, 0x9f, 0x3f, 0xf1, 0xc6, + 0x1c, 0x85, 0xbc, 0x23, 0x6b, 0x2c, 0xa5, 0x02, + 0xbe, 0x4f, 0xd0, 0x87, 0x58, 0x54, 0x9f, 0xaf, + 0x4f, 0x6d, 0x31, 0xed, 0xf1, 0x5b, 0x3d, 0xf5, +}; + +byte ecc_signature_384[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xc0, 0x45, + 0x1c, 0x8c, 0x9a, 0xb1, 0x8e, 0xd2, 0xb9, 0xce, + 0xb7, 0x00, 0x77, 0x38, 0xb9, 0x1d, 0x85, 0x77, + 0x7d, 0x3b, 0xff, 0x12, 0x0c, 0x27, 0x2c, 0xe7, + 0x6f, 0xf4, 0x45, 0xb5, 0x4c, 0x74, 0x06, 0x73, + 0x34, 0x95, 0xb8, 0x17, 0x88, 0xfe, 0x7d, 0x93, + 0x30, 0x9b, 0x70, 0x92, 0x24, 0x02, 0x31, 0x00, + 0xca, 0xfd, 0x25, 0x9e, 0xf2, 0xd7, 0x4e, 0xfc, + 0xc6, 0xfc, 0x38, 0x0a, 0xb7, 0x6a, 0xa5, 0x43, + 0x00, 0xa1, 0xc4, 0x94, 0xc9, 0xa3, 0x40, 0xf9, + 0x54, 0x54, 0x68, 0xbe, 0xc8, 0x0c, 0x0e, 0xbb, + 0x9c, 0x75, 0xa7, 0x25, 0xdb, 0x09, 0x30, 0x50, + 0xff, 0xd1, 0x7f, 0x57, 0x24, 0xbe, 0x2a, 0x19, +}; + +byte ecc_signature_512[] = { + 0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xe0, 0x47, + 0xb7, 0x44, 0x33, 0x90, 0xe0, 0x33, 0x1c, 0xd7, + 0x32, 0x67, 0x3d, 0x89, 0xa4, 0x69, 0xee, 0x1a, + 0x0c, 0x10, 0x10, 0xaa, 0x99, 0xf6, 0xb6, 0xde, + 0x59, 0x5c, 0xbb, 0xb1, 0x2a, 0xb0, 0xe9, 0x50, + 0x06, 0x3e, 0x00, 0x24, 0xc1, 0x44, 0x9c, 0x39, + 0xfe, 0x63, 0x7f, 0x42, 0x6e, 0xa4, 0xf7, 0xb8, + 0x70, 0x53, 0x59, 0xda, 0xeb, 0x61, 0xa1, 0x6e, + 0x63, 0xc7, 0x82, 0xa2, 0xbb, 0x0c, 0x5d, 0x02, + 0x42, 0x01, 0x25, 0x5a, 0xac, 0xcc, 0x39, 0x04, + 0x63, 0x37, 0xce, 0x3f, 0xf7, 0x58, 0x98, 0xb2, + 0x62, 0x24, 0x14, 0xd9, 0x0e, 0x8b, 0xfb, 0x6c, + 0xdb, 0x6b, 0x05, 0xa9, 0x25, 0x90, 0xdb, 0x16, + 0x55, 0x78, 0x96, 0x46, 0x47, 0x66, 0xb2, 0x3b, + 0xcf, 0x16, 0x74, 0x40, 0xc0, 0x3c, 0x7a, 0x77, + 0x50, 0xe8, 0xc6, 0xb7, 0x6d, 0x7f, 0x81, 0xf2, + 0xf6, 0xca, 0x5c, 0x29, 0x8b, 0xa5, 0x4d, 0xd0, + 0x23, 0x86, 0x70, +}; + +byte ecc_signature_521[] = { + 0x30, 0x81, 0x87, 0x02, 0x41, 0x26, 0x39, 0x68, + 0xd0, 0x3d, 0xd4, 0x82, 0xe0, 0x53, 0x23, 0x4c, + 0x3c, 0x0e, 0x2f, 0xd8, 0xdb, 0x8c, 0x38, 0x04, + 0x3d, 0x8c, 0x71, 0xcf, 0xd6, 0x9f, 0x46, 0x80, + 0x68, 0x36, 0xe8, 0x23, 0x94, 0xcf, 0xf0, 0x5a, + 0x93, 0xd1, 0xc4, 0xb6, 0x89, 0x4f, 0x8e, 0x7b, + 0xf8, 0x13, 0x69, 0x0c, 0xc2, 0x11, 0xbd, 0x30, + 0x7b, 0x11, 0x0d, 0x60, 0x80, 0xd6, 0xd7, 0x7a, + 0xc3, 0x9f, 0xb2, 0x25, 0x20, 0xa2, 0x02, 0x42, + 0x00, 0xe1, 0x16, 0x64, 0x20, 0x33, 0x98, 0xfd, + 0x6b, 0xd8, 0x91, 0x5a, 0x83, 0xb7, 0x79, 0x82, + 0x7d, 0x39, 0xd6, 0x83, 0x49, 0x13, 0x10, 0x26, + 0x2f, 0x6c, 0x1e, 0x38, 0x10, 0x13, 0xd8, 0xeb, + 0x6f, 0x82, 0xbb, 0x4a, 0xed, 0x6e, 0x53, 0xbb, + 0xc8, 0x7c, 0xba, 0xe9, 0xac, 0xa9, 0xbe, 0xfd, + 0xe7, 0x6b, 0x80, 0x76, 0x6c, 0x1a, 0x31, 0x63, + 0x47, 0x91, 0x01, 0x9e, 0x15, 0x29, 0x1b, 0xea, + 0x3a, 0x69, +}; + + +typedef struct { + byte *sig; + word32 sig_size; + unsigned char *pubkey; + int key_size; +} sig_key; + +sig_key sig_keys[11] = { + {ecc_signature_112, sizeof(ecc_signature_112), ecc_PublicKey_112, sizeof(ecc_PublicKey_112)}, + {ecc_signature_128, sizeof(ecc_signature_128), ecc_PublicKey_128, sizeof(ecc_PublicKey_128)}, + {ecc_signature_160, sizeof(ecc_signature_160), ecc_PublicKey_160, sizeof(ecc_PublicKey_160)}, + {ecc_signature_192, sizeof(ecc_signature_192), ecc_PublicKey_192, sizeof(ecc_PublicKey_192)}, + {ecc_signature_224, sizeof(ecc_signature_224), ecc_PublicKey_224, sizeof(ecc_PublicKey_224)}, + {ecc_signature_239, sizeof(ecc_signature_239), ecc_PublicKey_239, sizeof(ecc_PublicKey_239)}, + {ecc_signature_256, sizeof(ecc_signature_256), ecc_PublicKey_256, sizeof(ecc_PublicKey_256)}, + {ecc_signature_320, sizeof(ecc_signature_320), ecc_PublicKey_320, sizeof(ecc_PublicKey_320)}, + {ecc_signature_384, sizeof(ecc_signature_384), ecc_PublicKey_384, sizeof(ecc_PublicKey_384)}, + {ecc_signature_512, sizeof(ecc_signature_512), ecc_PublicKey_512, sizeof(ecc_PublicKey_512)}, + {ecc_signature_521, sizeof(ecc_signature_521), ecc_PublicKey_521, sizeof(ecc_PublicKey_521)}, +}; + + diff --git a/embedded/signature/ecc_vfy_only/user_settings.h b/embedded/signature/ecc_vfy_only/user_settings.h new file mode 100644 index 000000000..5c81ec9d5 --- /dev/null +++ b/embedded/signature/ecc_vfy_only/user_settings.h @@ -0,0 +1,83 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK +#endif + + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif + + diff --git a/embedded/signature/ecc_vfy_only_nonblock/Makefile b/embedded/signature/ecc_vfy_only_nonblock/Makefile new file mode 100644 index 000000000..83529dde5 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/Makefile @@ -0,0 +1,77 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ=\ + $(WOLFROOT)/wolfcrypt/src/ecc.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +.PHONY: all clean size mem + + +all : ecc_verify_nonblock mem + + + +ecc_verify_nonblock: clean $(OBJ) + $(CC) $(CFLAGS) -o ecc_verify_nonblock ecc_verify_nonblock.c $(OBJ) + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_verify_nonblock_mem ecc_verify_nonblock.c $(OBJ) -lpthread +clean: + rm -f ecc_verify_nonblock ecc_verify_nonblock_mem $(WOLFROOT)/wolfcrypt/src/*.o + +size : + size $(OBJ) ecc_verify_nonblock diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h new file mode 100644 index 000000000..0afe2c9e7 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_pubKey.h @@ -0,0 +1,150 @@ +unsigned char ecc_PublicKey_112[] = { + 0x04, 0x67, 0xa6, 0xdc, 0x12, 0x25, 0xdb, 0x81, + 0x5c, 0x67, 0x7c, 0xbf, 0x55, 0x3b, 0xd9, 0x51, + 0xb1, 0x61, 0xb4, 0x88, 0xb8, 0x6c, 0xa5, 0x4a, + 0xb0, 0xe8, 0x79, 0x15, 0x4a, 0xfc, 0x6f, 0x01, + 0x6b, 0xc0, 0xc5, 0xdd, 0xc2, 0xe3, 0x59, 0xda, + 0x18, 0x82, 0x46, 0xa4, 0x32, 0xb5, 0x6d, 0x3b, + 0xd1, 0x91, 0xcc, 0x19, 0xb7, 0xab, 0x8d, 0x99, + 0xad, +}; + +unsigned char ecc_PublicKey_128[] = { + 0x04, 0x0f, 0x31, 0xea, 0x92, 0x1d, 0x84, 0xcf, + 0xce, 0xe1, 0xe5, 0x0b, 0x13, 0xda, 0xd3, 0xb2, + 0xb0, 0x57, 0x0c, 0x02, 0xdb, 0x50, 0xaa, 0xaa, + 0x65, 0x47, 0x6c, 0x2a, 0x41, 0xd4, 0x01, 0x72, + 0xdb, 0xd3, 0xcf, 0x42, 0x81, 0x7c, 0x05, 0x67, + 0x6e, 0x2a, 0x0a, 0x03, 0x0f, 0x91, 0x2b, 0x3b, + 0xe3, 0x48, 0x87, 0xb3, 0xb3, 0x70, 0x58, 0x17, + 0xed, +}; + +unsigned char ecc_PublicKey_160[] = { + 0x04, 0xf8, 0x93, 0xf7, 0xf7, 0x1f, 0xc6, 0x56, + 0x8c, 0x40, 0x11, 0x14, 0x74, 0xf5, 0x98, 0xa8, + 0x12, 0xc3, 0xba, 0x06, 0x9e, 0x6d, 0xdc, 0x1b, + 0xd3, 0x94, 0x9c, 0xf0, 0xc1, 0x99, 0x4e, 0x83, + 0xe9, 0x42, 0x53, 0xcd, 0x8d, 0x26, 0x5a, 0x01, + 0x4f, 0x82, 0x06, 0x42, 0x83, 0x65, 0x3c, 0x9e, + 0xd5, 0x2d, 0x73, 0x52, 0xbc, 0x49, 0x1b, 0x99, + 0x5c, +}; + +unsigned char ecc_PublicKey_192[] = { + 0x04, 0xf7, 0xea, 0x10, 0xc6, 0x43, 0xba, 0xbb, + 0x21, 0x14, 0x93, 0x11, 0xfe, 0x1a, 0x68, 0x59, + 0x23, 0x71, 0x52, 0xde, 0x47, 0x08, 0x04, 0xd1, + 0x77, 0xe4, 0x6f, 0x1f, 0x48, 0x4e, 0x8b, 0x92, + 0x1a, 0xb9, 0xe9, 0x61, 0xf4, 0x3c, 0x1b, 0xcd, + 0xe7, 0xaf, 0xc8, 0x59, 0x64, 0x9f, 0x80, 0x7e, + 0x4e, 0x72, 0x98, 0x15, 0x18, 0x60, 0x01, 0x77, + 0x8d, +}; + +unsigned char ecc_PublicKey_224[] = { + 0x04, 0xf1, 0x25, 0xec, 0xac, 0x14, 0x47, 0x35, + 0xcf, 0x32, 0x1a, 0xd2, 0x31, 0x60, 0xf6, 0x6b, + 0xb6, 0x8c, 0x02, 0xd1, 0x46, 0xfa, 0xa6, 0xe3, + 0xd9, 0xfd, 0x96, 0xbe, 0x44, 0x79, 0xc8, 0xbb, + 0x0f, 0x41, 0xc6, 0x3d, 0x52, 0xd2, 0x8b, 0xc7, + 0xe1, 0xfb, 0x03, 0x01, 0x07, 0x11, 0xaa, 0xba, + 0xf9, 0x57, 0x90, 0x5f, 0xc2, 0xaf, 0x20, 0xe2, + 0xd7, +}; + +unsigned char ecc_PublicKey_239[] = { + 0x04, 0x01, 0xc2, 0x14, 0xbf, 0x8c, 0x36, 0x9c, + 0x9d, 0xca, 0xb1, 0x20, 0xc8, 0x36, 0x45, 0x37, + 0x79, 0x60, 0x97, 0xe9, 0x57, 0xc3, 0x1e, 0x86, + 0xd1, 0x15, 0xc1, 0x57, 0xf1, 0x78, 0x91, 0x4e, + 0x69, 0x8f, 0xee, 0xf3, 0xb2, 0xcd, 0xae, 0x00, + 0x4e, 0x67, 0x47, 0x61, 0xab, 0xdd, 0x04, 0x79, + 0x0b, 0xf9, 0xeb, 0x4b, 0x70, 0xa3, 0x22, 0xa0, + 0xce, 0xb3, 0xc2, 0xd3, 0xd2, +}; + +unsigned char ecc_PublicKey_256[] = { + 0x04, 0x80, 0xc7, 0xb7, 0x97, 0xe3, 0xc6, 0x63, + 0x34, 0xcc, 0x72, 0x19, 0xb0, 0x3f, 0x4b, 0xe0, + 0x68, 0x3e, 0xba, 0x8c, 0x0e, 0x60, 0xb0, 0xef, + 0xfb, 0x6a, 0xb5, 0x5d, 0xaa, 0xaa, 0x27, 0x3b, + 0x5d, 0x4c, 0x2d, 0x58, 0x0f, 0x96, 0x75, 0xe0, + 0xe7, 0x5a, 0xab, 0xa0, 0xe9, 0x6a, 0x6a, 0x5f, + 0xa7, 0xd7, 0x5d, 0xb1, 0x1a, 0x8b, 0x3b, 0x74, + 0xcd, 0x75, 0x51, 0xa6, 0x89, 0xd4, 0x3d, 0x00, + 0xeb, +}; + +unsigned char ecc_PublicKey_320[] = { + 0x04, 0x5b, 0xf1, 0x32, 0x17, 0xf3, 0x63, 0x82, + 0xfc, 0x1c, 0x93, 0xca, 0x30, 0x7d, 0x22, 0xf6, + 0x97, 0xc9, 0x2d, 0x54, 0x35, 0x11, 0x77, 0x9c, + 0x3f, 0x44, 0x37, 0x9f, 0x8b, 0x82, 0x8d, 0x50, + 0x68, 0x2d, 0x0d, 0x1a, 0x19, 0x6d, 0xfc, 0xac, + 0xde, 0xc1, 0x81, 0x13, 0x90, 0x31, 0xcc, 0x0f, + 0x00, 0xa2, 0xf6, 0x7b, 0xc3, 0x51, 0x05, 0x46, + 0x67, 0xd3, 0x91, 0xb7, 0xaa, 0xdd, 0xb9, 0x87, + 0x03, 0x4e, 0x21, 0xd0, 0xa0, 0xfa, 0x31, 0x93, + 0x04, 0xc8, 0xea, 0xc5, 0x71, 0x4b, 0x0f, 0x98, + 0x4d, 0x16, 0x69, 0xe9, 0xc7, 0xda, 0xff, 0xfa, + 0xe1, 0xf0, 0xa5, 0xdd, 0x36, 0xf2, 0x04, 0x62, + 0xa6, +}; + +unsigned char ecc_PublicKey_384[] = { + 0x04, 0x51, 0xb3, 0x72, 0xda, 0xd2, 0xd7, 0x81, + 0x53, 0xe3, 0x4e, 0xa1, 0x27, 0x9a, 0x91, 0x42, + 0x8a, 0x29, 0x62, 0x7c, 0x8f, 0x49, 0x47, 0x47, + 0x4c, 0x0e, 0x23, 0x09, 0xf5, 0x13, 0x56, 0x08, + 0x2d, 0x54, 0xc3, 0xac, 0x05, 0xc4, 0x1f, 0x16, + 0x27, 0xd0, 0x4c, 0x3b, 0xed, 0xa0, 0x74, 0x62, + 0xe3, 0x1b, 0xa3, 0xd5, 0xf2, 0xf2, 0x5d, 0x6a, + 0x87, 0xa2, 0xf4, 0x09, 0x9a, 0x87, 0xee, 0xab, + 0x20, 0xe7, 0x42, 0xd2, 0x6d, 0x1b, 0x1c, 0x75, + 0x69, 0x46, 0x2e, 0x8c, 0x00, 0xe5, 0xd7, 0xc5, + 0xc4, 0xfb, 0x46, 0xe7, 0xf8, 0xc1, 0x25, 0x7c, + 0x94, 0x30, 0xd0, 0xd5, 0xdb, 0x8d, 0xe3, 0x15, + 0xc8, +}; + +unsigned char ecc_PublicKey_512[] = { + 0x04, 0x01, 0x5c, 0x37, 0xe0, 0x37, 0x3b, 0xad, + 0x8a, 0xfe, 0x3c, 0x52, 0x5d, 0xe7, 0xab, 0x77, + 0x39, 0x67, 0x94, 0x6c, 0x2a, 0x3f, 0xee, 0x95, + 0x19, 0x8d, 0xcc, 0xdc, 0xad, 0x62, 0x50, 0x97, + 0x79, 0xeb, 0xde, 0x70, 0xed, 0x2d, 0x44, 0x8f, + 0xcf, 0x1d, 0x49, 0x46, 0x32, 0x96, 0xe3, 0xb6, + 0xc5, 0x61, 0x4c, 0xfd, 0xcb, 0x65, 0x1f, 0x04, + 0x97, 0x39, 0x54, 0x46, 0xde, 0x54, 0x2f, 0x0a, + 0x51, 0xd5, 0xe6, 0x01, 0x1e, 0x78, 0x20, 0x15, + 0x1c, 0xb3, 0x6f, 0x14, 0x8f, 0x2f, 0x95, 0x9c, + 0x40, 0xea, 0x12, 0x52, 0x5a, 0xce, 0x7c, 0x43, + 0x28, 0x22, 0x31, 0x00, 0xcb, 0xbf, 0x86, 0x56, + 0xdc, 0x72, 0xa4, 0x49, 0x75, 0x80, 0xa4, 0x17, + 0xde, 0xa6, 0xf8, 0x3b, 0x39, 0x88, 0xd0, 0x8b, + 0x4e, 0x44, 0x69, 0x39, 0x7a, 0xcc, 0xcc, 0xc7, + 0x15, 0x1e, 0x6c, 0x76, 0xf2, 0x8d, 0x1b, 0x6c, + 0x64, 0x0a, 0x4c, 0x29, 0x35, +}; + + +unsigned char ecc_PublicKey_521[] = { + 0x04, 0x00, 0xf9, 0x56, 0xfb, 0x6c, 0x5a, 0x3d, + 0xc4, 0xf3, 0xb8, 0x07, 0x19, 0x2f, 0x93, 0x07, + 0x3c, 0x30, 0x7b, 0xd9, 0x9c, 0x11, 0xe8, 0xda, + 0xbe, 0x1b, 0x1b, 0xa3, 0xf2, 0x81, 0xf9, 0xd0, + 0x47, 0x0d, 0x06, 0xa4, 0x47, 0xa0, 0x8b, 0xca, + 0x0f, 0x0a, 0x3a, 0xda, 0x68, 0x38, 0x67, 0x5d, + 0x11, 0x77, 0xf8, 0x2f, 0x28, 0x0f, 0x31, 0xe5, + 0x26, 0xf5, 0x88, 0x2a, 0x79, 0x5f, 0xce, 0x55, + 0xe9, 0x71, 0x4c, 0x00, 0x9e, 0xfc, 0x7d, 0x00, + 0x04, 0xb8, 0x89, 0x04, 0xfc, 0x06, 0x38, 0x3f, + 0x9f, 0x0a, 0x80, 0x7f, 0x6b, 0x4c, 0xd2, 0x61, + 0x69, 0x00, 0x7f, 0x9c, 0x7c, 0x9b, 0xab, 0xa6, + 0x9c, 0x71, 0xa9, 0x15, 0x63, 0x4a, 0x03, 0xe8, + 0x96, 0xbb, 0x79, 0x6a, 0x50, 0xa6, 0xd0, 0xdf, + 0x66, 0xf5, 0xc8, 0xfa, 0x22, 0x94, 0xe0, 0x72, + 0xa6, 0x15, 0x94, 0x1e, 0x3b, 0x47, 0x36, 0x8e, + 0xcb, 0x10, 0x15, 0x27, 0x5b, +}; diff --git a/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c new file mode 100644 index 000000000..8434b8431 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/ecc_verify_nonblock.c @@ -0,0 +1,274 @@ +/* ecc_verify_nonblock.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "signature.h" + + +#define HEAP_HINT NULL +#define ECC_KEY_SIZE_112 112 +#define ECC_KEY_SIZE_128 128 +#define ECC_KEY_SIZE_160 160 +#define ECC_KEY_SIZE_192 192 +#define ECC_KEY_SIZE_224 224 +#define ECC_KEY_SIZE_239 239 +#define ECC_KEY_SIZE_256 256 +#define ECC_KEY_SIZE_320 320 +#define ECC_KEY_SIZE_384 384 +#define ECC_KEY_SIZE_512 512 +#define ECC_KEY_SIZE_521 521 +#define BYTE_SZ 8 + + +int idx_key(int keysize); + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +int do_sig_ver_test(int eccKeySz); + + +int ecc_verify(void) +{ + int ret = 0; +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + ret = do_sig_ver_test(ECC_KEY_SIZE_112); + CHECK_RET(ret, 0, finished, "112 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_128); + CHECK_RET(ret, 0, finished, "128 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_160); + CHECK_RET(ret, 0, finished, "160 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_192); + CHECK_RET(ret, 0, finished, "192 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_224); + CHECK_RET(ret, 0, finished, "224 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_239); + CHECK_RET(ret, 0, finished, "239 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_256); + CHECK_RET(ret, 0, finished, "256 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_320); + CHECK_RET(ret, 0, finished, "320 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_384); + CHECK_RET(ret, 0, finished, "384 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_512); + CHECK_RET(ret, 0, finished, "512 test"); + ret = do_sig_ver_test(ECC_KEY_SIZE_521); + CHECK_RET(ret, 0, finished, "521 test"); + + +finished: +#ifdef DEBUG_MEMORY + printf("\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int do_sig_ver_test(int eccKeySz) +{ + /* sha256 hash of the string "A 32-bit string to test signing" */ + unsigned char hash[32] = { + 0x3b, 0x07, 0x54, 0x5c, 0xfd, 0x4f, 0xb7, 0xb5, + 0xaf, 0xa7, 0x7a, 0x25, 0x33, 0xa5, 0x50, 0x70, + 0x4a, 0x65, 0x3e, 0x72, 0x7e, 0xcd, 0xd4, 0x5b, + 0x1b, 0x36, 0x96, 0x96, 0xca, 0x4f, 0x9b, 0x6f + }; + int ret; + ecc_key key; + byte* sig = NULL; // get rid of this magic number + WC_RNG rng; + int verified = 0; + word32 sig_size; + int key_size; + unsigned char *pKeybuff; + +#ifdef NONBLOCK + ecc_nb_ctx_t nb_ctx; + double total_blk_time; + double pre_returned_t; /* previous recent returned time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ + double blocking_t; /* current blocking time */ + int blk_count; + +#endif + + + + /* + * for odd curve sizes account for mod EG: + * Case 1) curve field of 256: + * (256/8) + (256%8 != 0 ? 1:0) == 32 + 0 = 32 + * + * Case 2) curve field of 521: + * (521/8 = 65.125 (rounds to 65) + (521%8 != 0 ? 1:0) == + 65 + 1 = 66 + * + * Algorithm: (C / B) + (C % B != 0 ? 1:0) + * + * This remainder is a natural result of the calculation: + * Algorithm: (C / (B-1)) / (B) + */ + int byteField = (eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ; + word32 maxSigSz = ECC_MAX_SIG_SIZE; + + printf("Key size is %d, byteField = %d\n", eccKeySz, byteField); + + + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, key_done, "wc_InitRng()"); + + + ret = wc_ecc_init(&key); + CHECK_RET(ret, 0, sig_done, "wc_ecc_init()"); + + + /* Import signature and ecc_key */ + sig = sig_keys[idx_key(eccKeySz)].sig; + sig_size = sig_keys[idx_key(eccKeySz)].sig_size; + pKeybuff = sig_keys[idx_key(eccKeySz)].pubkey; + key_size = sig_keys[idx_key(eccKeySz)].key_size; + + ret = wc_ecc_import_x963(pKeybuff, key_size, &key); + CHECK_RET(ret, 0, rng_done, "wc_ecc_import_x963()"); + + +#ifdef NONBLOCK + ret = wc_ecc_set_nonblock(&key, &nb_ctx); + CHECK_RET(ret, 0, rng_done, "wc_ecc_set_nonblock()"); + + blk_count = 0; + pre_returned_t = current_time(1); + + do { + + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (ret == FP_WOULDBLOCK); + +#else + ret = wc_ecc_verify_hash(sig, sig_size, hash, sizeof(hash), + &verified, &key); +#endif /* NONBLOCK */ + + CHECK_RET(ret, 0, rng_done, "wc_ecc_verify_hash()"); + CHECK_RET(verified, 1, rng_done, "verification check"); + verified = 0; + + + printf("Successfully verified signature w/ ecc key size %d!\n", eccKeySz); + +#ifdef NONBLOCK + if (eccKeySz >= ECC_KEY_SIZE_256){ + printf("Non-blocking:\n"); + printf(" Total time: %.2f micro sec, Bloking count: %d\n",\ + 1000*1000*total_blk_time, blk_count); + printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + + } +#endif /* NONBLOCK */ + + +rng_done: + wc_FreeRng(&rng); +key_done: + wc_ecc_free(&key); +sig_done: + return ret; +} + + + + +int main(){ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)ecc_verify); +#else + return ecc_verify(); +#endif +} + +int idx_key(int keysize){ + switch(keysize){ + case ECC_KEY_SIZE_112: + return 0; + case ECC_KEY_SIZE_128: + return 1; + case ECC_KEY_SIZE_160: + return 2; + case ECC_KEY_SIZE_192: + return 3; + case ECC_KEY_SIZE_224: + return 4; + case ECC_KEY_SIZE_239: + return 5; + case ECC_KEY_SIZE_256: + return 6; + case ECC_KEY_SIZE_320: + return 7; + case ECC_KEY_SIZE_384: + return 8; + case ECC_KEY_SIZE_512: + return 9; + case ECC_KEY_SIZE_521: + return 10; + default: + return -1; + } + +} + diff --git a/embedded/signature/ecc_vfy_only_nonblock/signature.h b/embedded/signature/ecc_vfy_only_nonblock/signature.h new file mode 100644 index 000000000..e311cebef --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/signature.h @@ -0,0 +1,178 @@ +#include "ecc_pubKey.h" + +byte ecc_signature_112[] = { + 0x30, 0x3e, 0x02, 0x1d, 0x00, 0xdc, 0xef, 0xcc, + 0x1a, 0xe9, 0x97, 0x44, 0xf4, 0x85, 0xad, 0xef, + 0x88, 0x6e, 0x77, 0x2b, 0x27, 0x7b, 0xd5, 0xcd, + 0xfb, 0x47, 0x43, 0x40, 0x1a, 0x53, 0x2f, 0xc4, + 0x0b, 0x02, 0x1d, 0x00, 0x8e, 0x34, 0xbb, 0xf4, + 0x59, 0xef, 0xa0, 0x6b, 0x8c, 0xda, 0x00, 0xca, + 0xcb, 0xb4, 0x75, 0xdb, 0x37, 0x7e, 0x8e, 0xe1, + 0x7a, 0xc2, 0xd5, 0x3c, 0xb5, 0xbc, 0x33, 0xcd, +}; + +byte ecc_signature_128[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x23, 0x41, 0xf0, 0xe2, + 0x0f, 0x72, 0xbb, 0xe0, 0x8b, 0x42, 0xf8, 0xba, + 0xba, 0x81, 0xcb, 0xb2, 0xf9, 0xc6, 0x45, 0x44, + 0xfa, 0x8d, 0x8a, 0x33, 0x8d, 0xea, 0x34, 0xf0, + 0x02, 0x1c, 0x5f, 0x5e, 0x67, 0xad, 0x32, 0xee, + 0x90, 0xf1, 0x40, 0x6d, 0x34, 0x8e, 0x66, 0xd2, + 0x94, 0x1e, 0x28, 0xb3, 0xaa, 0x32, 0x10, 0x46, + 0x1c, 0xf7, 0x58, 0x1b, 0xf7, 0x4b, +}; + +byte ecc_signature_160[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x18, 0x8e, 0xc8, 0x08, + 0xe3, 0x0e, 0xf5, 0x7c, 0xe4, 0x32, 0xc9, 0x5d, + 0xe8, 0xab, 0xb4, 0x3c, 0x99, 0x18, 0xa8, 0x7f, + 0xba, 0x10, 0x49, 0x52, 0x63, 0xc6, 0x52, 0x58, + 0x02, 0x1d, 0x00, 0xc1, 0x5f, 0xe0, 0x17, 0xbb, + 0x16, 0x19, 0x52, 0xed, 0xb1, 0xde, 0x30, 0x1b, + 0x49, 0x87, 0x37, 0x8a, 0x24, 0xf9, 0x11, 0x50, + 0x9f, 0xaf, 0xa5, 0x18, 0x3c, 0xa3, 0x26, +}; + +byte ecc_signature_192[] = { + 0x30, 0x3c, 0x02, 0x1c, 0x09, 0x75, 0x75, 0x9d, + 0xdb, 0x69, 0x5d, 0xba, 0x02, 0x31, 0xb9, 0x44, + 0xc0, 0x22, 0xeb, 0x9c, 0xb3, 0xd0, 0x9a, 0xc3, + 0x59, 0x2b, 0xdf, 0x23, 0x23, 0x46, 0x32, 0x0b, + 0x02, 0x1c, 0x1f, 0x3f, 0x73, 0x55, 0xbc, 0x29, + 0xa7, 0xa9, 0xd8, 0x3a, 0x9c, 0x3b, 0x97, 0x14, + 0xa5, 0x12, 0x10, 0x4e, 0x6f, 0x1c, 0xa3, 0xa8, + 0xee, 0x6e, 0x47, 0x28, 0xf2, 0x36, +}; + +byte ecc_signature_224[] = { + 0x30, 0x3d, 0x02, 0x1c, 0x52, 0x7b, 0x2e, 0xcb, + 0x6a, 0x99, 0x0f, 0x56, 0xdf, 0x9f, 0xdc, 0x14, + 0xe5, 0xe9, 0x5c, 0x95, 0x7f, 0xed, 0x91, 0x1b, + 0x48, 0xb1, 0x31, 0x41, 0xe0, 0xcb, 0x45, 0xc5, + 0x02, 0x1d, 0x00, 0x9c, 0x62, 0xab, 0x1c, 0xb4, + 0xc5, 0x01, 0xea, 0x31, 0x40, 0x6e, 0x45, 0x77, + 0x29, 0xd6, 0x50, 0xc3, 0x52, 0x3c, 0x8c, 0xe6, + 0x7a, 0x38, 0xae, 0x73, 0xd6, 0xf1, 0x95, +}; + +byte ecc_signature_239[] = { + 0x30, 0x40, 0x02, 0x1e, 0x06, 0x22, 0x6e, 0x25, + 0x61, 0x98, 0xaa, 0x01, 0xd8, 0xfa, 0x43, 0x2d, + 0x7e, 0x7e, 0x22, 0x36, 0x1e, 0x7d, 0x7b, 0xcd, + 0xe2, 0x9f, 0x8d, 0x00, 0xa9, 0xd8, 0xf4, 0xbb, + 0x96, 0x27, 0x02, 0x1e, 0x50, 0x18, 0xa2, 0x90, + 0x0b, 0x43, 0x31, 0xab, 0x0d, 0xc8, 0x52, 0x59, + 0x99, 0x7f, 0x31, 0xbc, 0xac, 0xc7, 0x2b, 0x15, + 0x83, 0x7c, 0x19, 0xd6, 0xed, 0x04, 0x16, 0xe0, + 0xb3, 0x29, +}; + +byte ecc_signature_256[] = { + 0x30, 0x44, 0x02, 0x20, 0x14, 0xc7, 0xa9, 0x91, + 0x47, 0xf5, 0x0d, 0x31, 0x5a, 0x05, 0x4d, 0x7b, + 0x49, 0x40, 0x2f, 0x0e, 0x03, 0xc8, 0x61, 0x99, + 0xa4, 0xdf, 0x83, 0x68, 0xcb, 0x9f, 0xa7, 0x7a, + 0xd9, 0xd4, 0x3c, 0x20, 0x02, 0x20, 0x05, 0xa1, + 0x0d, 0xd8, 0xfd, 0x0b, 0x83, 0x4f, 0xcb, 0x0b, + 0x47, 0x60, 0x60, 0x04, 0xa9, 0xe3, 0x57, 0x46, + 0x5b, 0x34, 0x30, 0xb3, 0xc9, 0x9a, 0x8d, 0xd0, + 0x8f, 0xda, 0x9f, 0xb0, 0xb6, 0x86, +}; + +byte ecc_signature_320[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xb5, 0xaf, 0x8d, + 0x19, 0x3e, 0x3c, 0x15, 0x6c, 0xdc, 0x0b, 0xb9, + 0x64, 0x77, 0x60, 0x60, 0xab, 0x55, 0x2a, 0x4f, + 0x99, 0x23, 0x7c, 0x79, 0x2f, 0xf7, 0x6c, 0x86, + 0xfd, 0x81, 0x49, 0x6e, 0x76, 0x02, 0xe7, 0xb4, + 0x55, 0x0e, 0xff, 0xe8, 0x59, 0xd7, 0x10, 0x4c, + 0x6a, 0xd4, 0x4a, 0x4b, 0xad, 0x02, 0x31, 0x00, + 0xc2, 0x41, 0x36, 0x0e, 0x70, 0xeb, 0x2d, 0x30, + 0x22, 0x6d, 0x1d, 0x05, 0xe3, 0x65, 0xcb, 0x3b, + 0x9d, 0x34, 0x4e, 0xe6, 0x9f, 0x3f, 0xf1, 0xc6, + 0x1c, 0x85, 0xbc, 0x23, 0x6b, 0x2c, 0xa5, 0x02, + 0xbe, 0x4f, 0xd0, 0x87, 0x58, 0x54, 0x9f, 0xaf, + 0x4f, 0x6d, 0x31, 0xed, 0xf1, 0x5b, 0x3d, 0xf5, +}; + +byte ecc_signature_384[] = { + 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xc0, 0x45, + 0x1c, 0x8c, 0x9a, 0xb1, 0x8e, 0xd2, 0xb9, 0xce, + 0xb7, 0x00, 0x77, 0x38, 0xb9, 0x1d, 0x85, 0x77, + 0x7d, 0x3b, 0xff, 0x12, 0x0c, 0x27, 0x2c, 0xe7, + 0x6f, 0xf4, 0x45, 0xb5, 0x4c, 0x74, 0x06, 0x73, + 0x34, 0x95, 0xb8, 0x17, 0x88, 0xfe, 0x7d, 0x93, + 0x30, 0x9b, 0x70, 0x92, 0x24, 0x02, 0x31, 0x00, + 0xca, 0xfd, 0x25, 0x9e, 0xf2, 0xd7, 0x4e, 0xfc, + 0xc6, 0xfc, 0x38, 0x0a, 0xb7, 0x6a, 0xa5, 0x43, + 0x00, 0xa1, 0xc4, 0x94, 0xc9, 0xa3, 0x40, 0xf9, + 0x54, 0x54, 0x68, 0xbe, 0xc8, 0x0c, 0x0e, 0xbb, + 0x9c, 0x75, 0xa7, 0x25, 0xdb, 0x09, 0x30, 0x50, + 0xff, 0xd1, 0x7f, 0x57, 0x24, 0xbe, 0x2a, 0x19, +}; + +byte ecc_signature_512[] = { + 0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xe0, 0x47, + 0xb7, 0x44, 0x33, 0x90, 0xe0, 0x33, 0x1c, 0xd7, + 0x32, 0x67, 0x3d, 0x89, 0xa4, 0x69, 0xee, 0x1a, + 0x0c, 0x10, 0x10, 0xaa, 0x99, 0xf6, 0xb6, 0xde, + 0x59, 0x5c, 0xbb, 0xb1, 0x2a, 0xb0, 0xe9, 0x50, + 0x06, 0x3e, 0x00, 0x24, 0xc1, 0x44, 0x9c, 0x39, + 0xfe, 0x63, 0x7f, 0x42, 0x6e, 0xa4, 0xf7, 0xb8, + 0x70, 0x53, 0x59, 0xda, 0xeb, 0x61, 0xa1, 0x6e, + 0x63, 0xc7, 0x82, 0xa2, 0xbb, 0x0c, 0x5d, 0x02, + 0x42, 0x01, 0x25, 0x5a, 0xac, 0xcc, 0x39, 0x04, + 0x63, 0x37, 0xce, 0x3f, 0xf7, 0x58, 0x98, 0xb2, + 0x62, 0x24, 0x14, 0xd9, 0x0e, 0x8b, 0xfb, 0x6c, + 0xdb, 0x6b, 0x05, 0xa9, 0x25, 0x90, 0xdb, 0x16, + 0x55, 0x78, 0x96, 0x46, 0x47, 0x66, 0xb2, 0x3b, + 0xcf, 0x16, 0x74, 0x40, 0xc0, 0x3c, 0x7a, 0x77, + 0x50, 0xe8, 0xc6, 0xb7, 0x6d, 0x7f, 0x81, 0xf2, + 0xf6, 0xca, 0x5c, 0x29, 0x8b, 0xa5, 0x4d, 0xd0, + 0x23, 0x86, 0x70, +}; + +byte ecc_signature_521[] = { + 0x30, 0x81, 0x87, 0x02, 0x41, 0x26, 0x39, 0x68, + 0xd0, 0x3d, 0xd4, 0x82, 0xe0, 0x53, 0x23, 0x4c, + 0x3c, 0x0e, 0x2f, 0xd8, 0xdb, 0x8c, 0x38, 0x04, + 0x3d, 0x8c, 0x71, 0xcf, 0xd6, 0x9f, 0x46, 0x80, + 0x68, 0x36, 0xe8, 0x23, 0x94, 0xcf, 0xf0, 0x5a, + 0x93, 0xd1, 0xc4, 0xb6, 0x89, 0x4f, 0x8e, 0x7b, + 0xf8, 0x13, 0x69, 0x0c, 0xc2, 0x11, 0xbd, 0x30, + 0x7b, 0x11, 0x0d, 0x60, 0x80, 0xd6, 0xd7, 0x7a, + 0xc3, 0x9f, 0xb2, 0x25, 0x20, 0xa2, 0x02, 0x42, + 0x00, 0xe1, 0x16, 0x64, 0x20, 0x33, 0x98, 0xfd, + 0x6b, 0xd8, 0x91, 0x5a, 0x83, 0xb7, 0x79, 0x82, + 0x7d, 0x39, 0xd6, 0x83, 0x49, 0x13, 0x10, 0x26, + 0x2f, 0x6c, 0x1e, 0x38, 0x10, 0x13, 0xd8, 0xeb, + 0x6f, 0x82, 0xbb, 0x4a, 0xed, 0x6e, 0x53, 0xbb, + 0xc8, 0x7c, 0xba, 0xe9, 0xac, 0xa9, 0xbe, 0xfd, + 0xe7, 0x6b, 0x80, 0x76, 0x6c, 0x1a, 0x31, 0x63, + 0x47, 0x91, 0x01, 0x9e, 0x15, 0x29, 0x1b, 0xea, + 0x3a, 0x69, +}; + + +typedef struct { + byte *sig; + word32 sig_size; + unsigned char *pubkey; + int key_size; +} sig_key; + +sig_key sig_keys[11] = { + {ecc_signature_112, sizeof(ecc_signature_112), ecc_PublicKey_112, sizeof(ecc_PublicKey_112)}, + {ecc_signature_128, sizeof(ecc_signature_128), ecc_PublicKey_128, sizeof(ecc_PublicKey_128)}, + {ecc_signature_160, sizeof(ecc_signature_160), ecc_PublicKey_160, sizeof(ecc_PublicKey_160)}, + {ecc_signature_192, sizeof(ecc_signature_192), ecc_PublicKey_192, sizeof(ecc_PublicKey_192)}, + {ecc_signature_224, sizeof(ecc_signature_224), ecc_PublicKey_224, sizeof(ecc_PublicKey_224)}, + {ecc_signature_239, sizeof(ecc_signature_239), ecc_PublicKey_239, sizeof(ecc_PublicKey_239)}, + {ecc_signature_256, sizeof(ecc_signature_256), ecc_PublicKey_256, sizeof(ecc_PublicKey_256)}, + {ecc_signature_320, sizeof(ecc_signature_320), ecc_PublicKey_320, sizeof(ecc_PublicKey_320)}, + {ecc_signature_384, sizeof(ecc_signature_384), ecc_PublicKey_384, sizeof(ecc_PublicKey_384)}, + {ecc_signature_512, sizeof(ecc_signature_512), ecc_PublicKey_512, sizeof(ecc_PublicKey_512)}, + {ecc_signature_521, sizeof(ecc_signature_521), ecc_PublicKey_521, sizeof(ecc_PublicKey_521)}, +}; + + diff --git a/embedded/signature/ecc_vfy_only_nonblock/user_settings.h b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h new file mode 100644 index 000000000..c7d29c701 --- /dev/null +++ b/embedded/signature/ecc_vfy_only_nonblock/user_settings.h @@ -0,0 +1,91 @@ +#define WOLFCRYPT_ONLY +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define NO_RSA +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + +/* ecc */ +#define HAVE_ECC +#define HAVE_ALL_CURVES + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT + #undef BENCHMARK +#endif + + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_ECC + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif + + + + +#define NONBLOCK +#ifdef NONBLOCK + #define WC_ECC_NONBLOCK + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC +#endif + +#define WOLFSSL_SP_384 +#define WOLFSSL_SP_521 diff --git a/embedded/signature/rsa_buffer/Makefile b/embedded/signature/rsa_buffer/Makefile index 09825debc..0e30e51e2 100644 --- a/embedded/signature/rsa_buffer/Makefile +++ b/embedded/signature/rsa_buffer/Makefile @@ -1,5 +1,5 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl -# EX_CFLAGS CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) @@ -63,9 +63,9 @@ endif all: verify sign bench mem verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) sign: clean $(OBJ) - $(CC) $(CFLAGS) -o sign sign.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o sign sign.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread mem: clean $(OBJ) diff --git a/embedded/signature/rsa_buffer/rsa_priv_2048.h b/embedded/signature/rsa_buffer/rsa_priv_2048.h index 8c4242271..d859fd1c3 100644 --- a/embedded/signature/rsa_buffer/rsa_priv_2048.h +++ b/embedded/signature/rsa_buffer/rsa_priv_2048.h @@ -1,6 +1,6 @@ /* rsa_priv_2048.h * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/rsa_pub_2048.h b/embedded/signature/rsa_buffer/rsa_pub_2048.h index 0d5a3b672..2df0fa670 100644 --- a/embedded/signature/rsa_buffer/rsa_pub_2048.h +++ b/embedded/signature/rsa_buffer/rsa_pub_2048.h @@ -1,6 +1,6 @@ /* rsa_pub_2048.h * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/sign.c b/embedded/signature/rsa_buffer/sign.c index 847f6db78..3a2d37274 100644 --- a/embedded/signature/rsa_buffer/sign.c +++ b/embedded/signature/rsa_buffer/sign.c @@ -1,6 +1,6 @@ /* sign.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_buffer/user_settings.h b/embedded/signature/rsa_buffer/user_settings.h index cb94fedfa..df714dd8d 100644 --- a/embedded/signature/rsa_buffer/user_settings.h +++ b/embedded/signature/rsa_buffer/user_settings.h @@ -75,3 +75,5 @@ #ifdef BENCHMARK #undef DEBUG_MEMORY #endif + + diff --git a/embedded/signature/rsa_buffer/verify.c b/embedded/signature/rsa_buffer/verify.c index b2e75655a..3ccab5eed 100644 --- a/embedded/signature/rsa_buffer/verify.c +++ b/embedded/signature/rsa_buffer/verify.c @@ -1,6 +1,6 @@ -/* rsa_pub_2048.h +/* verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,11 +57,16 @@ int verify() word32 decSigLen = 0; /* Variables for benchmark */ +#ifdef BENCHMARK double start, total_time; #ifndef BENCH_TIME_SEC #define BENCH_TIME_SEC 3 #endif int count; +#endif + + + #ifdef DEBUG_MEMORY wolfCrypt_Init(); @@ -99,9 +104,10 @@ int verify() count = 0; printf("Running benchmark...\n"); printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); - start = current_time(0);// 1 0 + start = current_time(0); while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ #endif + /* Verify the signature by decrypting the value. */ if (ret == 0) { decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), @@ -109,6 +115,7 @@ int verify() if ((int)decSigLen < 0) ret = (int)decSigLen; } + /* Check the decrypted result matches the encoded digest. */ if (ret == 0 && encSigLen != decSigLen) ret = -1; @@ -127,9 +134,10 @@ int verify() printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); printf("Finished Benchmark \n"); #else - printf("Verified\n"); + printf("Verified!\n"); #endif + finish: /* Free the data structures */ if (pRsaKey != NULL) diff --git a/embedded/signature/rsa_sign_verify/Makefile b/embedded/signature/rsa_sign_verify/Makefile new file mode 100644 index 000000000..221279fd8 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/Makefile @@ -0,0 +1,79 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean size mem bench + +ifeq ($(math) $(arch),sp x64) +ASFLAGS+= -DSP_X86_64_FLAG +CFLAGS += -DSP_X86_64_FLAG +OBJ += $(OBJ_SP_X86_64) +else ifeq ($(math) $(arch),sp arm64) +CFLAGS += -DSP_ARM64_FLAG +OBJ += $(OBJ_SP_ARM64) +else ifeq ($(math) $(arch),sp c64) +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +else ifeq ($(math) $(arch),sp c32) +CFLAGS += -DSP_C32_FLAG +OBJ += $(OBJ_SP_C32) +else ifeq ($(math), tfm) +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) +else +CFLAGS += -DSP_C64_FLAG +OBJ += $(OBJ_SP_C64) +endif + +all: rsa_sign_verify bench mem +rsa_sign_verify: clean $(OBJ) + $(CC) $(CFLAGS) -o rsa_sign_verify rsa_sign_verify.c $(OBJ) + +bench: clean $(OBJ) + $(CC) $(CFLAGS) -DBENCHMARK -o rsa_sign_verify_bench rsa_sign_verify.c $(OBJ) -lpthread +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_mem rsa_sign_verify.c $(OBJ) -lpthread + +nonblock: CFLAGS += -DNONBLOCK +nonblock: clean $(OBJ) + $(CC) -DNONBLOCK $(CFLAGS) -DDEBUG_MEMORY -o rsa_sign_verify_nonblock rsa_sign_verify_nonblock.c $(OBJ) -lpthread + +clean: + rm -f rsa_sign_verify rsa_sign_verify_bench rsa_sign_verify_mem rsa_sign_verify_nonblock $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) sign verify diff --git a/embedded/signature/rsa_sign_verify/README.md b/embedded/signature/rsa_sign_verify/README.md new file mode 100644 index 000000000..0357e7ea6 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/README.md @@ -0,0 +1,106 @@ +# RSA Signature Test Example + +### PKCS#1.5 and PSS +To switch from PKCS#1.5 to PSS, `#define PSS_PADDING` in user_settings.h + +Demonstrates using a hash digest to sign and verify a signature using RSA + +First, set the path to wolfssl directory to variable WOLFROOT in Makefile. + +## Building + +### Build example + +``` +make +``` + +### Usage +``` +./verify +``` + +``` +./sign +``` + +# Signature verification Benchmark + +You can generate benchmark program to compare the speed of signature verification between TFM and SP +### SP +Faster math library + +If you build for x86_64 system: +``` +make bench math=sp arch=x64 +``` +else if Aarch64 system: +``` +make bench math=sp arch=arm64 +``` +then a benchmark program is generated. +### TFM + +``` +make bench math=tfm +``` +NOTE: When using TFM, No Architecture specification is required. +## Example Output +- built with the option `math=sp arch=arm64` +``` +./verify_bench +--------------------------------------------------------------- +Enabled WOLFSSL_SP_ARM64 +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 236782 times, 78927.31 Cycles/sec +Finished Benchmark +``` + + +- built with the option `math=tfm` +``` +./verify_bench +--------------------------------------------------------------- +Enabled TFM +--------------------------------------------------------------- +Running benchmark... +Please Wait 3.00 seconds +Takes 3.00 Sec for 76860 times, 25619.98 Cycles/sec +Finished Benchmark +``` + +# Tracking memory +To see a stack and heap memory usage + +``` +make mem +``` +## Example Output +``` +./verify_mem +Verified +total Allocs = 0 +total Deallocs = 0 +total Bytes = 0 +peak Bytes = 0 +current Bytes = 0 +stack used = 12392 +``` + + +# Non-blocking + +- RSA non-blocking mode only supported using TFM. + +To make Non-blocking RSA, +``` +make nonblock math=tfm +``` +then `rsa_sign_verify_nonblock` is generated. + +Best wishes in all your testing! + +- The wolfSSL Team + diff --git a/embedded/signature/rsa_sign_verify/rsa_priv_2048.h b/embedded/signature/rsa_sign_verify/rsa_priv_2048.h new file mode 100644 index 000000000..d859fd1c3 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_priv_2048.h @@ -0,0 +1,151 @@ +/* rsa_priv_2048.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit private key. + * It is the private counterpart to "rsa_pub_2048.h" + */ + +/* RSA private key to sign with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char private_key_2048[] = { + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + diff --git a/embedded/signature/rsa_sign_verify/rsa_pub_2048.h b/embedded/signature/rsa_sign_verify/rsa_pub_2048.h new file mode 100644 index 000000000..2df0fa670 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_pub_2048.h @@ -0,0 +1,68 @@ +/* rsa_pub_2048.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file contains an RSA 2048-bit public key. + * It is the public counterpart to "rsa_priv_2048.h" + */ + +/* RSA public key to verify with. + * Key is PKCS#1 formatted and DER encoded. + */ +static const unsigned char public_key_2048[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, + 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, + 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, + 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, + 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, + 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, + 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, + 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, + 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, + 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, + 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, + 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, + 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, + 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, + 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, + 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, + 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, + 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, + 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, + 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, + 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, + 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, + 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, + 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c new file mode 100644 index 000000000..ef2f5fa38 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify.c @@ -0,0 +1,287 @@ +/* rsa_sign_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of signing and verifying an RSA signature. + * The signature can be PKCS#1.5 formatted and PSS formatted. + * + * - PKCS#1.5 + * 1. hash -> encSig + * 2. encSig -> signature + * 3. signature -> decSig + * + * - PSS + * 1. hash -> signature + * 2. signature -> decSig + * + * PKCS#1.5 is used for the Signature by default. + * To turning on PSS, define PSS_PADDING + */ + +#include +#include +#include +#include +#include +#include +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* RSA Key size bits */ +#define RSA_KEY_SIZE 2048 + + + + + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +/* Variables to be used in both sign() and verify() */ +byte msg[] = "This is a message."; +byte hash[WC_SHA256_DIGEST_SIZE]; +byte signature[ RSA_KEY_SIZE / 8]; +word32 sigLen; +byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; +word32 encSigLen = 0; +byte decSig[ RSA_KEY_SIZE / 8]; +word32 decSigLen; + +RsaKey key; +RsaKey* pKey = NULL; + + +int sign(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + + int ret = 0; + wc_Sha256 sha256; + wc_Sha256* pSha256 = NULL; + WC_RNG rng; + WC_RNG* pRng; + long e = 65537; /* standard value to use for exponent */ + + /* Calculate SHA-256 digest of message */ + ret = wc_InitSha256(&sha256); + CHECK_RET(ret, 0, finish, "wc_InitSha256()"); + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + CHECK_RET(ret, 0, finish, "wc_Sha256Update()"); + ret = wc_Sha256Final(&sha256, hash); + CHECK_RET(ret, 0, finish, "wc_Sha256Final()"); + + + /* Initialize the RSA key. */ + ret = wc_InitRsaKey(&key, NULL); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pKey = &key; + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pRng = &rng; +#if defined(WC_RSA_BLINDING) || defined(PSS_PADDING) + ret = wc_RsaSetRNG(&key, &rng); + CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); +#endif + /* Generate 2048-bit RSA key*/ + ret = wc_MakeRsaKey(&key, RSA_KEY_SIZE, e, &rng); + CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); + +#ifdef PSS_PADDING + sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ + , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); + +#else /* PKCS#1.5 */ + sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ + &key, NULL); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); + +#endif + + +/* Generated Rsakey must be released in verify() */ +finish: + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + if (pRng != NULL) + wc_FreeRng(pRng); + +#if defined(DEBUG_MEMORY) + printf("Memory usage : sign() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + + return ret; +} + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + + int ret = 0; +/* Variables for benchmark */ +#ifdef BENCHMARK + double start, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 3 +#endif + int count; +#endif + +/* Check the RSA Key */ + if (pKey == NULL){ + printf("RSA Key is NULL in verify()\n"); + return -1; + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0); + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + + /* Verify the signature by decrypting the value. */ + + #ifdef PSS_PADDING + decSigLen = wc_RsaPSS_VerifyCheck(signature, sizeof(signature), + decSig, sizeof(decSig), hash, sizeof(hash), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_VerifyCheck()"); + + #else /* PKCS#1.5 */ + decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), + decSig, sizeof(decSig), &key); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + + #endif + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#elif defined(DEBUG_MEMORY) + +#else + printf("Verified!\n"); +#endif + + +finish: + if (pKey != NULL) + wc_FreeRsaKey(pKey); + +#ifdef DEBUG_MEMORY + printf("\n"); + printf("Memory usage : verify() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + + + +int main(){ + int ret = 0; +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)sign); +#else + ret = sign(); +#endif + +/* Check the return value of sign() */ + if(ret != 0) + return ret; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)verify); +#else + ret = verify(); +#endif + return ret; +} diff --git a/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c new file mode 100644 index 000000000..a458ef2b9 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/rsa_sign_verify_nonblock.c @@ -0,0 +1,286 @@ +/* rsa_sign_verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of signing and verifying an RSA signature. + * The signature can be PKCS#1.5 formatted and PSS formatted. + * + * - PKCS#1.5 + * 1. hash -> encSig + * 2. encSig -> signature + * 3. signature -> decSig + * + * - PSS + * 1. hash -> signature + * 2. signature -> decSig + * + * PKCS#1.5 is used for the Signature by default. + * To turning on PSS, define PSS_PADDING + */ + +#include +#include +#include +#include +#include +#include +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* RSA Key size bits */ +#define RSA_KEY_SIZE 2048 + +#define CHECK_RET(a, b, eLabel, msg) { \ + if (a != b) { \ + printf("failed %s\n", msg); \ + printf("ret = %d\n", a); \ + goto eLabel; \ + } \ + } + +#ifndef NONBLOCK + #define NONBLOCK +#endif + +/* Variables to be used in both sign() and verify() */ +byte msg[] = "This is a message."; +byte hash[WC_SHA256_DIGEST_SIZE]; +byte signature[ RSA_KEY_SIZE / 8]; +word32 sigLen; +byte encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; +word32 encSigLen = 0; +byte decSig[ RSA_KEY_SIZE / 8]; +word32 decSigLen; + +RsaKey key; +RsaKey* pKey = NULL; + + +/* Variables for non-blocking RSA */ +RsaNb nb_ctx; +double total_blk_time; +double pre_returned_t; /* previous recent returned time */ +double returned_t; /* most recent returned time */ +double max_t = -1.0; /* Maximum blocking time */ +double min_t = __DBL_MAX__; /* Minimum blocking time */ +double blocking_t; /* current blocking time */ +int blk_count; + + +int sign(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + int ret = 0; + wc_Sha256 sha256; + wc_Sha256* pSha256 = NULL; + WC_RNG rng; + WC_RNG* pRng; + long e = 65537; /* standard value to use for exponent */ + + + /* Calculate SHA-256 digest of message */ + ret = wc_InitSha256(&sha256); + CHECK_RET(ret, 0, finish, "wc_InitSha256()"); + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + CHECK_RET(ret, 0, finish, "wc_Sha256Update()"); + ret = wc_Sha256Final(&sha256, hash); + CHECK_RET(ret, 0, finish, "wc_Sha256Final()"); + + /* Initialize the RSA key. */ + ret = wc_InitRsaKey(&key, NULL); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pKey = &key; + + ret = wc_InitRng(&rng); + CHECK_RET(ret, 0, finish, "wc_InitRng()"); + pRng = &rng; +#if defined(WC_RSA_BLINDING) || defined(PSS_PADDING) + ret = wc_RsaSetRNG(&key, &rng); + CHECK_RET(ret, 0, finish, "wc_RsaSetRNG()"); +#endif + + + /* Generate 2048-bit RSA key*/ + ret = wc_MakeRsaKey(&key, 2048, e, &rng); + CHECK_RET(ret, 0, finish, "wc_MakeRsaKey()"); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + encSigLen = wc_EncodeSignature(encSig, hash, sizeof(hash), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + CHECK_RET(ret, 0, finish, "wc_EncodeSignature()"); + +#ifdef PSS_PADDING + sigLen = wc_RsaPSS_Sign(hash, sizeof(hash), signature, sizeof(signature)\ + , WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Sign()"); + +#else /* PKCS#1.5 */ + sigLen = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature),\ + &key, &rng); + if ((int)sigLen < 0) + ret = (int)sigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Sign()"); + +#endif + + +finish: + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + if (pRng != NULL) + wc_FreeRng(pRng); +#if defined(DEBUG_MEMORY) + printf("Memory usage : sign() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int verify_nonblock(){ + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + int ret = 0; + + + + /* Verify the signature by decrypting the value with non-blocking mode. */ + if (ret == 0){ + ret = wc_RsaSetNonBlock(&key, &nb_ctx); + if (ret != 0) + return ret; + + blk_count = 0; + total_blk_time = 0; + + pre_returned_t = current_time(1); + do { + + #ifdef PSS_PADDING + decSigLen = wc_RsaPSS_Verify(signature, sizeof(signature), + decSig, sizeof(decSig),WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); + + #else /* PKCS#1.5 */ + decSigLen = wc_RsaSSL_Verify(signature, sizeof(signature), + decSig, sizeof(decSig), &key); + #endif + + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (decSigLen == FP_WOULDBLOCK); + } + + /* Verification check */ + #ifdef PSS_PADDING + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaPSS_Verify()"); + + ret = wc_RsaPSS_CheckPadding(hash, sizeof(hash), decSig, decSigLen, WC_HASH_TYPE_SHA256); + CHECK_RET(ret, 0, finish, "Verification Check RSA-PSS"); + + #else + if ((int)decSigLen < 0) + ret = (int)decSigLen; + CHECK_RET(ret, 0, finish, "wc_RsaSSL_Verify()"); + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + + #endif + +finish: + if (pKey != NULL) + wc_FreeRsaKey(pKey); + +#ifdef DEBUG_MEMORY + printf("\n"); + printf("Memory usage : verify_nonblock() \n"); + printf("=================================\n"); + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + + return ret; +} + + + +int main(){ + int ret = 0; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)sign); +#else + ret = sign(); +#endif + +/* Check the return value of sign() */ + if(ret != 0) + return ret; + +#ifdef DEBUG_MEMORY + ret = StackSizeCheck(NULL, (thread_func)verify_nonblock); +#else + ret = verify_nonblock(); + +#endif + if (ret == 0){ + printf("\nNon-blocking:\n"); + printf("Total time : %.2f micro sec, Blocking count: %d \n",\ + 1000*1000*total_blk_time, blk_count); + printf("Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + } + return ret; +} diff --git a/embedded/signature/rsa_sign_verify/sign.c b/embedded/signature/rsa_sign_verify/sign.c new file mode 100644 index 000000000..3a2d37274 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/sign.c @@ -0,0 +1,178 @@ +/* sign.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file shows how to sign a message with an RSA private key. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * The output of this program can be used with "verify.c". + */ + +// #include +#include "user_settings.h" +#include + +#include +#include +#include +#include + +#include "rsa_priv_2048.h" + + +/* Signature size is the length of the modulus of the RSA key */ +#define SIG_SZ (2048 / 8) +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Print out the buffer in C code. + * + * name [in] Name of the variable. + * data [in] Data to print out. + * len [in] Length of the data. + */ +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + +/* Main entry point. + * Signs the message passed in as the first command line argument. + * + * argc [in] Count of command line arguments. + * argv [in] Command line argument vector. + * Returns 0 on success and 1 otherwise. + */ +int main(int argc, char* argv[]) +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; +#ifdef WC_RSA_BLINDING + WC_RNG rng; + WC_RNG* pRng = NULL; +#endif + word32 idx; + unsigned char* msg; + word32 msgLen; + unsigned char signature[SIG_SZ]; + word32 sigLen; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen; + + /* Get the message to sign from the command line */ + if (argc != 2) { + fprintf(stderr, "Message to sign required\n"); + ret = -1; + } + else { + msg = (unsigned char*)argv[1]; + msgLen = strlen(argv[1]); + } + + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, msgLen); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize RSA key and random (if required) */ + if (ret == 0) { + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) + pRsaKey = &rsaKey; + } +#ifdef WC_RSA_BLINDING + if (ret == 0) + ret = wc_InitRng(&rng); +#endif + /* Load DER encoded RSA private key from buffer */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + pRng = &rng; +#endif + idx = 0; + ret = wc_RsaPrivateKeyDecode(private_key_2048, &idx, &rsaKey, + sizeof(private_key_2048)); + } + + /* Sign encoded digest */ + if (ret == 0) { +#ifdef WC_RSA_BLINDING + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, pRng); +#else + ret = wc_RsaSSL_Sign(encSig, encSigLen, signature, sizeof(signature), + &rsaKey, NULL); +#endif + if (ret >= 0) { + sigLen = ret; + ret = 0; + } + } + + if (ret == 0) { + /* Display message as a buffer */ + print_buffer("msg", msg, msgLen); + printf("\n"); + /* Display binary signature as a buffer */ + print_buffer("rsa_sig_2048", signature, sigLen); + } + + /* Free data structures */ +#ifdef WC_RSA_BLINDING + if (pRng != NULL) + wc_FreeRng(pRng); +#endif + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + + return ret == 0 ? 0 : 1; +} + diff --git a/embedded/signature/rsa_sign_verify/sign_vfy.sh b/embedded/signature/rsa_sign_verify/sign_vfy.sh new file mode 100755 index 000000000..0ad83d54c --- /dev/null +++ b/embedded/signature/rsa_sign_verify/sign_vfy.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +make clean + +make sign +./sign "This is the message" > signature.h +make verify +./verify + + diff --git a/embedded/signature/rsa_sign_verify/signature.h b/embedded/signature/rsa_sign_verify/signature.h new file mode 100644 index 000000000..e0b34c8c9 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/signature.h @@ -0,0 +1,40 @@ +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; diff --git a/embedded/signature/rsa_sign_verify/user_settings.h b/embedded/signature/rsa_sign_verify/user_settings.h new file mode 100644 index 000000000..66e4e1de6 --- /dev/null +++ b/embedded/signature/rsa_sign_verify/user_settings.h @@ -0,0 +1,93 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_HARDEN +#define WOLFSSL_KEY_GEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #undef USE_FAST_MATH +#endif + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + +#ifdef BENCHMARK + #undef DEBUG_MEMORY +#endif + +// #define PSS_PADDING +#ifdef PSS_PADDING + #define WC_RSA_PSS + #define WC_RSA_BLINDING +#endif + +/* Non-blocking */ +#if defined(NONBLOCK) + #define WC_RSA_NONBLOCK + #define TFM_TIMING_RESISTANT + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC + #undef BENCHMARK +#endif /* NONBLOCK */ diff --git a/embedded/signature/rsa_sign_verify/verify.c b/embedded/signature/rsa_sign_verify/verify.c new file mode 100644 index 000000000..3ccab5eed --- /dev/null +++ b/embedded/signature/rsa_sign_verify/verify.c @@ -0,0 +1,179 @@ +/* verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This file is an example of verifying an RSA signature. + * The signature is PKCS#1.5 formatted. + * Key and data are held in buffers. + * "signature.h", used by this program, can be generated using "sign.c". + */ + +#include +#include +#include +#include +#include +#include + +#include "rsa_pub_2048.h" +#include "signature.h" +#include + +/* Maximum bound on digest algorithm encoding around digest */ +#define MAX_ENC_ALG_SZ 32 + +/* Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + word32 idx; + unsigned char digest[WC_SHA256_DIGEST_SIZE]; + unsigned char encSig[WC_SHA256_DIGEST_SIZE + MAX_ENC_ALG_SZ]; + word32 encSigLen = 0; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + +/* Variables for benchmark */ +#ifdef BENCHMARK + double start, total_time; +#ifndef BENCH_TIME_SEC + #define BENCH_TIME_SEC 3 +#endif + int count; +#endif + + + + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, digest); + + /* Encode digest with algorithm information as per PKCS#1.5 */ + if (ret == 0) { + encSigLen = wc_EncodeSignature(encSig, digest, sizeof(digest), SHA256h); + if ((int)encSigLen < 0) + ret = (int)encSigLen; + } + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + idx = 0; + ret = wc_RsaPublicKeyDecode(public_key_2048, &idx, &rsaKey, + sizeof(public_key_2048)); + } + +#ifdef BENCHMARK + count = 0; + printf("Running benchmark...\n"); + printf("Please Wait %.2f seconds\n", (double)BENCH_TIME_SEC); + start = current_time(0); + while( (double)BENCH_TIME_SEC > (total_time = current_time(0) - start ) ){ +#endif + + /* Verify the signature by decrypting the value. */ + if (ret == 0) { + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + if ((int)decSigLen < 0) + ret = (int)decSigLen; + } + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && encSigLen != decSigLen) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, encSigLen) != 0) + ret = -1; + + if(ret != 0){ + printf("Invalid Signature!\n"); + goto finish; + } + +#ifdef BENCHMARK + count++; + } + + printf("Takes %1.2f Sec for %d times, %6.2f Cycles/sec\n", total_time, count, count/total_time); + printf("Finished Benchmark \n"); +#else + printf("Verified!\n"); +#endif + + +finish: + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret; +} + +int main(){ +#ifdef BENCHMARK + printf("---------------------------------------------------------------\n"); +#if defined(SP_C64_FLAG) + printf("Enabled 64-bit SP \n"); +#elif defined(SP_C32_FLAG) + printf("Enabled 32-bit SP \n"); +#elif defined(SP_X86_64_FLAG) + printf("Enabled SP for x86_64\n"); +#elif defined(SP_ARM64_FLAG) + printf("Enabled SP for Arm64\n"); +#elif defined(TFM_FLAG) + printf("Enabled TFM \n"); +#endif + printf("---------------------------------------------------------------\n"); +#endif /* BENCHMARK */ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + + return verify(); +#endif +} diff --git a/embedded/signature/rsa_vfy_only/Makefile b/embedded/signature/rsa_vfy_only/Makefile index ae67065ed..d1a116c55 100644 --- a/embedded/signature/rsa_vfy_only/Makefile +++ b/embedded/signature/rsa_vfy_only/Makefile @@ -1,3 +1,4 @@ +# The path to the wolfssl directory must be set correctly for your environment. WOLFROOT = ../../../../wolfssl CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os @@ -64,7 +65,7 @@ endif all: verify bench mem verify: clean $(OBJ) - $(CC) $(CFLAGS) -o verify verify.c $(OBJ) -lpthread + $(CC) $(CFLAGS) -o verify verify.c $(OBJ) bench: clean $(OBJ) $(CC) $(CFLAGS) -DBENCHMARK -o verify_bench verify.c $(OBJ) -lpthread mem: clean $(OBJ) diff --git a/embedded/signature/rsa_vfy_only/verify.c b/embedded/signature/rsa_vfy_only/verify.c index bbab06bf7..1888419a1 100644 --- a/embedded/signature/rsa_vfy_only/verify.c +++ b/embedded/signature/rsa_vfy_only/verify.c @@ -1,6 +1,6 @@ /* verify.c * - * Copyright (C) 2006-2020 wolfSSL Inc. + * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/embedded/signature/rsa_vfy_only_nonblock/Makefile b/embedded/signature/rsa_vfy_only_nonblock/Makefile new file mode 100644 index 000000000..be6f72e40 --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/Makefile @@ -0,0 +1,58 @@ +# The path to the wolfssl directory must be set correctly for your environment. +WOLFROOT = ../../../../wolfssl + +CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os +ASFLAGS=-DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) + +OBJ = \ + $(WOLFROOT)/wolfcrypt/src/rsa.o\ + $(WOLFROOT)/wolfcrypt/src/sha256.o\ + $(WOLFROOT)/wolfcrypt/src/hash.o\ + $(WOLFROOT)/wolfcrypt/src/random.o\ + $(WOLFROOT)/wolfcrypt/src/asn.o\ + $(WOLFROOT)/wolfcrypt/src/wc_port.o\ + $(WOLFROOT)/wolfcrypt/src/coding.o\ + $(WOLFROOT)/wolfcrypt/src/memory.o\ + +OBJ_SP_C32 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c32.o\ + +OBJ_SP_C64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_c64.o\ + +OBJ_SP_ARM64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/sp_arm64.o\ + + +OBJ_SP_X86_64 := \ + $(WOLFROOT)/wolfcrypt/src/sp_int.o\ + $(WOLFROOT)/wolfcrypt/src/cpuid.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\ + $(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\ + +OBJ_TFM := \ + $(WOLFROOT)/wolfcrypt/src/wolfmath.o\ + $(WOLFROOT)/wolfcrypt/src/tfm.o\ + + +.PHONY: all clean size mem + + +CFLAGS += -DTFM_FLAG +OBJ += $(OBJ_TFM) + + +all: verify_nonblock mem + +verify_nonblock: clean $(OBJ) + $(CC) $(CFLAGS) -o verify_nonblock verify_nonblock.c $(OBJ) -lpthread + +mem: clean $(OBJ) + $(CC) $(CFLAGS) -DDEBUG_MEMORY -o verify_mem_nonblock verify_nonblock.c $(OBJ) -lpthread +clean: + rm -f verify_nonblock verify_mem_nonblock $(WOLFROOT)/wolfcrypt/src/*.o +size : + size $(OBJ) verify diff --git a/embedded/signature/rsa_vfy_only_nonblock/user_settings.h b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h new file mode 100644 index 000000000..37a345d05 --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/user_settings.h @@ -0,0 +1,87 @@ +#define WOLFCRYPT_ONLY +#define NO_SIG_WRAPPER +#define WOLFSSL_PUBLIC_MP + +/* hash */ +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* rsa */ +#define WOLFSSL_RSA_VERIFY_INLINE +#define WC_NO_RSA_OAEP +#define WC_NO_RSA_PSS +#define WC_NO_HARDEN + +/* sp_int */ +#define NO_DH +#define NO_DSA +#define NO_DES3 +#define NO_AES + +/* asn */ +#define NO_ASN_TIME +#define IGNORE_NAME_CONSTRAINTS +#define WOLFSSL_NO_ASN_STRICT + + +#ifdef DEBUG_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define HAVE_STACK_SIZE + // #define WOLFSSL_DEBUG_MEMORY + // #define WOLFSSL_DEBUG_MEMORY_PRINT +#endif + + +#ifdef SP_C32_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 32 + #undef USE_FAST_MATH +#endif /*SP_FLAG*/ + +#ifdef SP_C64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define SP_WORD_SIZE 64 + #define HAVE___UINT128_T + #undef USE_FAST_MATH + +#endif + +#ifdef SP_ARM64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM +#endif /*SP_ARM64_FLAG*/ + + +#ifdef SP_X86_64_FLAG + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_X86_64 + #define WOLFSSL_SP_X86_64_ASM +#endif /*SP_X86_64_FLAG*/ + +#ifdef TFM_FLAG + #define USE_FAST_MATH + #undef WOLFSSL_HAVE_SP_RSA + #undef WOLFSSL_SP_ARM64 + #undef WOLFSSL_SP_ARM64_ASM + #undef WOLFSSL_SP_X86_64 + #undef WOLFSSL_SP_X86_64_ASM +#endif /* TFM_FLAG*/ + + +/* Non-blocking */ +#define NONBLOCK + +#if defined(NONBLOCK) + #define WC_RSA_NONBLOCK + #define TFM_TIMING_RESISTANT + #define WOLFSSL_SP_NONBLOCK + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_MALLOC + #undef BENCHMARK +#endif /* NONBLOCK */ diff --git a/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c new file mode 100644 index 000000000..c675c7e6b --- /dev/null +++ b/embedded/signature/rsa_vfy_only_nonblock/verify_nonblock.c @@ -0,0 +1,257 @@ +/* verify.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include + +/* RSA public key to verify with. */ +static const unsigned char public_key_2048_n[] = { + 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, + 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, + 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, + 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, + 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, + 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, + 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, + 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, + 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, + 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, + 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, + 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, + 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, +}; + +static const unsigned long public_key_2048_e = 0x010001; + +unsigned char msg[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, +}; + +unsigned char rsa_sig_2048[] = { + 0x41, 0xeb, 0xf5, 0x5e, 0x97, 0x43, 0xf4, 0xd1, + 0xda, 0xb6, 0x5c, 0x75, 0x57, 0x2c, 0xe1, 0x01, + 0x07, 0xdc, 0x42, 0xc4, 0x2d, 0xe2, 0xb5, 0xc8, + 0x63, 0xe8, 0x45, 0x9a, 0x4a, 0xfa, 0xdf, 0x5e, + 0xa6, 0x08, 0x0a, 0x26, 0x2e, 0xca, 0x2c, 0x10, + 0x7a, 0x15, 0x8d, 0xc1, 0x55, 0xcc, 0x33, 0xdb, + 0xb2, 0xef, 0x8b, 0xa6, 0x4b, 0xef, 0xa1, 0xcf, + 0xd3, 0xe2, 0x5d, 0xac, 0x88, 0x86, 0x62, 0x67, + 0x8b, 0x8c, 0x45, 0x7f, 0x10, 0xad, 0xfa, 0x27, + 0x7a, 0x35, 0x5a, 0xf9, 0x09, 0x78, 0x83, 0xba, + 0x18, 0xcb, 0x3e, 0x8e, 0x08, 0xbe, 0x36, 0xde, + 0xac, 0xc1, 0x77, 0x44, 0xe8, 0x43, 0xdb, 0x52, + 0x23, 0x08, 0x36, 0x8f, 0x74, 0x4a, 0xbd, 0xa3, + 0x3f, 0xc1, 0xfb, 0xd6, 0x45, 0x25, 0x61, 0xe2, + 0x19, 0xcb, 0x0b, 0x28, 0xef, 0xca, 0x0a, 0x3b, + 0x7b, 0x3d, 0xe3, 0x47, 0x46, 0x07, 0x1a, 0x7f, + 0xff, 0x38, 0xfd, 0x59, 0x94, 0x0b, 0xeb, 0x00, + 0xab, 0xcc, 0x8c, 0x48, 0x7b, 0xd6, 0x87, 0xb8, + 0x54, 0xb0, 0x2a, 0x07, 0xcf, 0x44, 0x11, 0xd4, + 0xb6, 0x9a, 0x4e, 0x6d, 0x5c, 0x1a, 0xe3, 0xc7, + 0xf3, 0xc7, 0xcb, 0x8e, 0x82, 0x7d, 0xc8, 0x77, + 0xf0, 0xb6, 0xd0, 0x85, 0xcb, 0xdb, 0xd0, 0xb0, + 0xe0, 0xcf, 0xca, 0x3f, 0x17, 0x46, 0x84, 0xcb, + 0x5b, 0xfe, 0x51, 0x3a, 0xaa, 0x71, 0xad, 0xeb, + 0xf1, 0xed, 0x3f, 0xf8, 0xde, 0xb4, 0xa1, 0x26, + 0xdb, 0xc6, 0x8e, 0x70, 0xd4, 0x58, 0xa8, 0x31, + 0xd8, 0xdb, 0xcf, 0x64, 0x4a, 0x5f, 0x1b, 0x89, + 0x22, 0x03, 0x3f, 0xab, 0xb5, 0x6d, 0x2a, 0x63, + 0x2f, 0x4e, 0x7a, 0xe1, 0x89, 0xb4, 0xf0, 0x9a, + 0xb7, 0xd3, 0xd6, 0x0a, 0x10, 0x67, 0x28, 0x25, + 0x6d, 0xda, 0x92, 0x99, 0x3f, 0x64, 0xa7, 0xea, + 0xe0, 0xdc, 0x7c, 0xe8, 0x41, 0xb0, 0xeb, 0x45, +}; + +void print_buffer(char* name, unsigned char* data, word32 len) +{ + word32 i; + + printf("unsigned char %s[] = {\n", name); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf(" 0x%02x,", data[i]); + if ((i % 8) == 7) + printf("\n"); + } + if ((i % 8) != 0) + printf("\n"); + printf("};\n"); + +} + + +/* ASN.1 encoding of digest algorithm before hash */ +#define ENC_ALG_SZ 19 + +/* verify entry point. + * + * Verifies the signature with the message and RSA public key. + * Returns 0 on success and 1 otherwise. + */ +int verify() +{ + int ret = 0; + Sha256 sha256; + Sha256* pSha256 = NULL; + RsaKey rsaKey; + RsaKey* pRsaKey = NULL; + unsigned char decSig[sizeof(rsa_sig_2048)]; + word32 decSigLen = 0; + unsigned char encSig[ENC_ALG_SZ + WC_SHA256_DIGEST_SIZE] = { + 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, 0x00, + }; + + /* Variables for non-blocking RSA */ + + RsaNb nb_ctx; + double total_blk_time; + double pre_returned_t; /* previous recent returned time */ + double returned_t; /* most recent returned time */ + double max_t = -1.0; /* Maximum blocking time */ + double min_t = __DBL_MAX__; /* Minimum blocking time */ + double blocking_t; /* current blocking time */ + int blk_count; + +#ifdef DEBUG_MEMORY + wolfCrypt_Init(); + InitMemoryTracker(); +#endif + /* Calculate SHA-256 digest of message */ + if (ret == 0) + ret = wc_InitSha256(&sha256); + if (ret == 0) { + pSha256 = &sha256; + ret = wc_Sha256Update(&sha256, msg, sizeof(msg)); + } + if (ret == 0) + ret = wc_Sha256Final(&sha256, encSig + ENC_ALG_SZ); + + /* Initialize the RSA key and decode the DER encoded public key. */ + if (ret == 0) + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret == 0) { + pRsaKey = &rsaKey; + + ret = mp_read_unsigned_bin(&rsaKey.n, public_key_2048_n, + sizeof(public_key_2048_n)); + } + if (ret == 0) + ret = mp_set_int(&rsaKey.e, public_key_2048_e); + + + /* Verify the signature by decrypting the value with non-blocking mode. */ + if (ret == 0){ + ret = wc_RsaSetNonBlock(&rsaKey, &nb_ctx); + if (ret != 0) + return ret; + + blk_count = 0; + total_blk_time = 0; + + pre_returned_t = current_time(1); + do { + + decSigLen = wc_RsaSSL_Verify(rsa_sig_2048, sizeof(rsa_sig_2048), + decSig, sizeof(decSig), &rsaKey); + + returned_t = current_time(0); + blocking_t = returned_t - pre_returned_t; + total_blk_time += blocking_t; + + if ( blocking_t > max_t ){ + max_t = blocking_t; + } + else if ( blocking_t < min_t ){ + min_t = blocking_t; + } + + pre_returned_t = returned_t; + blk_count++; + } while (decSigLen == FP_WOULDBLOCK); + } + if ((int)decSigLen < 0) + ret = (int)decSigLen; + + /* Check the decrypted result matches the encoded digest. */ + if (ret == 0 && decSigLen != sizeof(encSig)) + ret = -1; + if (ret == 0 && XMEMCMP(encSig, decSig, decSigLen) != 0) + ret = -1; + + + printf("Verified\n"); + + printf("Non-blocking:\n"); + printf(" Total time : %.2f micro sec, Bloking count: %d \n",1000*1000*total_blk_time, blk_count); + printf(" Max: %2.2f micro sec, Average: %.2f micro sec\n",\ + max_t*1000*1000, 1000*1000*total_blk_time/blk_count ); + + + /* Free the data structures */ + if (pRsaKey != NULL) + wc_FreeRsaKey(pRsaKey); + if (pSha256 != NULL) + wc_Sha256Free(pSha256); + +#ifdef DEBUG_MEMORY + ShowMemoryTracker(); + CleanupMemoryTracker(); + wolfCrypt_Cleanup(); +#endif + return ret == 0 ? 0 : 1; +} + +int main(){ + +#ifdef DEBUG_MEMORY + return StackSizeCheck(NULL, (thread_func)verify); +#else + return verify(); +#endif +}