From 9f23531c918fa17e9f147753eda15df76ef7f85f Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 11 Apr 2023 10:11:15 +0200 Subject: [PATCH] ESP32 TFM interim fix for RSA key size 512 and 2048 --- wolfcrypt/src/tfm.c | 57 +++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index aa4b441d8a..e484a8b9e6 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2818,8 +2818,17 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) - int x = fp_count_bits (X); -#endif + #if defined(WOLFSSL_RSA_KEY_SIZE) + #if WOLFSSL_RSA_KEY_SIZE != 512 + /* there's a known problem with length = 512 + ** see https://github.com/wolfSSL/wolfssl/issues/6205 + */ + int x = fp_count_bits (X); + #endif + #else + #warning "WOLFSSL_RSA_KEY_SIZE not defined" + #endif /* WOLFSSL_RSA_KEY_SIZE */ +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */ /* handle modulus of zero and prevent overflows */ if (fp_iszero(P) || (P->used > (FP_SIZE/2))) { @@ -2840,10 +2849,19 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) - if(x > EPS_RSA_EXPT_XBTIS) { - return esp_mp_exptmod(G, X, x, P, Y); - } -#endif + #if defined(WOLFSSL_RSA_KEY_SIZE) + #if WOLFSSL_RSA_KEY_SIZE != 512 + /* there's a known problem with length = 512 + ** see https://github.com/wolfSSL/wolfssl/issues/6205 + */ + if(x > EPS_RSA_EXPT_XBTIS) { + return esp_mp_exptmod(G, X, x, P, Y); + } + #endif + #else + #warning "WOLFSSL_RSA_KEY_SIZE not defined" + #endif /* WOLFSSL_RSA_KEY_SIZE */ +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */ if (X->sign == FP_NEG) { #ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */ @@ -4310,15 +4328,24 @@ int wolfcrypt_mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) #endif { - #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ - !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) - int A = fp_count_bits (a); - int B = fp_count_bits (b); - - if( A >= ESP_RSA_MULM_BITS && B >= ESP_RSA_MULM_BITS) - return esp_mp_mulmod(a, b, c, d); - else - #endif +#if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) + #if defined(WOLFSSL_RSA_KEY_SIZE) + #if WOLFSSL_RSA_KEY_SIZE != 2048 + /* there's a known problem with length = 2048 + ** see https://github.com/wolfSSL/wolfssl/issues/6205 + */ + int A = fp_count_bits (a); + int B = fp_count_bits (b); + + if( A >= ESP_RSA_MULM_BITS && B >= ESP_RSA_MULM_BITS) { + return esp_mp_mulmod(a, b, c, d); + } + #endif + #else + #warning "WOLFSSL_RSA_KEY_SIZE not defined" + #endif /* WOLFSSL_RSA_KEY_SIZE */ +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */ return fp_mulmod(a, b, c, d); }