/src/wolfssl/wolfcrypt/src/wolfmath.c

Source (jump to first uncovered line)
/* wolfmath.c
 *
 * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* common functions between all math libraries */

/* HAVE_WOLF_BIGINT: Used with asynchronous crypto hardware where "raw" math
 *                   buffers are required.
 * NO_BIG_INT: Disable support for all multi-precision math libraries
 */

#ifdef HAVE_CONFIG_H
    #include <config.h>
#endif

/* in case user set USE_FAST_MATH there */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/wolfmath.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>

#ifdef WOLFSSL_ASYNC_CRYPT
    #include <wolfssl/wolfcrypt/async.h>
#endif

#ifdef NO_INLINE
    #include <wolfssl/wolfcrypt/misc.h>
#else
    #define WOLFSSL_MISC_INCLUDED
    #include <wolfcrypt/src/misc.c>
#endif

#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)

#if !defined(WC_NO_CACHE_RESISTANT) && \
    ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
     (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))

    /* all off / all on pointer addresses for constant calculations */
    /* ecc.c uses same table */
    const wc_ptr_t wc_off_on_addr[2] =
    {
    #if defined(WC_64BIT_CPU)
        W64LIT(0x0000000000000000),
        W64LIT(0xffffffffffffffff)
    #elif defined(WC_16BIT_CPU)
        0x0000U,
        0xffffU
    #else
        /* 32 bit */
        0x00000000U,
        0xffffffffU
    #endif
    };
#endif


/* reverse an array, used for radix code */
void mp_reverse(unsigned char *s, int len)
{
    int ix, iy;

    if (s == NULL)
        return;

    ix = 0;
    iy = len - 1;
    while (ix < iy) {
        unsigned char t = s[ix];
        s[ix] = s[iy];
        s[iy] = t;
        ++ix;
        --iy;
    }
}

int get_digit_count(const mp_int* a)
{
    if (a == NULL)
        return 0;

    return (int)a->used;
}

mp_digit get_digit(const mp_int* a, int n)
{
    if (a == NULL)
        return 0;

    return (n < 0 || (unsigned int)n >= (unsigned int)a->used) ? 0 : a->dp[n];
}

#if defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)
/* Conditionally copy a into b. Performed in constant time.
 *
 * a     MP integer to copy.
 * copy  On 1, copy a into b. on 0 leave b unchanged.
 * b     MP integer to copy into.
 * returns BAD_FUNC_ARG when a or b is NULL, MEMORY_E when growing b fails and
 *         MP_OKAY otherwise.
 */
int mp_cond_copy(mp_int* a, int copy, mp_int* b)
{
    int err = MP_OKAY;
#if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 8
    unsigned int mask = (unsigned int)0 - copy;
#else
    mp_digit mask = (mp_digit)0 - (mp_digit)copy;
#endif

    if (a == NULL || b == NULL)
        err = BAD_FUNC_ARG;

    /* Ensure b has enough space to copy a into */
    if (err == MP_OKAY)
        err = mp_grow(b, (int)a->used + 1);
    if (err == MP_OKAY) {
    #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
        unsigned int i;
    #else
        int i;
    #endif
        /* When mask 0, b is unchanged2
         * When mask all set, b ^ b ^ a = a
         */
        /* Conditionally copy all digits and then number of used digits.
         * get_digit() returns 0 when index greater than available digit.
         */
        for (i = 0; i < a->used; i++) {
            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
        }
        for (; i < b->used; i++) {
            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
        }
        b->used ^= (a->used ^ b->used) & (unsigned int)mask;
#if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
    defined(WOLFSSL_SP_INT_NEGATIVE)
        b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask;
#endif
    }

    return err;
}
#endif /* HAVE_ECC || WOLFSSL_MP_COND_COPY */


#ifndef WC_NO_RNG
int get_rand_digit(WC_RNG* rng, mp_digit* d)
{
    return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
}

#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE)
int mp_rand(mp_int* a, int digits, WC_RNG* rng)
{
    int ret = 0;
    int cnt = digits * (int)sizeof(mp_digit);

    if (rng == NULL) {
        ret = MISSING_RNG_E;
    }
    else if (a == NULL || digits <= 0) {
        ret = BAD_FUNC_ARG;
    }

#ifdef USE_INTEGER_HEAP_MATH
    /* allocate space for digits */
    if (ret == MP_OKAY) {
        ret = mp_set_bit(a, digits * DIGIT_BIT - 1);
    }
#else
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
    if ((ret == MP_OKAY) && ((unsigned int)digits > a->size))
#else
    if ((ret == MP_OKAY) && (digits > FP_SIZE))
#endif
    {
        ret = BAD_FUNC_ARG;
    }
    if (ret == MP_OKAY) {
        a->used = (word32)digits;
    }
#endif
    /* fill the data with random bytes */
    if (ret == MP_OKAY) {
        ret = wc_RNG_GenerateBlock(rng, (byte*)a->dp, (word32)cnt);
    }
    if (ret == MP_OKAY) {
#ifdef USE_INTEGER_HEAP_MATH
        int i;
        /* Mask down each digit to only bits used */
        for (i = 0; i < a->used; i++) {
            a->dp[i] &= MP_MASK;
        }
#endif
        /* ensure top digit is not zero */
        while ((ret == MP_OKAY) && (a->dp[a->used - 1] == 0)) {
            ret = get_rand_digit(rng, &a->dp[a->used - 1]);
#ifdef USE_INTEGER_HEAP_MATH
            a->dp[a->used - 1] &= MP_MASK;
#endif
        }
    }

    return ret;
}
#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE */
#endif /* !WC_NO_RNG */

#if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)
/* export an mp_int as unsigned char or hex string
 * encType is WC_TYPE_UNSIGNED_BIN or WC_TYPE_HEX_STR
 * return MP_OKAY on success */
int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz,
    int encType)
{
    int err;

    if (mp == NULL || buf == NULL || len == NULL)
        return BAD_FUNC_ARG;

    if (encType == WC_TYPE_HEX_STR) {
        /* for WC_TYPE_HEX_STR the keySz is not used.
         * The size is computed via mp_radix_size and checked with len input */
    #ifdef WC_MP_TO_RADIX
        int size = 0;
        err = mp_radix_size(mp, MP_RADIX_HEX, &size);
        if (err == MP_OKAY) {
            /* make sure we can fit result */
            if (*len < (word32)size) {
                *len = (word32)size;
                return BUFFER_E;
            }
            *len = (word32)size;
            err = mp_tohex(mp, (char*)buf);
        }
    #else
        err = NOT_COMPILED_IN;
    #endif
    }
    else {
        /* for WC_TYPE_UNSIGNED_BIN keySz is used to zero pad.
         * The key size is always returned as the size */
        if (*len < keySz) {
            *len = keySz;
            return BUFFER_E;
        }
        *len = keySz;
        XMEMSET(buf, 0, *len);
        err = mp_to_unsigned_bin(mp, buf +
            (keySz - (word32)mp_unsigned_bin_size(mp)));
    }

    return err;
}
#endif

#ifdef HAVE_WOLF_BIGINT
void wc_bigint_init(WC_BIGINT* a)
{
    if (a != NULL) {
        a->buf = NULL;
        a->len = 0;
        a->heap = NULL;
    }
}

int wc_bigint_alloc(WC_BIGINT* a, word32 sz)
{
    int err = MP_OKAY;

    if (a == NULL)
        return BAD_FUNC_ARG;

    if (sz > 0) {
        if (a->buf && sz > a->len) {
            wc_bigint_free(a);
        }
        if (a->buf == NULL) {
            a->buf = (byte*)XMALLOC(sz, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
            if (a->buf == NULL) {
                err = MP_MEM;
            }
        }
        else {
            XMEMSET(a->buf, 0, sz);
        }
    }
    a->len = sz;

    return err;
}

/* assumes input is big endian format */
int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen)
{
    int err;

    if (a == NULL || in == NULL || inlen == 0)
        return BAD_FUNC_ARG;

    err = wc_bigint_alloc(a, inlen);
    if (err == 0) {
        XMEMCPY(a->buf, in, inlen);
    }

    return err;
}

int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen)
{
    word32 sz;

    if (a == NULL || out == NULL || outlen == NULL || *outlen == 0)
        return BAD_FUNC_ARG;

    /* trim to fit into output buffer */
    sz = a->len;
    if (a->len > *outlen) {
        WOLFSSL_MSG("wc_bigint_export: Truncating output");
        sz = *outlen;
    }

    if (a->buf) {
        XMEMCPY(out, a->buf, sz);
    }

    *outlen = sz;

    return MP_OKAY;
}

void wc_bigint_zero(WC_BIGINT* a)
{
    if (a && a->buf) {
        ForceZero(a->buf, a->len);
    }
}

void wc_bigint_free(WC_BIGINT* a)
{
    if (a) {
        if (a->buf) {
          XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
        }
        a->buf = NULL;
        a->len = 0;
    }
}

/* sz: make sure the buffer is at least that size and zero padded.
 *     A `sz == 0` will use the size of `src`.
 *     The calculated sz is stored into dst->len in `wc_bigint_alloc`.
 */
int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz)
{
    int err;
    word32 x;

    if (src == NULL || dst == NULL)
        return BAD_FUNC_ARG;

    /* get size of source */
    x = mp_unsigned_bin_size(src);
    if (sz < x)
        sz = x;

    /* make sure destination is allocated and large enough */
    err = wc_bigint_alloc(dst, sz);
    if (err == MP_OKAY && sz > 0) {
        /* leading zero pad */
        word32 y = sz - x;
        XMEMSET(dst->buf, 0, y);

        /* export src as unsigned bin to destination buf */
        err = mp_to_unsigned_bin(src, dst->buf + y);
    }

    return err;
}

int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst)
{
    if (src == NULL || dst == NULL)
        return BAD_FUNC_ARG;

    return wc_mp_to_bigint_sz(src, dst, 0);
}

int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst)
{
    int err;

    if (src == NULL || dst == NULL)
        return BAD_FUNC_ARG;

    if (src->buf == NULL)
        return BAD_FUNC_ARG;

    err = mp_read_unsigned_bin(dst, src->buf, src->len);
    wc_bigint_free(src);

    return err;
}
#endif /* HAVE_WOLF_BIGINT */

#endif /* !NO_BIG_INT || WOLFSSL_SP_MATH */

#ifdef HAVE_WC_INTROSPECTION
const char *wc_GetMathInfo(void)
{
    return
        "\tMulti-Precision: "
    #ifdef WOLFSSL_SP_MATH_ALL
        "Wolf(SP)"
        #ifdef WOLFSSL_SP_NO_DYN_STACK
            " no-dyn-stack"
        #endif
        " word-size=" WC_STRINGIFY(SP_WORD_SIZE)
        " bits=" WC_STRINGIFY(SP_INT_BITS)
        " sp_int.c"
    #elif defined(USE_FAST_MATH)
        "Fast"
        " max-bits=" WC_STRINGIFY(FP_MAX_BITS)
        #ifndef TFM_TIMING_RESISTANT
        " not-constant-time"
        #endif
        " tfm.c"
    #elif defined(USE_INTEGER_HEAP_MATH)
        "Heap"
        " not-constant-time"
        " integer.c"
    #elif defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
        "Disabled"
    #else
        "Unknown"
    #endif

    #if defined(WOLFSSL_HAVE_SP_ECC) || defined(WOLFSSL_HAVE_SP_DH) || \
        defined(WOLFSSL_HAVE_SP_RSA)
         "\n\tSingle Precision:"
        #ifdef WOLFSSL_HAVE_SP_ECC
            " ecc"
            #ifndef WOLFSSL_SP_NO_256
                " 256"
            #endif
            #ifdef WOLFSSL_SP_384
                " 384"
            #endif
            #ifdef WOLFSSL_SP_521
                " 521"
            #endif
        #endif
        #if defined(WOLFSSL_HAVE_SP_RSA) && defined(WOLFSSL_HAVE_SP_DH)
            " rsa/dh"
        #elif defined(WOLFSSL_HAVE_SP_RSA)
            " rsa"
        #elif defined(WOLFSSL_HAVE_SP_DH)
            " dh"
        #endif
        #ifndef WOLFSSL_SP_NO_2048
            " 2048"
        #endif
        #ifndef WOLFSSL_SP_NO_3072
            " 3072"
        #endif
        #ifdef WOLFSSL_SP_4096
            " 4096"
        #endif
        #ifdef WOLFSSL_SP_ASM
            " asm"
        #endif

        #if !defined(WOLFSSL_SP_ASM)
            #if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 32
            " sp_c32.c"
            #else
            " sp_c64.c"
            #endif
        #elif defined(WOLFSSL_SP_ARM32_ASM)
            " sp_arm32.c"
        #elif defined(WOLFSSL_SP_ARM64_ASM)
            " sp_arm64.c"
        #elif defined(WOLFSSL_SP_ARM_THUMB_ASM)
            " sp_armthumb.c"
        #elif defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
            " sp_cortexm.c"
        #elif defined(WOLFSSL_SP_X86_64_ASM)
            " sp_x86_64.c"
        #else
            " sp_[arch].c"
        #endif
    #endif

    /* other SP math options */
    #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_ECC) || \
        defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA)
        #ifdef WOLFSSL_SP_SMALL
            " small"
        #endif
        #ifdef WOLFSSL_SP_NO_MALLOC
            " no-malloc"
        #endif
    #endif
    ;
}
#endif /* HAVE_WC_INTROSPECTION */

Coverage Report

Created: 2024-06-28 06:19

Line	Count	Source (jump to first uncovered line)
1		/* wolfmath.c
2		*
3		* Copyright (C) 2006-2023 wolfSSL Inc.
4		*
5		* This file is part of wolfSSL.
6		*
7		* wolfSSL is free software; you can redistribute it and/or modify
8		* it under the terms of the GNU General Public License as published by
9		* the Free Software Foundation; either version 2 of the License, or
10		* (at your option) any later version.
11		*
12		* wolfSSL is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU General Public License for more details.
16		*
17		* You should have received a copy of the GNU General Public License
18		* along with this program; if not, write to the Free Software
19		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20		*/
21
22		/* common functions between all math libraries */
23
24		/* HAVE_WOLF_BIGINT: Used with asynchronous crypto hardware where "raw" math
25		* buffers are required.
26		* NO_BIG_INT: Disable support for all multi-precision math libraries
27		*/
28
29		#ifdef HAVE_CONFIG_H
30		#include <config.h>
31		#endif
32
33		/* in case user set USE_FAST_MATH there */
34		#include <wolfssl/wolfcrypt/settings.h>
35		#include <wolfssl/wolfcrypt/wolfmath.h>
36		#include <wolfssl/wolfcrypt/error-crypt.h>
37		#include <wolfssl/wolfcrypt/logging.h>
38
39		#ifdef WOLFSSL_ASYNC_CRYPT
40		#include <wolfssl/wolfcrypt/async.h>
41		#endif
42
43		#ifdef NO_INLINE
44		#include <wolfssl/wolfcrypt/misc.h>
45		#else
46		#define WOLFSSL_MISC_INCLUDED
47		#include <wolfcrypt/src/misc.c>
48		#endif
49
50		#if !defined(NO_BIG_INT) \|\| defined(WOLFSSL_SP_MATH)
51
52		#if !defined(WC_NO_CACHE_RESISTANT) && \
53		((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) \|\| \
54		(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
55
56		/* all off / all on pointer addresses for constant calculations */
57		/* ecc.c uses same table */
58		const wc_ptr_t wc_off_on_addr[2] =
59		{
60		#if defined(WC_64BIT_CPU)
61		W64LIT(0x0000000000000000),
62		W64LIT(0xffffffffffffffff)
63		#elif defined(WC_16BIT_CPU)
64		0x0000U,
65		0xffffU
66		#else
67		/* 32 bit */
68		0x00000000U,
69		0xffffffffU
70		#endif
71		};
72		#endif
73
74
75		/* reverse an array, used for radix code */
76		void mp_reverse(unsigned char *s, int len)
77	0	{
78	0	int ix, iy;
79
80	0	if (s == NULL)
81	0	return;
82
83	0	ix = 0;
84	0	iy = len - 1;
85	0	while (ix < iy) {
86	0	unsigned char t = s[ix];
87	0	s[ix] = s[iy];
88	0	s[iy] = t;
89	0	++ix;
90	0	--iy;
91	0	}
92	0	}
93
94		int get_digit_count(const mp_int* a)
95	876	{
96	876	if (a == NULL)
97	0	return 0;
98
99	876	return (int)a->used;
100	876	}
101
102		mp_digit get_digit(const mp_int* a, int n)
103	30.3k	{
104	30.3k	if (a == NULL)
105	0	return 0;
106
107	30.3k	return (n < 0 \|\| (unsigned int)n >= (unsigned int)a->used) ? 0 : a->dp[n];
108	30.3k	}
109
110		#if defined(HAVE_ECC) \|\| defined(WOLFSSL_MP_COND_COPY)
111		/* Conditionally copy a into b. Performed in constant time.
112		*
113		* a MP integer to copy.
114		* copy On 1, copy a into b. on 0 leave b unchanged.
115		* b MP integer to copy into.
116		* returns BAD_FUNC_ARG when a or b is NULL, MEMORY_E when growing b fails and
117		* MP_OKAY otherwise.
118		*/
119		int mp_cond_copy(mp_int* a, int copy, mp_int* b)
120	2.91k	{
121	2.91k	int err = MP_OKAY;
122		#if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 8
123		unsigned int mask = (unsigned int)0 - copy;
124		#else
125	2.91k	mp_digit mask = (mp_digit)0 - (mp_digit)copy;
126	2.91k	#endif
127
128	2.91k	if (a == NULL \|\| b == NULL)
129	0	err = BAD_FUNC_ARG;
130
131		/* Ensure b has enough space to copy a into */
132	2.91k	if (err == MP_OKAY)
133	2.91k	err = mp_grow(b, (int)a->used + 1);
134	2.91k	if (err == MP_OKAY) {
135	2.91k	#if defined(WOLFSSL_SP_MATH) \|\| defined(WOLFSSL_SP_MATH_ALL)
136	2.91k	unsigned int i;
137		#else
138		int i;
139		#endif
140		/* When mask 0, b is unchanged2
141		* When mask all set, b ^ b ^ a = a
142		*/
143		/* Conditionally copy all digits and then number of used digits.
144		* get_digit() returns 0 when index greater than available digit.
145		*/
146	16.3k	for (i = 0; i < a->used; i++) {
147	13.4k	b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
148	13.4k	}
149	4.64k	for (; i < b->used; i++) {
150	1.72k	b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
151	1.72k	}
152	2.91k	b->used ^= (a->used ^ b->used) & (unsigned int)mask;
153	2.91k	#if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) \|\| \
154	2.91k	defined(WOLFSSL_SP_INT_NEGATIVE)
155	2.91k	b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask;
156	2.91k	#endif
157	2.91k	}
158
159	2.91k	return err;
160	2.91k	}
161		#endif /* HAVE_ECC \|\| WOLFSSL_MP_COND_COPY */
162
163
164		#ifndef WC_NO_RNG
165		int get_rand_digit(WC_RNG* rng, mp_digit* d)
166	0	{
167	0	return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
168	0	}
169
170		#if defined(WC_RSA_BLINDING) \|\| defined(WOLFCRYPT_HAVE_SAKKE)
171		int mp_rand(mp_int* a, int digits, WC_RNG* rng)
172	0	{
173	0	int ret = 0;
174	0	int cnt = digits * (int)sizeof(mp_digit);
175
176	0	if (rng == NULL) {
177	0	ret = MISSING_RNG_E;
178	0	}
179	0	else if (a == NULL \|\| digits <= 0) {
180	0	ret = BAD_FUNC_ARG;
181	0	}
182
183		#ifdef USE_INTEGER_HEAP_MATH
184		/* allocate space for digits */
185		if (ret == MP_OKAY) {
186		ret = mp_set_bit(a, digits * DIGIT_BIT - 1);
187		}
188		#else
189	0	#if defined(WOLFSSL_SP_MATH) \|\| defined(WOLFSSL_SP_MATH_ALL)
190	0	if ((ret == MP_OKAY) && ((unsigned int)digits > a->size))
191		#else
192		if ((ret == MP_OKAY) && (digits > FP_SIZE))
193		#endif
194	0	{
195	0	ret = BAD_FUNC_ARG;
196	0	}
197	0	if (ret == MP_OKAY) {
198	0	a->used = (word32)digits;
199	0	}
200	0	#endif
201		/* fill the data with random bytes */
202	0	if (ret == MP_OKAY) {
203	0	ret = wc_RNG_GenerateBlock(rng, (byte*)a->dp, (word32)cnt);
204	0	}
205	0	if (ret == MP_OKAY) {
206		#ifdef USE_INTEGER_HEAP_MATH
207		int i;
208		/* Mask down each digit to only bits used */
209		for (i = 0; i < a->used; i++) {
210		a->dp[i] &= MP_MASK;
211		}
212		#endif
213		/* ensure top digit is not zero */
214	0	while ((ret == MP_OKAY) && (a->dp[a->used - 1] == 0)) {
215	0	ret = get_rand_digit(rng, &a->dp[a->used - 1]);
216		#ifdef USE_INTEGER_HEAP_MATH
217		a->dp[a->used - 1] &= MP_MASK;
218		#endif
219	0	}
220	0	}
221
222	0	return ret;
223	0	}
224		#endif /* WC_RSA_BLINDING \|\| WOLFCRYPT_HAVE_SAKKE */
225		#endif /* !WC_NO_RNG */
226
227		#if defined(HAVE_ECC) \|\| defined(WOLFSSL_EXPORT_INT)
228		/* export an mp_int as unsigned char or hex string
229		* encType is WC_TYPE_UNSIGNED_BIN or WC_TYPE_HEX_STR
230		* return MP_OKAY on success */
231		int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz,
232		int encType)
233	0	{
234	0	int err;
235
236	0	if (mp == NULL \|\| buf == NULL \|\| len == NULL)
237	0	return BAD_FUNC_ARG;
238
239	0	if (encType == WC_TYPE_HEX_STR) {
240		/* for WC_TYPE_HEX_STR the keySz is not used.
241		* The size is computed via mp_radix_size and checked with len input */
242	0	#ifdef WC_MP_TO_RADIX
243	0	int size = 0;
244	0	err = mp_radix_size(mp, MP_RADIX_HEX, &size);
245	0	if (err == MP_OKAY) {
246		/* make sure we can fit result */
247	0	if (*len < (word32)size) {
248	0	*len = (word32)size;
249	0	return BUFFER_E;
250	0	}
251	0	*len = (word32)size;
252	0	err = mp_tohex(mp, (char*)buf);
253	0	}
254		#else
255		err = NOT_COMPILED_IN;
256		#endif
257	0	}
258	0	else {
259		/* for WC_TYPE_UNSIGNED_BIN keySz is used to zero pad.
260		* The key size is always returned as the size */
261	0	if (*len < keySz) {
262	0	*len = keySz;
263	0	return BUFFER_E;
264	0	}
265	0	*len = keySz;
266	0	XMEMSET(buf, 0, *len);
267	0	err = mp_to_unsigned_bin(mp, buf +
268	0	(keySz - (word32)mp_unsigned_bin_size(mp)));
269	0	}
270
271	0	return err;
272	0	}
273		#endif
274
275		#ifdef HAVE_WOLF_BIGINT
276		void wc_bigint_init(WC_BIGINT* a)
277		{
278		if (a != NULL) {
279		a->buf = NULL;
280		a->len = 0;
281		a->heap = NULL;
282		}
283		}
284
285		int wc_bigint_alloc(WC_BIGINT* a, word32 sz)
286		{
287		int err = MP_OKAY;
288
289		if (a == NULL)
290		return BAD_FUNC_ARG;
291
292		if (sz > 0) {
293		if (a->buf && sz > a->len) {
294		wc_bigint_free(a);
295		}
296		if (a->buf == NULL) {
297		a->buf = (byte*)XMALLOC(sz, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
298		if (a->buf == NULL) {
299		err = MP_MEM;
300		}
301		}
302		else {
303		XMEMSET(a->buf, 0, sz);
304		}
305		}
306		a->len = sz;
307
308		return err;
309		}
310
311		/* assumes input is big endian format */
312		int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen)
313		{
314		int err;
315
316		if (a == NULL \|\| in == NULL \|\| inlen == 0)
317		return BAD_FUNC_ARG;
318
319		err = wc_bigint_alloc(a, inlen);
320		if (err == 0) {
321		XMEMCPY(a->buf, in, inlen);
322		}
323
324		return err;
325		}
326
327		int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen)
328		{
329		word32 sz;
330
331		if (a == NULL \|\| out == NULL \|\| outlen == NULL \|\| *outlen == 0)
332		return BAD_FUNC_ARG;
333
334		/* trim to fit into output buffer */
335		sz = a->len;
336		if (a->len > *outlen) {
337		WOLFSSL_MSG("wc_bigint_export: Truncating output");
338		sz = *outlen;
339		}
340
341		if (a->buf) {
342		XMEMCPY(out, a->buf, sz);
343		}
344
345		*outlen = sz;
346
347		return MP_OKAY;
348		}
349
350		void wc_bigint_zero(WC_BIGINT* a)
351		{
352		if (a && a->buf) {
353		ForceZero(a->buf, a->len);
354		}
355		}
356
357		void wc_bigint_free(WC_BIGINT* a)
358		{
359		if (a) {
360		if (a->buf) {
361		XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
362		}
363		a->buf = NULL;
364		a->len = 0;
365		}
366		}
367
368		/* sz: make sure the buffer is at least that size and zero padded.
369		* A `sz == 0` will use the size of `src`.
370		* The calculated sz is stored into dst->len in `wc_bigint_alloc`.
371		*/
372		int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz)
373		{
374		int err;
375		word32 x;
376
377		if (src == NULL \|\| dst == NULL)
378		return BAD_FUNC_ARG;
379
380		/* get size of source */
381		x = mp_unsigned_bin_size(src);
382		if (sz < x)
383		sz = x;
384
385		/* make sure destination is allocated and large enough */
386		err = wc_bigint_alloc(dst, sz);
387		if (err == MP_OKAY && sz > 0) {
388		/* leading zero pad */
389		word32 y = sz - x;
390		XMEMSET(dst->buf, 0, y);
391
392		/* export src as unsigned bin to destination buf */
393		err = mp_to_unsigned_bin(src, dst->buf + y);
394		}
395
396		return err;
397		}
398
399		int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst)
400		{
401		if (src == NULL \|\| dst == NULL)
402		return BAD_FUNC_ARG;
403
404		return wc_mp_to_bigint_sz(src, dst, 0);
405		}
406
407		int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst)
408		{
409		int err;
410
411		if (src == NULL \|\| dst == NULL)
412		return BAD_FUNC_ARG;
413
414		if (src->buf == NULL)
415		return BAD_FUNC_ARG;
416
417		err = mp_read_unsigned_bin(dst, src->buf, src->len);
418		wc_bigint_free(src);
419
420		return err;
421		}
422		#endif /* HAVE_WOLF_BIGINT */
423
424		#endif /* !NO_BIG_INT \|\| WOLFSSL_SP_MATH */
425
426		#ifdef HAVE_WC_INTROSPECTION
427		const char *wc_GetMathInfo(void)
428	0	{
429	0	return
430	0	"\tMulti-Precision: "
431	0	#ifdef WOLFSSL_SP_MATH_ALL
432	0	"Wolf(SP)"
433		#ifdef WOLFSSL_SP_NO_DYN_STACK
434		" no-dyn-stack"
435		#endif
436	0	" word-size=" WC_STRINGIFY(SP_WORD_SIZE)
437	0	" bits=" WC_STRINGIFY(SP_INT_BITS)
438	0	" sp_int.c"
439		#elif defined(USE_FAST_MATH)
440		"Fast"
441		" max-bits=" WC_STRINGIFY(FP_MAX_BITS)
442		#ifndef TFM_TIMING_RESISTANT
443		" not-constant-time"
444		#endif
445		" tfm.c"
446		#elif defined(USE_INTEGER_HEAP_MATH)
447		"Heap"
448		" not-constant-time"
449		" integer.c"
450		#elif defined(NO_BIG_INT) \|\| defined(WOLFSSL_SP_MATH)
451		"Disabled"
452		#else
453		"Unknown"
454		#endif
455
456		#if defined(WOLFSSL_HAVE_SP_ECC) \|\| defined(WOLFSSL_HAVE_SP_DH) \|\| \
457		defined(WOLFSSL_HAVE_SP_RSA)
458		"\n\tSingle Precision:"
459		#ifdef WOLFSSL_HAVE_SP_ECC
460		" ecc"
461		#ifndef WOLFSSL_SP_NO_256
462		" 256"
463		#endif
464		#ifdef WOLFSSL_SP_384
465		" 384"
466		#endif
467		#ifdef WOLFSSL_SP_521
468		" 521"
469		#endif
470		#endif
471		#if defined(WOLFSSL_HAVE_SP_RSA) && defined(WOLFSSL_HAVE_SP_DH)
472		" rsa/dh"
473		#elif defined(WOLFSSL_HAVE_SP_RSA)
474		" rsa"
475		#elif defined(WOLFSSL_HAVE_SP_DH)
476		" dh"
477		#endif
478		#ifndef WOLFSSL_SP_NO_2048
479		" 2048"
480		#endif
481		#ifndef WOLFSSL_SP_NO_3072
482		" 3072"
483		#endif
484		#ifdef WOLFSSL_SP_4096
485		" 4096"
486		#endif
487		#ifdef WOLFSSL_SP_ASM
488		" asm"
489		#endif
490
491		#if !defined(WOLFSSL_SP_ASM)
492		#if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 32
493		" sp_c32.c"
494		#else
495		" sp_c64.c"
496		#endif
497		#elif defined(WOLFSSL_SP_ARM32_ASM)
498		" sp_arm32.c"
499		#elif defined(WOLFSSL_SP_ARM64_ASM)
500		" sp_arm64.c"
501		#elif defined(WOLFSSL_SP_ARM_THUMB_ASM)
502		" sp_armthumb.c"
503		#elif defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
504		" sp_cortexm.c"
505		#elif defined(WOLFSSL_SP_X86_64_ASM)
506		" sp_x86_64.c"
507		#else
508		" sp_[arch].c"
509		#endif
510		#endif
511
512		/* other SP math options */
513	0	#if defined(WOLFSSL_SP_MATH_ALL) \|\| defined(WOLFSSL_HAVE_SP_ECC) \|\| \
514	0	defined(WOLFSSL_HAVE_SP_DH) \|\| defined(WOLFSSL_HAVE_SP_RSA)
515		#ifdef WOLFSSL_SP_SMALL
516		" small"
517		#endif
518		#ifdef WOLFSSL_SP_NO_MALLOC
519		" no-malloc"
520		#endif
521	0	#endif
522	0	;
523	0	}
524		#endif /* HAVE_WC_INTROSPECTION */