diff --git a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c index f7db98dc7..c77b7f7eb 100644 --- a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c +++ b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c @@ -21,7 +21,7 @@ #include #include #include -#include +#include #ifdef NO_INLINE #include diff --git a/examples/client/client.c b/examples/client/client.c index 199033d19..01553b821 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -66,11 +66,8 @@ static const char *wolfsentry_config_path = NULL; #include #endif -#ifdef USE_FAST_MATH - /* included to inspect the size of FP_MAX_BITS */ - /* need integer.h header to make sure right math version used */ - #include -#endif +#include /* for max bits */ + #ifdef HAVE_ECC #include #endif diff --git a/tests/api.c b/tests/api.c index 4261dec77..ff17b5915 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61817,7 +61817,7 @@ static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, } #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ -#ifdef WOLFSSL_STATIC_MEMORY +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ defined(SESSION_CERTS) #ifdef OPENSSL_EXTRA @@ -61867,12 +61867,12 @@ static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) return TEST_RES_CHECK(1); } -#endif /* WOLFSSL_STATIC_MEMORY */ +#endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ static int test_wolfSSL_CTX_StaticMemory(void) { int res = TEST_SKIPPED; -#ifdef WOLFSSL_STATIC_MEMORY +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) wolfSSL_method_func method_func; WOLFSSL_CTX* ctx; const int kMaxCtxClients = 2; @@ -61945,7 +61945,7 @@ static int test_wolfSSL_CTX_StaticMemory(void) #endif /* HAVE_IO_TESTS_DEPENDENCIES */ res = TEST_RES_CHECK(1); -#endif +#endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ return res; } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index fb1d3a543..3c8b0178b 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -63,6 +63,7 @@ #include #include #include +#include #ifdef WOLFSSL_ESPIDF #include /* reminder Espressif RISC-V not yet implemented */ @@ -2842,6 +2843,10 @@ int benchmark_init(void) return EXIT_FAILURE; } +#ifdef HAVE_WC_INTROSPECTION + printf("Math: %s\n", wc_GetMathInfo()); +#endif + #ifdef WOLFSSL_SECO_CAAM if (wc_SECO_OpenHSM(SECO_KEY_STORE_ID, SECO_BENCHMARK_NONCE, SECO_MAX_UPDATES, CAAM_KEYSTORE_CREATE) diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index d9b4e1c5e..625b6ae68 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -29,7 +29,7 @@ #ifndef NO_DSA #include -#include +#include #include #include #include diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index dda040797..9940b22dd 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -45,7 +45,7 @@ #include #include #include -#include +#include #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 8224e604f..610512e70 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -47,7 +47,7 @@ #include #endif -#include +#include #if defined(FREESCALE_LTC_TFM) #include diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 2e16be89b..b4efe8cb2 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -39,7 +39,7 @@ #define WOLFSSL_MISC_INCLUDED #include #endif -#include +#include static const char* const TAG = "wolfssl_mp"; @@ -115,12 +115,12 @@ static int esp_mp_hw_lock() espmp_CryptHwMutexInit = 1; } else { - ESP_LOGE(TAG, "mp mutx initialization failed."); + ESP_LOGE(TAG, "mp mutex initialization failed."); return MP_NG; } } else { - /* esp aes has already been iniitlized */ + /* esp aes has already been initialized */ } /* lock hardware */ @@ -138,7 +138,7 @@ static int esp_mp_hw_lock() */ DPORT_REG_CLR_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD); - /* remionder: wait until RSA_CLEAN_REG reads 1 + /* reminder: wait until RSA_CLEAN_REG reads 1 * see esp_mp_hw_wait_clean() */ @@ -161,9 +161,9 @@ static void esp_mp_hw_unlock( void ) esp_CryptHwMutexUnLock(&mp_mutex); } -/* this is based on an article by Cetin Kaya Koc, A New Algorithm for Inversion*/ -/* mod p^k, June 28 2017. */ -static int esp_calc_Mdash(mp_int *M, word32 k, mp_digit* md) +/* this is based on an article by Cetin Kaya Koc, + * A New Algorithm for Inversion: mod p^k, June 28 2017 */ +static int esp_calc_Mdash(MATH_INT_T *M, word32 k, mp_digit* md) { int i; int xi; @@ -199,7 +199,7 @@ static void process_start(word32 reg) } /* wait until done */ -static int wait_uitil_done(word32 reg) +static int wait_until_done(word32 reg) { word32 timeout = 0; /* wait until done && not timeout */ @@ -221,7 +221,7 @@ static int wait_uitil_done(word32 reg) /* read data from memory into mp_init */ static void esp_memblock_to_mpint(word32 mem_address, - mp_int* mp, + MATH_INT_T* mp, word32 numwords) { esp_dport_access_read_buffer((uint32_t*)mp->dp, mem_address, numwords); @@ -230,7 +230,7 @@ static void esp_memblock_to_mpint(word32 mem_address, /* write mp_init into memory block */ -static void esp_mpint_to_memblock(word32 mem_address, const mp_int* mp, +static void esp_mpint_to_memblock(word32 mem_address, const MATH_INT_T* mp, const word32 bits, const word32 hwords) { @@ -271,7 +271,7 @@ static word32 bits2words(word32 bits) } /* get rinv */ -static int esp_get_rinv(mp_int *rinv, mp_int *M, word32 exp) +static int esp_get_rinv(MATH_INT_T *rinv, MATH_INT_T *M, word32 exp) { int ret = 0; @@ -291,17 +291,19 @@ static int esp_get_rinv(mp_int *rinv, mp_int *M, word32 exp) } /* Z = X * Y; */ -int esp_mp_mul(fp_int* X, fp_int* Y, fp_int* Z) +int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) { int ret = 0; - int neg = (X->sign == Y->sign)? MP_ZPOS : MP_NEG; - + int neg; word32 Xs; word32 Ys; word32 Zs; word32 maxWords_sz; word32 hwWords_sz; + /* neg check - X*Y becomes negative */ + neg = mp_isneg(X) != mp_isneg(Y) ? 1 : 0; + /* ask bits number */ Xs = mp_count_bits(X); Ys = mp_count_bits(Y); @@ -356,9 +358,9 @@ int esp_mp_mul(fp_int* X, fp_int* Y, fp_int* Z) process_start(RSA_MULT_START_REG); /* step.4,5 wait until done */ - ret = wait_uitil_done(RSA_INTERRUPT_REG); + ret = wait_until_done(RSA_INTERRUPT_REG); if (ret != MP_OKAY) { - ESP_LOGE(TAG, "wait_uitil_done failed."); + ESP_LOGE(TAG, "wait_until_done failed."); return ret; } /* step.6 read the result form MEM_Z */ @@ -367,16 +369,18 @@ int esp_mp_mul(fp_int* X, fp_int* Y, fp_int* Z) /* step.7 clear and release hw */ esp_mp_hw_unlock(); - Z->sign = (Z->used > 0) ? neg : MP_ZPOS; + if (!mp_iszero(Z) && neg) { + mp_setneg(mpi); + } return ret; } /* Z = X * Y (mod M) */ -int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) +int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) { int ret = 0; - int negcheck = 0; + int negcheck; word32 Xs; word32 Ys; word32 Ms; @@ -384,15 +388,13 @@ int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) word32 hwWords_sz; word32 zwords; - mp_int r_inv; - mp_int tmpZ; + MATH_INT_T r_inv; + MATH_INT_T tmpZ; mp_digit mp; - /* neg check */ - if (X->sign != Y->sign) { - /* X*Y becomes negative */ - negcheck = 1; - } + /* neg check - X*Y becomes negative */ + negcheck = mp_isneg(X) != mp_isneg(Y) ? 1 : 0; + /* ask bits number */ Xs = mp_count_bits(X); Ys = mp_count_bits(Y); @@ -470,7 +472,7 @@ int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) process_start(RSA_MULT_START_REG); /* step.5,6 wait until done */ - wait_uitil_done(RSA_INTERRUPT_REG); + wait_until_done(RSA_INTERRUPT_REG); /* step.7 Y to MEM_X */ esp_mpint_to_memblock(RSA_MEM_X_BLOCK_BASE, Y, Ys, hwWords_sz); @@ -478,7 +480,7 @@ int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) process_start(RSA_MULT_START_REG); /* step.9,11 wait until done */ - wait_uitil_done(RSA_INTERRUPT_REG); + wait_until_done(RSA_INTERRUPT_REG); /* step.12 read the result from MEM_Z */ esp_memblock_to_mpint(RSA_MEM_Z_BLOCK_BASE, &tmpZ, zwords); @@ -488,7 +490,7 @@ int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) /* additional steps */ /* this needs for known issue when Z is greater than M */ - if (mp_cmp(&tmpZ, M) == FP_GT) { + if (mp_cmp(&tmpZ, M) == MP_GT) { /* Z -= M */ mp_sub(&tmpZ, M, &tmpZ); } @@ -522,7 +524,7 @@ int esp_mp_mulmod(fp_int* X, fp_int* Y, fp_int* M, fp_int* Z) .* .* Note some DH references may use: Y = (G ^ X) mod P */ -int esp_mp_exptmod(fp_int* X, fp_int* Y, word32 Ys, fp_int* M, fp_int* Z) +int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, word32 Ys, MATH_INT_T* M, MATH_INT_T* Z) { int ret = 0; @@ -531,7 +533,7 @@ int esp_mp_exptmod(fp_int* X, fp_int* Y, word32 Ys, fp_int* M, fp_int* Z) word32 maxWords_sz; word32 hwWords_sz; - mp_int r_inv; + MATH_INT_T r_inv; mp_digit mp; /* ask bits number */ @@ -600,7 +602,7 @@ int esp_mp_exptmod(fp_int* X, fp_int* Y, word32 Ys, fp_int* M, fp_int* Z) process_start(RSA_START_MODEXP_REG); /* step.5 wait until done */ - wait_uitil_done(RSA_INTERRUPT_REG); + wait_until_done(RSA_INTERRUPT_REG); /* step.6 read a result form memory */ esp_memblock_to_mpint(RSA_MEM_Z_BLOCK_BASE, Z, BITS_TO_WORDS(Ms)); /* step.7 clear and release hw */ @@ -610,6 +612,8 @@ int esp_mp_exptmod(fp_int* X, fp_int* Y, word32 Ys, fp_int* M, fp_int* Z) return ret; } -#endif /* !NO_RSA || HAVE_ECC */ -#endif /* (WOLFSS_ESP32WROOM32_CRYPT) && (NO_WOLFSSL_ESP32WROOM32_CRYPT_RES_PRI)*/ +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && + * !NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */ + +#endif /* !NO_RSA || HAVE_ECC */ diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c index 94ab1537a..56dc8e854 100644 --- a/wolfcrypt/src/port/cypress/psoc6_crypto.c +++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c @@ -32,16 +32,6 @@ #endif #if defined(WOLFSSL_PSOC6_CRYPTO) -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - struct sp_int; - #define MATH_INT_T struct sp_int -#elif defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int -#else - struct mp_int; - #define MATH_INT_T struct mp_int -#endif #include #include @@ -49,6 +39,10 @@ #include #include +#ifdef HAVE_ECC +#include +#endif + static CRYPTO_Type *crypto_base = PSOC6_CRYPTO_BASE; /* Hook for device specific initialization */ @@ -192,7 +186,7 @@ static cy_en_crypto_ecc_curve_id_t psoc6_get_curve_id(int size) case 32: return CY_CRYPTO_ECC_ECP_SECP256R1; case 48: - return CY_CRYPTO_ECC_ECP_SECP384R1; + return CY_CRYPTO_ECC_ECP_SECP384R1; case 66: return CY_CRYPTO_ECC_ECP_SECP521R1; default: @@ -200,7 +194,6 @@ static cy_en_crypto_ecc_curve_id_t psoc6_get_curve_id(int size) } } -#include int psoc6_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, word32 hashlen, int* verif_res, ecc_key* key) { @@ -214,7 +207,7 @@ int psoc6_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, if (!key || !verif_res || !r || !s || !hash) return -BAD_FUNC_ARG; - + /* retrieve and check sizes */ szModulus = mp_unsigned_bin_size(key->pubkey.x); szkbin = mp_unsigned_bin_size(r); diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index c1963580f..b2ada5773 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -29,7 +29,7 @@ #ifdef WOLFSSL_SE050 -#include +#include /* for MATH_INT_T */ #include #include #include @@ -47,16 +47,6 @@ #include "ex_sss_boot.h" #endif -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - struct sp_int; - #define MATH_INT_T struct sp_int -#elif defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int -#else - struct mp_int; - #define MATH_INT_T struct mp_int -#endif #ifdef HAVE_ECC #include struct ecc_key; @@ -1979,7 +1969,7 @@ int wc_se050_ecc_insert_private_key(word32 keyId, const byte* eccDer, return se050_ecc_insert_key(keyId, eccDer, eccDerSize, ECC_PRIVATEKEY); } -int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, mp_int* r, mp_int* s, +int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, MATH_INT_T* r, MATH_INT_T* s, byte* out, word32 *outLen, struct ecc_key* key) { int ret = 0; @@ -2151,8 +2141,8 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, mp_int* r, mp_int* s, return ret; } -int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, mp_int* r, - mp_int* s, struct ecc_key* key, int* res) +int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, MATH_INT_T* r, + MATH_INT_T* s, struct ecc_key* key, int* res) { int ret = 0; sss_status_t status; diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 5d177d476..99afc1776 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -31,7 +31,7 @@ #include #include #include -#include +#include #include #ifdef NO_INLINE diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index 6f2ddab1d..bf2070f34 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -19,8 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* common functions between all math libraries */ -/* common functions for either math library */ +/* HAVE_WOLF_BIGINT: Used with asynchronous crypto hardware where "raw" math + * buffers are required. + * NO_BIG_INT: Disable support for all multi-precision math libraries + */ #ifdef HAVE_CONFIG_H #include @@ -28,14 +32,10 @@ /* in case user set USE_FAST_MATH there */ #include - -#include - +#include #include #include -#if defined(USE_FAST_MATH) || !defined(NO_BIG_INT) - #ifdef WOLFSSL_ASYNC_CRYPT #include #endif @@ -47,6 +47,7 @@ #include #endif +#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) #if !defined(WC_NO_CACHE_RESISTANT) && \ ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ @@ -72,7 +73,7 @@ /* reverse an array, used for radix code */ -void mp_reverse (unsigned char *s, int len) +void mp_reverse(unsigned char *s, int len) { int ix, iy; unsigned char t; @@ -140,7 +141,7 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) /* When mask 0, b is unchanged2 * When mask all set, b ^ b ^ a = a */ - /* Conditionaly copy all digits and then number of used diigits. + /* Conditionally copy all digits and then number of used digits. * get_digit() returns 0 when index greater than available digit. */ for (i = 0; i < a->used; i++) { @@ -158,7 +159,8 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) return err; } -#endif +#endif /* HAVE_ECC || WOLFSSL_MP_COND_COPY */ + #ifndef WC_NO_RNG int get_rand_digit(WC_RNG* rng, mp_digit* d) @@ -223,7 +225,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) return ret; } #endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE */ -#endif +#endif /* !WC_NO_RNG */ #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT) /* export an mp_int as unsigned char or hex string @@ -272,7 +274,6 @@ int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz, } #endif - #ifdef HAVE_WOLF_BIGINT void wc_bigint_init(WC_BIGINT* a) { @@ -422,4 +423,104 @@ int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst) } #endif /* HAVE_WOLF_BIGINT */ -#endif /* USE_FAST_MATH || !NO_BIG_INT */ +#endif /* !NO_BIG_INT || WOLFSSL_SP_MATH */ + +#ifdef HAVE_WC_INTROSPECTION +const char *wc_GetMathInfo(void) +{ + return + "\tMulti-Precision: " + #ifdef WOLFSSL_SP_MATH_ALL + "Wolf(SP)" + #ifdef WOLFSSL_SP_NO_DYN_STACK + " no-dyn-stack" + #endif + " word-size=" WC_STRINGIFY(SP_WORD_SIZE) + " bits=" WC_STRINGIFY(SP_INT_BITS) + " sp_int.c" + #elif defined(USE_FAST_MATH) + "Fast" + " max-bits=" WC_STRINGIFY(FP_MAX_BITS) + #ifndef TFM_TIMING_RESISTANT + " not-constant-time" + #endif + " tfm.c" + #elif defined(USE_INTEGER_HEAP_MATH) + "Heap" + " not-constant-time" + " integer.c" + #elif defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) + "Disabled" + #else + "Unknown" + #endif + + #if defined(WOLFSSL_HAVE_SP_ECC) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(WOLFSSL_HAVE_SP_RSA) + "\n\tSingle Precision:" + #ifdef WOLFSSL_HAVE_SP_ECC + " ecc" + #ifndef WOLFSSL_SP_NO_256 + " 256" + #endif + #ifdef WOLFSSL_SP_384 + " 384" + #endif + #ifdef WOLFSSL_SP_521 + " 521" + #endif + #endif + #if defined(WOLFSSL_HAVE_SP_RSA) && defined(WOLFSSL_HAVE_SP_DH) + " rsa/dh" + #elif defined(WOLFSSL_HAVE_SP_RSA) + " rsa" + #elif defined(WOLFSSL_HAVE_SP_DH) + " dh" + #endif + #ifndef WOLFSSL_SP_NO_2048 + " 2048" + #endif + #ifndef WOLFSSL_SP_NO_3072 + " 3072" + #endif + #ifdef WOLFSSL_SP_4096 + " 4096" + #endif + #ifdef WOLFSSL_SP_ASM + " asm" + #endif + + #if !defined(WOLFSSL_SP_ASM) + #if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 32 + " sp_c32.c" + #else + " sp_c64.c" + #endif + #elif defined(WOLFSSL_SP_ARM32_ASM) + " sp_arm32.c" + #elif defined(WOLFSSL_SP_ARM64_ASM) + " sp_arm64.c" + #elif defined(WOLFSSL_SP_ARM_THUMB_ASM) + " sp_armthumb.c" + #elif defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) + " sp_cortexm.c" + #elif defined(WOLFSSL_SP_X86_64_ASM) + " sp_x86_64.c" + #else + " sp_[arch].c" + #endif + #endif + + /* other SP math options */ + #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_ECC) || \ + defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA) + #ifdef WOLFSSL_SP_SMALL + " small" + #endif + #ifdef WOLFSSL_SP_NO_MALLOC + " no-malloc" + #endif + #endif + ; +} +#endif /* HAVE_WC_INTROSPECTION */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5f80924e1..82b4244d9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -227,11 +227,10 @@ #include #include #include -#if defined(WC_NO_RNG) - #include -#else +#if !defined(WC_NO_RNG) #include #endif +#include #include #include #include @@ -1738,6 +1737,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret)); } + #ifdef HAVE_WC_INTROSPECTION + printf("Math: %s\n", wc_GetMathInfo()); + #endif + #ifdef WC_RNG_SEED_CB wc_SetSeed_Cb(wc_GenerateSeed); #endif diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 4cad216e9..b8a373681 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -31,7 +31,7 @@ #define WOLFSSL_BN_H_ #include -#include +#include #ifdef __cplusplus extern "C" { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index c13a1d9a1..90391496c 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -43,7 +43,7 @@ that can be serialized and deserialized in a cross-platform way. #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ #endif -#include +#include /* fips declare of RsaPrivateKeyDecode @wc_fips */ #if defined(HAVE_FIPS) && !defined(NO_RSA) && \ diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 5e93ffdc1..0b48c5cf7 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -35,7 +35,7 @@ #include #endif /* HAVE_FIPS_VERSION >= 2 */ -#include +#include #include #ifdef WOLFSSL_KCAPI_DH diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index bb51e0d97..737dc094d 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -30,7 +30,7 @@ #ifndef NO_DSA -#include +#include #include /* for DSA reverse compatibility */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index c0271c9a2..72fb2c5b3 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -36,7 +36,7 @@ #include #endif /* HAVE_FIPS_VERSION >= 2 */ -#include +#include #include #ifdef HAVE_X963_KDF diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h index 5e46d8d56..8e0124cca 100644 --- a/wolfssl/wolfcrypt/eccsi.h +++ b/wolfssl/wolfcrypt/eccsi.h @@ -31,7 +31,7 @@ #ifdef WOLFCRYPT_HAVE_ECCSI -#include +#include #include #include #include diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 7a590e4c4..712b91256 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -29,15 +29,14 @@ #ifndef WOLF_CRYPT_INTEGER_H #define WOLF_CRYPT_INTEGER_H -/* may optionally use fast math instead, not yet supported on all platforms and - may not be faster on all -*/ -#include /* will set MP_xxBIT if not default */ -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - #include -#elif defined(USE_FAST_MATH) - #include -#else +/* may optionally use SP math all or fast math instead. The heap math requires + * realloc and is not timing resistant. The SP math all is recommended for new + * designs. + */ + +#include + +#ifdef USE_INTEGER_HEAP_MATH #include @@ -411,7 +410,6 @@ MP_API int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c); #endif -#endif /* USE_FAST_MATH */ +#endif /* USE_INTEGER_HEAP_MATH */ #endif /* WOLF_CRYPT_INTEGER_H */ - diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 56f16449c..346ca52fd 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -23,6 +23,7 @@ #define __ESP32_CRYPT_H__ #include "wolfssl/wolfcrypt/settings.h" +#include /* for MATH_INT_T */ #include "esp_idf_version.h" #include "esp_types.h" @@ -174,13 +175,6 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); #define ESP_RSA_TIMEOUT_CNT 0x249F00 #endif - /* operands can be up to 4096 bits long. - * here we store the bits in wolfSSL fp_int struct. - * see wolfCrypt tfm.h - */ - struct fp_int; - - /* * The parameter names in the Espressif implementation are arbitrary. * @@ -191,25 +185,25 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); /* Z = (X ^ Y) mod M : Espressif generic notation */ /* Y = (G ^ X) mod P : wolfSSL DH reference notation */ - int esp_mp_exptmod(struct fp_int* X, /* G */ - struct fp_int* Y, /* X */ - word32 Xbits, /* Ys typically = fp_count_bits (X) */ - struct fp_int* M, /* P */ - struct fp_int* Z); /* Y */ + int esp_mp_exptmod(MATH_INT_T* X, /* G */ + MATH_INT_T* Y, /* X */ + word32 Xbits, /* Ys typically = mp_count_bits (X) */ + MATH_INT_T* M, /* P */ + MATH_INT_T* Z); /* Y */ /* Z = X * Y */ - int esp_mp_mul(struct fp_int* X, - struct fp_int* Y, - struct fp_int* Z); + int esp_mp_mul(MATH_INT_T* X, + MATH_INT_T* Y, + MATH_INT_T* Z); /* Z = X * Y (mod M) */ - int esp_mp_mulmod(struct fp_int* X, - struct fp_int* Y, - struct fp_int* M, - struct fp_int* Z); + int esp_mp_mulmod(MATH_INT_T* X, + MATH_INT_T* Y, + MATH_INT_T* M, + MATH_INT_T* Z); -#endif /* NO_RSA || HAVE_ECC*/ +#endif /* !NO_RSA || HAVE_ECC*/ /* end c++ wrapper */ #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h index c1e8076e1..c7df1f34f 100644 --- a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h +++ b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h @@ -23,6 +23,7 @@ #define _PSOC6_CRYPTO_PORT_H_ #include +#include /* for MATH_INT_T */ #include "cy_crypto_core_sha.h" #include "cy_device_headers.h" #include "psoc6_02_config.h" @@ -42,7 +43,7 @@ #ifdef HAVE_ECC #include -int psoc6_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, +int psoc6_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, word32 hashlen, int* verif_res, ecc_key* key); #endif /* HAVE_ECC */ diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h index 1ff21e42f..c272a9697 100644 --- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -23,13 +23,7 @@ #define _KSDK_PORT_H_ #include -#ifdef USE_FAST_MATH - #include -#elif defined WOLFSSL_SP_MATH - #include -#else - #include -#endif +#include #include #include #include diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index 5694fddfb..ffda88fc9 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -24,6 +24,7 @@ #include #include +#include /* for MATH_INT_T */ #ifdef __GNUC__ #pragma GCC diagnostic push @@ -152,19 +153,6 @@ WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes); #endif struct WC_RNG; -#ifdef HAVE_ECC -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - struct sp_int; - #define MATH_INT_T struct sp_int - typedef struct sp_int mp_int; -#elif defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int - typedef struct fp_int mp_int; -#else - struct mp_int; - #define MATH_INT_T struct mp_int -#endif struct ecc_key; WOLFSSL_LOCAL int se050_ecc_use_key_id(struct ecc_key* key, word32 keyId); diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 182e6e284..1ac060dff 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -26,7 +26,7 @@ /* Supports CubeMX HAL or Standard Peripheral Library */ #include -#include +#include /* for MATH_INT_T */ #ifdef STM32_HASH @@ -50,7 +50,7 @@ #define HASH_DATATYPE_8B HASH_DataType_8b #endif #ifndef HASH_STR_NBW - #define HASH_STR_NBW HASH_STR_NBLW + #define HASH_STR_NBW HASH_STR_NBLW #endif #ifndef STM32_HASH_TIMEOUT @@ -95,7 +95,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ - defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \ + defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \ defined(WOLFSSL_STM32U5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM @@ -108,13 +108,13 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ defined(WOLFSSL_STM32U5) - #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) - #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ - #endif + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #endif #define CRYP AES - #ifndef CRYP_AES_GCM - #define CRYP_AES_GCM CRYP_AES_GCM_GMAC - #endif + #ifndef CRYP_AES_GCM + #define CRYP_AES_GCM CRYP_AES_GCM_GMAC + #endif #endif /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ @@ -146,16 +146,6 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - struct sp_int; - #define MATH_INT_T struct sp_int -#elif defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int -#else - struct mp_int; - #define MATH_INT_T struct mp_int -#endif struct ecc_key; struct WC_RNG; diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 1db563ed3..455ec0162 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -71,7 +71,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #define WOLFSSL_KEY_GEN #endif #else - #include + #include #include #endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */ #if defined(HAVE_FIPS) && \ diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h index 27c69a5d1..f6651279b 100644 --- a/wolfssl/wolfcrypt/sakke.h +++ b/wolfssl/wolfcrypt/sakke.h @@ -31,7 +31,7 @@ #ifdef WOLFCRYPT_HAVE_SAKKE -#include +#include #include #include #include diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8b8538b1f..cc219b227 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -350,7 +350,6 @@ #if defined(ESP32_USE_RSA_PRIMITIVE) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) #define WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI - #define USE_FAST_MATH #define WOLFSSL_SMALL_STACK #endif #endif @@ -449,7 +448,6 @@ #define NO_WRITEV #define NO_DEV_RANDOM #define NO_FILESYSTEM - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define NO_BIG_INT #endif @@ -554,7 +552,6 @@ #ifdef WOLFSSL_PICOTCP_DEMO #define WOLFSSL_STM32 - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define XMALLOC(s, h, type) PICO_ZALLOC((s)) #define XFREE(p, h, type) PICO_FREE((p)) @@ -621,7 +618,6 @@ #define HAVE_ECC #define ALT_ECC_SIZE - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT @@ -723,7 +719,6 @@ #define NO_MAIN_DRIVER #define NO_WRITEV #define SINGLE_THREADED - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define WOLFSSL_NRF51 #define WOLFSSL_USER_IO @@ -857,7 +852,6 @@ extern void uITRON4_free(void *p) ; #define NO_WOLFSSL_DIR #define NO_WRITEV - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define NO_MAIN_DRIVER #endif @@ -873,12 +867,10 @@ extern void uITRON4_free(void *p) ; #define NO_WRITEV #define NO_WOLFSSL_DIR - /* Use SP_MATH by default, unless + /* Enable SP math by default, unless fast math * specified in user_settings. */ #ifndef USE_FAST_MATH - #define USE_SP_MATH - #define SP_MATH_ALL #define WOLFSSL_HAVE_SP_ECC #define SP_WORD_SIZE 32 #define WOLFSSL_HAVE_SP_RSA @@ -954,7 +946,6 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_HAVE_MAX #define WOLFSSL_HAVE_MIN - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define WC_RSA_BLINDING #define ECC_TIMING_RESISTANT @@ -1154,9 +1145,6 @@ extern void uITRON4_free(void *p) ; #define NO_RC4 /* enable features */ - #undef USE_FAST_MATH - #define USE_FAST_MATH - #define USE_CERT_BUFFERS_2048 #define BENCH_EMBEDDED @@ -1500,7 +1488,6 @@ extern void uITRON4_free(void *p) ; #define NO_WRITEV #endif - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT #define WC_RSA_BLINDING @@ -1540,7 +1527,6 @@ extern void uITRON4_free(void *p) ; #include #include - #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT #define WC_RSA_BLINDING @@ -1893,7 +1879,6 @@ extern void uITRON4_free(void *p) ; #define NO_ASN_TIME /* can not use headers such as windows.h */ #define HAVE_AESGCM #define USE_CERT_BUFFERS_2048 - #define USE_FAST_MATH #endif /* WOLFSSL_SGX */ /* FreeScale MMCAU hardware crypto has 4 byte alignment. @@ -1988,6 +1973,13 @@ extern void uITRON4_free(void *p) ; #endif #endif #endif + +/* Verify that only one of the above multi-precision math libraries is enabled */ +#if (defined(WOLFSSL_SP_MATH_ALL) && \ + (defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH))) || \ + (defined(USE_FAST_MATH) && defined(USE_INTEGER_HEAP_MATH)) + #error Cannot enable more than one multiple precision math library! +#endif /*----------------------------------------------------------------------------*/ @@ -2050,7 +2042,8 @@ extern void uITRON4_free(void *p) ; #undef HAVE_ECC_KEY_IMPORT #define HAVE_ECC_KEY_IMPORT #endif - #ifndef NO_ECC_KEY_EXPORT + /* The ECC key export requires mp_int */ + #if !defined(NO_ECC_KEY_EXPORT) && !defined(NO_BIG_INT) #undef HAVE_ECC_KEY_EXPORT #define HAVE_ECC_KEY_EXPORT #endif @@ -2523,7 +2516,8 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ -#ifndef WC_NO_HARDEN +/* do not warn if big integer support is disabled */ +#if !defined(WC_NO_HARDEN) && !defined(NO_BIG_INT) #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index f9382eb6e..3d44dccf1 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -38,7 +38,7 @@ #include #endif -#include +#include #include #include diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 8b1d17163..f589e20ae 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -32,7 +32,7 @@ #include #include #include -#include +#include #ifdef __cplusplus extern "C" { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 3f5910444..8e18d8c63 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1468,6 +1468,19 @@ typedef struct w64wrapper { #endif + /* opaque math variable type */ + #if defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int + #elif defined(USE_INTEGER_HEAP_MATH) + struct mp_int; + #define MATH_INT_T struct mp_int + #else + struct sp_int; + #define MATH_INT_T struct sp_int + #endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index bf2c4a742..4ed88b81f 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -31,12 +31,27 @@ This library provides big integer math functions. extern "C" { #endif +#include + #ifdef WOLFSSL_PUBLIC_MP #define MP_API WOLFSSL_API #else #define MP_API WOLFSSL_LOCAL #endif + +#if defined(USE_FAST_MATH) + #include +#elif defined(USE_INTEGER_HEAP_MATH) + #include +#else + #include +#endif + +#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) + #include +#endif + #ifndef MIN #define MIN(x,y) ((x)<(y)?(x):(y)) #endif @@ -53,7 +68,7 @@ This library provides big integer math functions. extern const wc_ptr_t wc_off_on_addr[2]; #endif - +#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) /* common math functions */ MP_API int get_digit_count(const mp_int* a); MP_API mp_digit get_digit(const mp_int* a, int n); @@ -62,6 +77,7 @@ WOLFSSL_LOCAL void mp_reverse(unsigned char *s, int len); WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b); WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); +#endif #define WC_TYPE_HEX_STR 1 #define WC_TYPE_UNSIGNED_BIN 2 @@ -69,8 +85,10 @@ WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); #define WC_TYPE_BLACK_KEY 3 #endif +#if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT) WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz, int encType); +#endif #ifdef HAVE_WOLF_BIGINT #if !defined(WOLF_BIGINT_DEFINED) @@ -96,6 +114,10 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, #endif /* HAVE_WOLF_BIGINT */ +#ifdef HAVE_WC_INTROSPECTION + WOLFSSL_API const char *wc_GetMathInfo(void); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif